Introduction
Introduction
IntroductionInstall CloudBees CD/RO within KubernetesConfigure Helm chartsKubernetes platform-specific configurationsKubernetes configuration optionsConfigure IP protocols for Helm chart componentsConfigure GitOps with Helm chartsVerify Helm chartsCreate custom Docker imagesVerify Docker images
IntroductionInstallation user requirementsInstallation typesDefault installation directoriesVerify installation binariesAgent security recommendations
IntroductionInstall a default configurationInstall a custom configurationRun an express agent GUI installationRun an express GUI installation (agent-only installer)Run an advanced GUI installation (agent-only installer)Install CloudBees Analytics
IntroductionRun an express server command-line installationRun an advanced command-line installationRun an express agent command-line installationExpress agent command-line installation (agent-only installer)Advanced command-line installation (agent-only installer)Install the CloudBees Analytics server with the interactive command-line installer
IntroductionRun a silent installationSilent installation argumentsLinux silent installation examplesWindows silent installation examplesCloudBees Analytics server unattended installation
IntroductionUNIX agent interactive command-line installationSilent installation method for UNIX or macOS agents
IntroductionPrerequisitesPermissions to install or upgrade remote agentsInstall remote agents using the web interfaceInstall via the API
CloudBees Tools installation
Move the artifact repository in LinuxMove the artifact repository in Windows
Connect CloudBees CD/RO to a Microsoft SQL server
Install the MySQL JDBC connector
IntroductionUninstall CloudBees CD/RO on Linux, Unix, or macOSUninstall on WindowUninstall the CloudBees Analytics server on LinuxUninstall the CloudBees Analytics server on Windows
IntroductionZones and gatewaysConfigure custom CAs and CRLs in non-clustered environmentsConfigure custom CAs and CRLs in clustered environmentsConfigure agent environment variablesLicensesCreate and manage usersEdit user settingsCreate and manage groupsPersonasConfigure an external databaseConfigure CloudBees CD/RO to use an alternate databaseInstall services for non-root/non-sudo Linux installationsConfigure autostart for non-root/non-sudo Linux installationsConfigure universal access to the plugins directoryConfigure an environment proxy serverSystem health monitoringIncrease file descriptors on Linux and Linux Docker containersAdjust swappiness on LinuxSet variables on Windows agent machinesServer propertiesServer settingsSource code synchronization
IntroductionConfigure initial events for Workload InsightsConfigure OpenSearch Dashboards to work with CloudBees Analytics
IntroductionArchitecture of a CloudBees CD/RO clusterResource, agent, and procedure considerationsSoftware for clusteringDependencies for clusteringConfigure clusteringSeparate agents from CloudBees CD/RO serversPrepare your cluster resourcesInstall and configure a load balancerInstall ZooKeeperConfigure a multi-ZooKeeper clusterInstall CloudBees CD/RO softwareConfigure repository serversConfigure machines to operate in clustered modeRun a cluster in single-server modeAdd the configuration to ZooKeeperUpload configuration files to ZooKeeperGet cluster information from ZooKeeperAdd a node to an existing clusterConfigure web server propertiesConfigure repository server propertiesConfigure CloudBees CD/RO agentsConfigure the cluster workspaceConfigure CloudBees CD/RO repositoriesAdd trusted agents to clustersVerify CloudBees CD/RO servicesAccess CloudBees CD/RO with clusteringHealth check for the CloudBees CD/RO clusterAdditional ways to improve a clusterInstall the CloudBees Analytics server in cluster modeUse self-signed certificates in CloudBees CD/RO on KubernetesConfigure Disaster Recovery and recover from a disaster
Sign in to CloudBees CD/ROAccess the Home pageMy work dashboardGuided tutorialsLearn about the object modelSearch and filter
IntroductionIntrinsic properties listed by object typeReserved words in CloudBees CD/ROObject types in CloudBees CD/ROSpecial characters in CloudBees CD/RO object namesContext-relative shortcuts to property pathsProperty error codesConfigure properties or property sheetsProperty BrowserProperty reference use case
IntroductionResource poolsCreate or edit resource pools
IntroductionView workspacesCreate or edit workspacesWorkspace file
IntroductionCreate a projectSchedules
IntroductionPipeline stages and gatesPipeline access controlPipeline tasksUse the CloudBees CD/RO API to define tasksDefine manual tasksEntry and exit gatesPipeline conditionsPipeline start and end stages and stage skippingWait dependenciesNative CI integrationPipeline UIAuthor and run pipelinesDefine stage gate rulesPipeline objects and conditionsPipeline stage summaryCredentials in pipelinesRun pipelinesView pipeline runsExample: Create a manual task in a pipelineExample: Plugin pipeline tasksExample: Integrate test automation in release pipelinesExample: Leverage test data management and service virtualization in release pipelines
IntroductionRelease planning, scheduling, and trackingRelease and environment reservations calendarVisibility and status of release pipelinesRelease definitionDeploy with Argo RolloutsRelease dashboardPlanned versus actual view for pipeline statusPath to production viewRelease summaryRun and end releases
Introduction
IntroductionManage procedure runsProcedure run detailsUsing CloudBees CD/RO in your environmentJob step executionPostprocessors: Collecting data for reports
IntroductionWorkflow listsCreate or edit workflow definitionsWorkflow definition detailsRun workflowWorkflow detailsWorkflow LogTransition workflow
Introduction
IntroductionCreate and manage applicationsApplication process run detailsCreate application processesAdd process stepsProcess branchingConfigure plugin process stepsDefine manual stepsExample: Manual step with runtime parametersAttach credentials to processesFull-stack dependency viewApplication deployment optionsConfiguration drift
IntroductionMaster component examplesMaster components list
Introduction
IntroductionStage artifactsCapture snapshotsApplication rollbackManage dependencies
IntroductionCreate environmentsDefine environment tier mapsInventory trackingEnvironment inventoryGlobal environment inventoryEnvironment reservationsLock environmentsModel dynamic environmentsAutomated environment discoveryCreate a deployment task to trigger third-party toolsGenerate a deployment packageExample: Dynamic environment with Amazon and ChefExample: Deploy and troubleshoot applicationsExample: Deploy applications with provisioned cloud resourcesExample: Implement deployment strategies
IntroductionArtifactsArtifact versionsRepositories
Create object tagsCreate object schedules
IntroductionConfigure webhook triggersConfigure polling triggers
IntroductionConfigure email notificationsSelect and edit email messages for application or microservice processes
Introduction
IntroductionInstall CloudBees CD/RO pluginsCreate plugin configurationsManage pluginsCreate pluginsManage the plugin catalog

