Upgrading CloudBees CI on traditional platforms

8 minute read

Before upgrading

Before upgrading, take a snapshot of your CloudBees CI platform for the operations center and every controller:

  • Generate a support bundle. It will help if there are problems with the upgrade or to know what plugins were upgraded in the process.

  • Backup your instance before starting the upgrade. The minimal backup is a copy of your ${JENKINS_HOME} directory. If the BUILD_DIRECTORY is out of the ${JENKINS_HOME}, you must back it up as well.

    If something unexpected occurs, the rollback process is based on the backup of your instance.

  • Upgrade your plugins before starting the upgrade. Run tests after upgrading the plugins to ensure the upgrades are functioning as expected.

For client controllers that are connected to the operations center:

  • The operations center must be upgraded first, and then client controllers can be upgraded.

  • The client controller connected to the operations center does not have to be at the same version. The operations center version must always be more recent or as old as the version of the client controllers that are connected to the operations center (operations center >= client controller version).

Key principles to follow when upgrading

Change one thing at a time

Limit the changes you make to one area at a time. For example, do not plan to make infrastructure changes such as hardware upgrades, networking changes, or OS package upgrades when upgrading Jenkins. This helps to identify and isolate the root cause of any issues you encounter.

Backup strategies

CloudBees recommends the following backup strategies:

  1. Ensure you have regular backups of your JENKINS_HOME for the operations center and all controllers.

    CloudBees recommends using the CloudBees Backup Plugin plugin to automate this. controllers that have the CloudBees Backup Plugin 3.38 or later installed have support for the Restore job type.

    • To restore an operations center when using CloudBees CI on traditional platforms follow the steps for Restoring manually.

    • If you are using CloudBees CI on modern cloud platforms, follow the steps to Backup and restore on Kubernetes.

      The backups should be stored at an offsite location such as cloud storage or, at a minimum, on separate hardware from your CloudBees CI.

  2. Take another backup immediately before you start the upgrade.

  3. Test the backup to verify it is valid.

    The backup is used to recover from a failure if you encounter a severe issue during the production upgrade.

    After an upgrade of the Jenkins core version or plugins, you cannot directly downgrade the war file and plugins. The only way to roll back is to restore the Jenkins_HOME backup.

    To validate the integrity of the backup, it is essential to extract the backup to another filesystem and verify the checksums using:

    find $JENKINS_HOME -type f | sort | xargs md5sum >~/checksum.log.backup

    Run this for both the live and backup data, and compare the checksum.log.* between the two.

Test strategies

CloudBees recommends the following test strategies:

  1. Create a separate test environment that has a similar setup as your production environment with representative jobs.

    If you are creating a test environment and require a license, please send CloudBees the instance ID for your test instance, and CloudBees will send you a test instance license.
  2. Create jobs on your test controller that are representative of jobs on your production controller. This allows you to test the upgrade using the key plugins for your workflow and interactions with any external systems such as SCM tools, artifact repositories, bug trackers, and cloud automation.

    It is a best practice to create jobs that are a subset of representative jobs on the test cluster. These dedicated jobs represent your production jobs, but without working on real data. CloudBees recommends talking to your development groups to find jobs that cover the primary functionality, such as:

    • Test your end-to-end complex pipeline jobs.

    • Test jobs that utilize critical plugins.

    • Run jobs that are part of integrations.

    • Run jobs that are for specific technologies.

      To clone a production controller to a test controller, follow the steps from Migration Guide: CloudBees CI, specifically the section titled, Case B - Migrate Entire Jenkins Configuration, Including Jobs.
  3. Update the test configuration for some representative jobs so they do not collide with your production jobs. Then, run the test jobs to ensure they work correctly in the upgraded test instance. You will need to recreate credentials on your test instance.

This test environment can also be useful after the upgrade to test the installation of new plugins.

Recommendations

Set up a test environment

This is ideally a full test environment with the operations center and client controllers and requires a test license. If this is not feasible, using a test controller with representative jobs will work.

Enable the CloudBees Assurance Program (CAP)

Verify CAP is enabled to avoid plugin dependency issues or incorrect versions installed.

Upgrade to the latest version

CloudBees recommends that you always upgrade to the latest version of your CloudBees product, ensuring wider lifecycle support coverage, plus more security patches added via the CloudBees Security Advisory, resolved issues, and new features.

Upgrade the instance where it is running

CloudBees highly recommends that you:

  • Upgrade Jenkins to the same location where it is currently running, even for production environments.

  • Perform a backup of $JENKINS_HOME and the $BUILD_DIR, in case it is not in the default location. This should allow you to revert to the previous state.

CloudBees does not recommend that you keep two different instances running at the same time. This may be done to avoid downtime while performing the upgrade. However, unless you really know what you are doing, it is very difficult to replicate the exact same environment. For example:

  • The JNLP agent does not work correctly as the $JENKINS_URL because the location is different.

  • Credentials may fail if the secret is not the same for both instances.

  • The OS may not be configured in the same way. For example, ulimit.

  • The CloudBees CI configuration may not be correctly replicated.

Stop using Apache Maven builds

The Maven Integration plugin is not recommended because it is considered unreliable by the Jenkins Community.

CloudBees recommends that you migrate jobs using the Maven Integration plugin to Pipeline Jobs using the Pipeline Maven Integration plugin.

If you are able to migrate your jobs, please carefully read the Maven jobs and Java versions compatibility guide.

Upgrade process

Visit the downloads page. Select your desired distribution type and review the instructions below.

  • Java WAR file

  • Ubuntu/Debian

  • Red Hat / CentOS

  • OpenSuse

  • Microsoft Windows

  • Docker

Java WAR file

If your CloudBees CI instance is run with the command java -jar cloudbees-core-cm.war or java -jar cloudbees-core-oc.war, you can simply replace the jenkins.war file with the latest version.

