Updating a CasC bundle for a controller

6 minute readScalabilityAutomation

When a bundle update is available, an alert is displayed in the Manage Jenkins screen.

Bundle update
Figure 1. Bundle update alert

You can also check for updates on the CloudBees Configuration as Code export and update screen on the Bundle update tab.

To check for bundle updates:

  1. Ensure you are signed in as a user with the Overall/Manage permission.

    This option is available to users with the Overall/Manage permission and it lets users with the Administrator role delegate this task. For more information, refer to Delegating Administration.
  2. Navigate to the controller.

  3. Select Manage Jenkins in the left pane.

  4. Select CloudBees Configuration as Code export and update.

  5. Select the Bundle update tab. A blue bell appears next to the tab if an update is detected.

  6. Select Check for Updates.

    If a controller is configured with a bundle using the -Dcore.casc.config.bundle=/path/to/casc-bundle Java system property, a bundle update is detected only when the version attribute in the bundle.yaml file has been incremented. If the version attribute is not incremented, the bundle update is not detected and cannot be applied.
    Check for updates
    Figure 2. Check for updates
  7. If bundle updates are available, you can select See the differences with the current version to view the differences between the current bundle and the new bundle.

    Bundle update file differences
    Figure 3. Bundle update file differences
  8. Select Back to Bundle update to return to the Bundle update tab.

  9. Select one of the following options to apply the new bundle:

    • Safe Restart: Performs a restart and applies the new bundle. CloudBees recommends this option because you can determine an appropriate time to restart and apply the updated bundle.

    • Reload Configuration: Applies the new bundle without a restart. This only reloads the bundle sections with changes (with new, updated, or deleted files). If there are changes to the variables.yaml file, a full reload is performed.

      The Reload Configuration: option is called a "hot reload". For more information on when a hot reload is appropriate, refer to Using hot reload on a configuration bundle.

      New bundle version
      Figure 4. New bundle version
      You can optionally select Force Reload to reapply a bundle that is already installed. This option can be used to reset changes in the configurations managed by CasC. The new configuration is not going to be removed.

If you want to view the update log, refer to Viewing the controller update log.

Validating bundles prior to update

Before updating bundles and adding them to the operations center, you can validate any changes made to them. Bundle prevalidation ensures that changes can be successfully applied to prevent controller outages. Some of the validations include:

  • There are no syntax errors.

  • Effective bundles can be calculated correctly.

  • Effective bundles are valid against available controllers.

For more information on validating bundles refer to Troubleshooting CasC for the operations center or Troubleshooting CasC for controllers.

Validating bundles in your CLI

Run the following command to validate your bundle(s)

java -jar jenkins-cli.jar casc-pre-validate-bundle < bundle.zip <a>

<a> The bundle.zip contains the bundles you want to validate.

Validating bundles using HTTP endpoint

Make a POST request using JENKINS_URL/casc-bundle/pre-validate-bundle uploads the provided bundles to the operations center without making them available, then applies the CasC bundle inheritance, and then validates the provided bundles. The output is the validation report without having to invoke any other endpoint.

The expected input is a .zip file that contains the bundles to validate (there is no need to include all bundles in the inhertance chain if they are available in the operations center). The output is not the effective bundle in .zip format, but the validation report.

An example of the Post request:

curl -s -H 'Accept: application/json' -H 'Content-Type: application/zip;charset=utf-8' --user [USER] --data-binary @[PATH_TO_ZIP] -XPOST $JENKINS_URL/casc-bundle/pre-validate-bundle

A report is generated once the bundles are validated. The following is an example of validated bundle report.

{"validations": [ { "bundle": "bundle-2", <a> "result": { "valid": true, <b> "structureValidations": [], "controllerValidations": [ { "controller": "landon-controller", "controllerStatus": "ONLINE", "validations": [] }, { "controller": "ccontroller-2", "controllerStatus": "ONLINE", "validations": [] } ] } }, { "bundle": "bundle-1", "result": { "valid": false, "structureValidations": [ { "level": "ERROR", <c> "validationCode": "BUNDLE_CONTENT", "message": "[CONTVAL] - Missing Jenkins Configuration as Code file specified in the bundle.yaml file." <d> }], "controllerValidations": [] } } ]}

<a> "bundle": Bundle name

<b> "valid": 'true' indicates the bundle validation was a success. 'false' indicates the validation failed.

<c> "level": If the bundle validation fails, this field displays with an 'ERROR'.

<d> "message": Failed bundle validation error message.

Validating bundles with GitHub checks

Instead of using CLI or HTTP endpoints to validate bundles, you can also use GitHub Checks. When a pull request (PR) is generated against a specific bundle, prevalidation checks are run, and the results are displayed on the Checks tab of the PR.

The GitHub App authentication for your GitHub Organization must be enabled to use the Checks feature.
Bundle validation in the GitHub checks tab
Figure 5. Bundle validation in the GitHub checks tab

The Checks tab displays prevalidation details for each branch, including error messages.

