CasC Plugin Management 2.0 provides you with a smoother experience to manage plugins using CasC.
CasC Plugin Management 2.0 requires the apiVersion:2
in the bundle.yaml
file.
However, CasC bundles with apiVersion:1
can still be used.
CasC Plugin Management 2.0 provides the following features:
-
Plugin dependencies management for CloudBees Assurance Program (CAP) and non-CAP plugins.
-
Alternative plugin download locations for non-CAP plugins.
-
CAP and non-CAP plugins in the
plugins.yaml
file. -
CasC plugins report with all the effectively installed plugins and their versions in a JSON format.
CasC does not support plugin removal. Therefore, when a plugin is no longer part of a CasC bundle, the plugin is not removed from the instance. |
The following table describes the differences between CasC Plugin Management 1.0 and CasC Plugin Management 2.0.
CasC 2.0 (apiVersion:2.0 ) |
CasC 1.0 (apiVersion:1.0 ) |
|
---|---|---|
CAP plugins |
Listed in the |
Listed in the |
Non-CAP plugins |
Non-CAP plugins can be defined in the |
Only for controller CasC bundles. Plugins to install are listed in the |
Dependencies |
Managed by CasC for CAP and non-CAP plugins. CasC installs all the mandatory dependencies for CAP and non-CAP plugins. |
Managed by CasC for CAP plugins (mandatory dependencies). If, in a controller, you plan to install a non-CAP plugin
using
the |
Download methods |
Plugins included in the
Plugins included in the
|
|
Plugin versions and updates |
New versions available for non-CAP plugins in the Versions in the |
The version for CAP plugins is tied to the CloudBees CI version, and the version for non-CAP plugins part of the
Versions in the |
Plugin download locations, credentials and repositories
As explained in the previous section, apiVersion:2
bundles allow you to download your plugins from different download locations included in the plugins.yaml
file.
-
From the Update Center.
-
From your CloudBees CI instance local filesystem.
-
From an URL using credentials in the
plugins.yaml
file. -
Using a Maven GAV coordinates from a Maven repository.
- id: "some-plugin-id" url: "file://path-to-the-plugin-file/plugin-file.hpi"
- id: "some-plugin-id" url: "http:/some-url/plugin-file.hpi" credentialsId: "some-credentials-id"
- id: "some-plugin-id" groupId: "some-maven-groupId" // Organization in charge of the artifact. I.e: org.jenkins/ci.plugins version: "1.0" // Or any other version repositoryId: "some-repo-id" // The repository must also be part of the plugins.yaml file
Plugins included in the |
Credentials and repositories
Credentials and repositories used Maven GAV coordinates in the plugins.yaml
file must also be included in the plugins.yaml
file.
Repositories
CloudBees CI Configuration as Code allows multiple layouts for the repositories used for the Maven GAV coordinates.
-
JFrog Artifactory
-
Nexus 2
-
Nexus 3
repositories: - id: "some-artifactory-repo-id-snapshots" layout: "artifactory" url: "https://some-artifactory-repo-ul/repository/snapshots" - id: "some-artifactory-repo-id-releases" layout: "artifactory" url: "https://some-artifactory-repo-ul/repository/releases" - id: "some-artifactory-repo-id-staging" layout: "artifactory" url: "https://some-artifactory-repo-ul/repository/staging" - id: "some-nexus2-repo-id" layout: "nexus2" url: "https://some-nexus2-url" credentialsId: "some-nexus2-credential" - id: "some" layout: "nexus3" url: "https://some-nexus3-url" credentialsId: "some-nexus3-credential"
CloudBees recommends using the Nexus 3 layout instead of the Nexus 2. Nexus 3 directly downloads the hpi plugin file, whereas Nexus 2 needs to check out all the contents from the repositories and search for the plugin file later. If a Nexus 2 server must be used, then the recommendation is to configure the direct download URL to prevent a performance issue during the start up of the instance. |
An update to Plugin Management 2.0 in the CI 2.452.2.3 release introduced a breaking change in how repositories are configured to improve performance and search indexing. You can configure repositories individually instead of using a single URL for all of them, thereby avoiding direct queries to the Maven API.
Use case example: The Nexus server has three repositories: snapshots
, releases
, and staging
, accessible via the base URL https://some-artifactory-repo-url
.