AES-encoded passkey was accidentally overwritten

3 minute readTroubleshooting

Description

In case you accidentally overwrote the only copy of the AES-encoded passkey file with another passkey file, you may see the following error message in the server logs:

java.security.GeneralSecurityException: Couldn't decrypt password; the decryption key is likely invalid.

This usually means the server passkey file used to encrypt the password has changed and cannot be used to decrypt the password. If you full exported data from one machine and full imported it to another, then encrypted passwords cannot be accessed on the new machine unless you also copy the server passkey
file across at the same time.

at com.electriccloud.crypto.PasswordCrypterImpl.decrypt(PasswordCrypterImpl.java:234)
at com.electriccloud.security.SessionManagerImpl.decryptSecretId(SessionManagerImpl.java:525)
at com.electriccloud.security.SessionManagerImpl.deleteSessionEntity(SessionManagerImpl.java:1420)
at com.electriccloud.security.SessionManagerImpl.deleteSession(SessionManagerImpl.java:617)

Workaround

In case you accidentally overwrote the only copy of the passkey and do not have another instance of the file backed up elsewhere, either on another server or, for clustered configurations, in Zookeeper, the only option you have is to regenerate the passkey manually using the following steps. Following are recovery instructions for both Standalone configurations and Clustered configurations.

Standalone configurations

  1. Delete or rename the passkey file at <DATA_DIR>/conf/passkey.

  2. Change COMMANDER_DB_PASSWORD to plain text in <DATA_DIR>/conf/database.properties.

  3. Start the CloudBees CD/RO server and sign in to the UI. This generates a new passkey file and encrypts the COMMANDER_DB_PASSWORD in the <DATA_DIR>/conf folder using the new AES-256 passkey.

  4. Stop the CloudBees CD/RO server.

  5. Now, sign in to the CloudBees CD/RO UI and manually update the passwords that you saved:

    • Any credentials you created

    • Passwords for email configuration

    • DirectoryProvider passwords

    • Analytics configuration password

      You are not able to change the SessionID passwords used at runtime for job steps. So you need to rerun those jobs.