Configuring the bundle update recurrence period

After the initial configuration on startup, a background process automatically checks for bundle updates every twenty minutes.

Optionally, you can customize this by setting the Java system property com.cloudbees.opscenter.client.casc.ConfigurationUpdaterTask.recurrencePeriod to the desired interval, in minutes.

For example, to check for updates every five minutes, use the following startup command:

java -Dcore.casc.config.bundle=$JENKINS_HOME/casc-bundle-link.yml \ -Dcom.cloudbees.opscenter.client.casc.ConfigurationUpdaterTask.recurrencePeriod=5 \ -jar jenkins.war
Bundle update
Figure 6. Bundle update

Using CasC gives you great power and flexibility, which introduces the possibility for errors that could impact your installation. Please review the information below to help guide you as you evolve your CasC bundle.

Risks when updating the bundle.yaml file

If a controller is configured with a bundle using the -Dcore.casc.config.bundle=/path/to/casc-bundle Java system property, a bundle update is detected only when the version attribute in the bundle.yaml file has been incremented. If the version attribute is not incremented, the bundle update is not detected, and cannot be applied.

Risks when updating the plugins.yaml file

You can install CloudBees Assurance Program (CAP) Tier 1 and Tier 2 plugins by adding the plugins to the plugins.yaml file.

You can also install non-CAP or Tier 3 plugins to the controller by adding the plugins to the plugins.yaml file and to the plugin-catalog.yaml file. For more information, refer to Risks when updating the plugin-catalog.yaml file.

CAP Tier 1 and Tier 2 plugins

To get the list of CloudBees Tier 1 and Tier 2 plugins:

  1. Navigate to CloudBees CI Plugins.

  2. To verify that your plugin is a CAP Tier 1 or Tier 2 plugin, you can either:

    • Search for a specific plugin and filter based on Verified or Proprietary (Tier 1) or Compatible (Tier 2).

    • Scroll to the bottom of the page and select All Tier 1 plugins to browse all Tier 1 plugins and then filter by Tier.

For more information on the CAP and how CloudBees classifies plugins, refer to CloudBees plugin support policies.

Uninstalling a plugin

There are no "delete/uninstall” operations when using CasC, and you cannot uninstall plugins by removing the plugins from the plugins.yaml file.

To uninstall a plugin:

  1. Uninstall the plugin in the UI.

  2. Before restarting, remove the plugin IDs from the plugins.yaml file. Otherwise, the plugins will be reinstalled.

Risks when updating the plugin-catalog.yaml file

You can install non-CAP or Tier 3 plugins to the controller by adding the plugin to the plugins.yaml file and to the plugin-catalog.yaml file.

The plugins in this file must be compatible with the set of CAP Tier 1 or Tier 2 plugins in the plugins.yaml file. A validation of the plugin-catalog.yaml file runs at startup. If this validation fails, the plugin in the plugin-catalog.yaml file is not installed and the controller continues with its normal startup, which may lead to other problems. For example, specific configurations in the jenkins.yaml cannot be applied.

For more information on plugin catalogs, refer to Installing non-CAP plugins with plugin catalogs.

Risks when updating the jenkins.yaml file

This file can be edited to change or add Jenkins configurations. There are a wide variety of possible combinations, depending on the plugins that are configured as code. This file is managed by the Jenkins LTS - Configuration as Code (JCasC) plugin. Therefore, all Jenkins LTS documentation, reported bugs, community blogs, Gitter chats, etc., apply to this file.

The bulk of the content in this file is defined by the various plugins you have installed with only a small portion of it defined by the Jenkins core itself. However, there are a few general items to consider when editing the file:

  • Removing a configuration from this file does not remove the configuration from an existing controller or operations center instance.

  • Adding configurations requires the underlying plugin that the configuration references to be installed. Jenkins startup will fail otherwise.

  • Backward compatibility depends on the specific plugins that are being configured. If a plugin changes its configuration in an incompatible way, then the controller or the operations center will fail to start until the jenkins.yaml file is adapted, or the section in the file that is related to the plugin is removed.

  • This file may contain data which is tied to a specific CloudBees instance, such as encoded secrets, the operations center connection details, and others, so a jenkins.yaml is, in general, suitable for a single CloudBees controller instance. This might lead to indecipherable secrets, controller to operations center connection failing, and many more things depending on the specific configuration.

Using hot reload on a configuration bundle

CasC allows you to reload a configuration file without restarting the instance. Since the CasC API plugin manages plugin updates and the plugin catalog, validating a hot reload is a more complex process. A bundle reload is not always possible.

If plugin upgrades are in the updated bundle, Jenkins must be restarted.

If a hot reload is possible, the following operations are automatically performed:

  • Update the plugin catalog.

  • Install any new plugins.

  • Call the API on configuration as code to reload the Jenkins configuration.

Configuration bundles that do not include plugin updates can be reloaded without an instance restart. This feature allows you to update Jenkins configurations, install new plugin catalogs, or install new plugins dynamically.