Ubuntu/Debian

  • Operations center - apt-get update && apt-get install cloudbees-core-oc

  • Controller - apt-get update && apt-get install cloudbees-core-cm

Red Hat/CentOS

  • Operations center - yum upgrade cloudbees-core-oc

  • Controller - yum upgrade cloudbees-core-cm

RPM/YUM with High Availability: The RPM package contains a post-install script to ensure ownership on several files including Jenkins_HOME. If High Availability is configured, I/O errors can occur. For example, when upgrading one node while another node is still running. For more information, refer to JENKINS-23273.

To address this problem, you can skip this script by adding the property JENKINS_INSTALL_SKIP_CHOWN="true" under /etc/sysconfig/jenkins.

OpenSUSE/SUSE Linux

  • Operations center - zypper install cloudbees-core-oc

  • Controller - zypper install cloudbees-core-cm

Microsoft Windows

To upgrade on Microsoft Windows servers, a new .zip must be downloaded from the downloads page and installed.

Servlet container

Once a .war archive has been downloaded, follow the servlet container’s existing application deployment process.

When using servlet containers, CloudBees CI will set the JENKINS_HOME to the $APP_SERVER_USER/.jenkins/ folder. If the servlet container installation does not include write permissions to this folder for this user (sometimes done for security), you must either grant appropriate permissions or override this setting by adding the -DJENKINS_HOME=$MY_JENKINSPATH argument in your servlet container startup. Refer to the servlet container’s documentation for how to add startup arguments.

Tomcat

Use environment variable CATALINA_OPTS to add:

  • -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true.

  • -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true which is needed for the Blue Ocean plugin.

CloudBees recommends that you configure it in the script $CATALINA_BASE/bin/setenv.sh (Linux) or %CATALINA_BASE%\bin\setenv.bat (Microsoft Windows) that you’ll create to customize your application server.

Custom container installations

If you use a custom container, you will find the cloudbees-core-oc.war or cloudbees-core-cm.war file in the deploy directory of your container. For example, /usr/local/jboss/server/default/deploy/cloudbees-core-cm.war is the location for a default JBoss installation.

Upgrade steps

Before you upgrade

  1. Ensure you have enabled the CloudBees Assurance Program (CAP) to ensure you are upgrading to plugin versions tested by CAP. For more information, please refer to Upgrading plugins with Beekeeper Upgrade Assistant.

  2. Enable the CloudBees Quiet Start Plugin plugin to ensure that when the instance first comes online after the upgrade, builds will not start automatically before you get a chance to upgrade the plugins.

  3. Verify the test environment is functioning correctly after it is upgraded.

  4. Ensure you have taken a backup.

  5. Verify all running builds are complete.

  6. Java 8 is required for your Jenkins instance, the operations center, Jenkins controllers, and all agents starting with Jenkins LTS 2.60.1. For more information, refer to the upgrade guide.

  1. Upgrade the plugins on the operations center.

    1. Select Manage Jenkins Beekeeper Upgrade AssistantCAP Configuration.

    2. Verify that Enroll this instance in the CloudBees Assurance Program is selected.

    3. Verify that Allow automatic upgrades of plugins on restart is selected.

    4. Select Save.

    5. Navigate to Manage Jenkins Manage Plugins and under the Updates tab, select upgrade all plugins.

    6. Restart the operations center.

      If you are using the CAS plugin and upgrading to version 2.277.1.2 or later, do not upgrade it using the Plugin Manager. It must be upgraded at the same time as the instance. Once the service is stopped, you must download the CAS plugin and manually replace $JENKINS_HOME/plugins/cas-plugin.jpi.
  2. Upgrade the agent.jar file for inbound agents that do not use service wrapper’s auto-update. To update the file, make sure that you have completed step 5 in the recommended steps section. For CloudBees CI on traditional platforms, also follow the instructions in the Post-upgrade notes.

  3. For CloudBees CI on modern cloud platforms: Upgrade the Kubernetes resources and the operations center.

  4. For CloudBees CI on modern cloud platforms: Upgrade the managed controllers. For instructions, refer to Managing controllers. Please follow the same plugin upgrade steps you followed for the operations center. In addition:

    • Take a full backup of each controller before you upgrade.

    • Navigate to Manage Jenkins Prepare for Shutdown and wait for any running builds to complete before you upgrade a controller.

  5. Now that you are running the latest version of CloudBees CI, CloudBees recommends you enable actionable build notifications in GitHub, Bitbucket, and Slack. This generally takes a few minutes and provides enhanced notifications for your developers with no Pipeline changes required. For more information, refer to Enabling actionable build notifications in GitHub and Bitbucket and Setting up actionable build notifications in Slack.

  6. When updating your controllers, CloudBees recommends that you install the Health Advisor by CloudBees plugin, if not already installed. The CloudBees Jenkins Health Advisor automatically identifies issues that could impact the performance, stability, and security of your controller. It also identifies potential issues due to known issues on your controller. You are notified via email when a new problem is found and the email includes links to the solutions for the identified issues. For instructions, refer to Jenkins Health Advisor by CloudBees.

If you are using the High Availability (HA) feature, the general process for updating the HA operations center or any HA controller is:

  1. Stop both HA nodes.

  2. Upgrade both HA nodes.

  3. Start one of the HA nodes and wait for it to come fully online.

  4. Update the plugins according to CAP recommendations and restart.

  5. Start the other HA node.

Post-upgrade notes

If JNLP agents (specifically for Microsoft Windows) are not able to connect, review Windows agent offline or unable to connect.

Review articles in our Best Practices and apply changes accordingly.