  6. As a best practice, back up the new working AES 256 passkey and database.properties.

Clustered configurations

  1. Identify the machine you need to work on and shut down the other machines in the CloudBees CD/RO cluster.

  2. Download database.properties, keystore, passkey, and commander.properties configuration files from ZooKeeper.

    cd <install-dir>/conf

<install-dir>/jre/bin/java \
            -DCOMMANDER_ZK_CONNECTION=<zooKeeper-server:port> \
            -jar <install-dir>/server/bin/zk-config-tool-jar-with-dependencies.jar \
            com.electriccloud.commander.zkconfig.ZKConfigTool \
            --readFile /commander/conf/database.properties database.properties

<install-dir>/jre/bin/java \
            -DCOMMANDER_ZK_CONNECTION=<zooKeeper-server:port> \
            -jar <install-dir>/server/bin/zk-config-tool-jar-with-dependencies.jar \
            com.electriccloud.commander.zkconfig.ZKConfigTool \
            --readFile /commander/conf/passkey passkey

<install-dir>/jre/bin/java \
            -DCOMMANDER_ZK_CONNECTION=<zooKeeper-server:port> \
            -jar <install-dir>/server/bin/zk-config-tool-jar-with-dependencies.jar \
            com.electriccloud.commander.zkconfig.ZKConfigTool \
            --readFile /commander/conf/keystore keystore

<install-dir>/jre/bin/java \
            -DCOMMANDER_ZK_CONNECTION=<zooKeeper-server:port> \
            -jar <install-dir>/server/bin/zk-config-tool-jar-with-dependencies.jar \
            com.electriccloud.commander.zkconfig.ZKConfigTool \
            --readFile /commander/conf/commander.properties commander.properties

  3. Switch CloudBees CD/RO from cluster mode to standalone mode.

    1. To the end of <DATA_DIR>/conf/wrapper.conf file add the following lines:

      wrapper.java.additional.261=-DCOMMANDER_IGNORE_SERVER_MISMATCH=1
wrapper.java.additional.262=-DCOMMANDER_IGNORE_PASSKEY_MISMATCH=1
      Ensure that the numbers 261 and 262 are unique within the file. If not, change the number to a unique value.

    2. Run the ecconfigure command to set it to single/standalone mode:

      ecconfigure --serverEnableClusteredMode=0 --skipServiceRestart

  4. Delete the current pass key in the <DATA_DIR>/conf/passkey file.

  5. Change COMMANDER_DB_PASSWORD to plain text in <DATA_DIR>/conf/database.properties.

  6. Start the CloudBees CD/RO server and sign in to the UI. This generates a new passkey file and encrypts the COMMANDER_DB_PASSWORD in the <DATA_DIR>/conf/database.properties file using the new AES-256 passkey.

  7. Stop the CloudBees CD/RO server.

  8. Push the new passkey and database.properties to Zookeeper.

    cd <install-dir>/conf
<install-dir>/jre/bin/java \
        -DCOMMANDER_ZK_CONNECTION=<zooKeeper-server1-ip> \
        -jar <install-dir>/server/bin/zk-config-tool-jar-with-dependencies.jar com.electriccloud.commander.zkconfig.ZKConfigTool \
        --databasePropertiesFile database.properties  \
        --passkeyFile passkey
    Use COMMANDER_ZK_CONNECTION from your <DATA_DIR>/conf/wrapper.conf file.

  9. Switch the CloudBees CD/RO environment back to cluster mode:

    ecconfigure --serverEnableClusteredMode=1 --skipServiceRestart

  10. Start the CloudBees CD/RO server.

  11. Download the new working AES-256 passkey and database.properties from Zookeeper and back them up for safe keeping.

    <install-dir>/jre/bin/java \
            -DCOMMANDER_ZK_CONNECTION=<zooKeeper-server1-ip> \
            -jar <install-dir>/server/bin/zk-config-tool-jar-with-dependencies.jar com.electriccloud.commander.zkconfig.ZKConfigTool \
            --readFile /commander/conf/database.properties mynew92_aes256_database.properties
<install-dir>/jre/bin/java \
            -DCOMMANDER_ZK_CONNECTION=<zooKeeper-server1-ip> -jar \
            /opt/cloudbees/sda/server/bin/zk-config-tool-jar-with-dependencies.jar com.electriccloud.commander.zkconfig.ZKConfigTool \
            --readFile /commander/conf/passkey mynew92_aes256_passkey

  12. Remove the lines you added previously to the end of the <DATA_DIR>/conf/wrapper.conf file:

    wrapper.java.additional.261=-DCOMMANDER_IGNORE_SERVER_MISMATCH=1
wrapper.java.additional.262=-DCOMMANDER_IGNORE_PASSKEY_MISMATCH=1

  13. Now, sign in to the CloudBees CD/RO UI and manually update the passwords that you saved:

    • Any credentials you created

    • Passwords for email configuration

    • DirectoryProvider passwords

    • Analytics configuration password

      You are not able to change the SessionID passwords used at runtime for job steps, so you need to rerun those jobs.

  14. Start up the other CloudBees CD/RO servers in the cluster.

CloudBees CD/RO self-signed server certificate fails security scan
CloudBees CD/RO CA or intermediate CA certificate expires