Prior to the breaking change, repositories were combined under one configuration:
repositories: - id: "some-artifactory-repo-id" layout: "artifactory" url: "https://some-artifactory-repo-url"
With the update to Plugin Management 2.0, each repository is explicitly defined:
repositories: - id: "some-artifactory-repo-id-snapshots" layout: "artifactory" url: "https://some-artifactory-repo-url/repository/snapshots" - id: "some-artifactory-repo-id-releases" layout: "artifactory" url: "https://some-artifactory-repo-url/repository/releases" - id: "some-artifactory-repo-id-staging" layout: "artifactory" url: "https://some-artifactory-repo-url/repository/staging"
Additionally, you can simplify configuration by creating a repository group that combines multiple repositories.
Use case example:
-
Create a group named
all
in your Nexus or Artifactory server. -
Use the group URL instead of individual repository URLs:
https://some-artifactory-repo-url/groups/all
Credentials
Credentials can be used to access URLs and repositories, as described in the example above.
Supported credentials types in the plugins.yaml
file are username and password, and access token.
Passwords and tokens can be defined as environment variables, system properties, and text files.
CloudBees recommends injecting the credential values using environment variables (or secrets passed as environment vars to the pods) instead of using the values as direct plain text. |
credentials: - id: "cred1" user: "user1" password: "${FROM_ENV_VAR}"(1) - id: "cred2" user: "user2" password: "${FROM_SYSTEM_PROPERTY}"(2) - id: token1 token: "${file:/home/jenkins/token.txt}"(3)
1 | FROM_ENV_VAR can be defined as an environment variable for the controller or the operations center. It can also be a Personal Access Token (PAT). |
2 | FROM_SYSTEM_PROPERTY can be defined as a system property of the controller or the operations center with -DFROM_SYSTEM_PROPERTY=value . |
3 | /home/jenkins/token.txt should be an existing file within the token or password. |
Examples and file formats
The plugins.yaml
file
apiVersion:1
CasC bundlesapiVersion:2
CasC bundlesplugins: # In CloudBees Assurance Program (CAP) - id: "bitbucket-branch-source" - id: "branch-api" - id: "cloudbees-casc-client" - id: "cloudbees-casc-items-api" - id: "cloudbees-casc-items-commons" - id: "cloudbees-casc-items-controller" - id: "cloudbees-template" - id: "cloudbees-workflow-template" - id: "configuration-as-code" - id: "git" - id: "github-branch-source" - id: "infradna-backup" - id: "support-core" - id: "workflow-multibranch" # Not in CAP (see plugin-catalog.yaml) - id: "manage-permission"
For apiVersion:1
CasC bundles, the file only contains plugins IDs. Those plugins
included in the plugin-catalog.yaml
and their dependencies, must be also part of the plugins.yaml
file.
Non-CAP plugins can only be part of the plugins.yaml for controller CasC bundles.
|
plugins: # CAP plugins - id: "configuration-as-code" - id: "cloudbees-casc-client" - id: "cloudbees-casc-items-commons" - id: "cloudbees-casc-items-controller" # Non-CAP plugin from the Plugin Catalog - id: "beer" url: "https://repo.jenkins-ci.org/artifactory/releases/org/jenkins-ci/plugins/beer/1.2/beer-1.2.hpi" # (URL ignored as this plugin is defined in the plugin-catalog.yaml) # Non-CAP plugin using the URL to download as file - id: "ansicolor" url: file:///some-path/ansicolor-1.0.1.hpi # Notice the file:// protocol needed to differentiate from the http(s) protocol - id: "chucknorris" # Non-CAP plugin using GAV coordinates - id: "extended-read-permission" groupId: "org.jvnet.hudson.plugins" version: "53.v6499940139e5" repositoryId: "myRepo" # Non-CAP plugin using the UC - id: "pipeline-graph-view" # For the update allowing the reload - id: "git" #Repositories repositories: - id: "myRepo" layout: "nexus3" url: url: "https://some-nexus3-url" credentialsId: "me" # Credentials credentials: - id: "me" user: "some-user" password: ${PASSWORD} # Read from Environment Variables - It can be the password or a PAT
The plugin-catalog.yaml
file.
The plugin-catalog.yaml
contains the plugin catalog definitions that should be created in the
controller.
apiVersion:1
CasC bundlesapiVersion:2
CasC bundlestype: "plugin-catalog" version: "1" (1) name: "my-plugin-catalog" displayName: "My Plugin Catalog" configurations: - description: "Extensions to CAP" includePlugins: manage-permission: (2) version: 1.0.1 (3) my-custom-plugin: url: http://www.example.org/jenkins-plugins/my-custom-plugin-1.2.3.hpi (4) beekeeperExceptions: (5) support-core: version: "2.70"
1 | version (required) - must currently have the value 1, which defines the current metadata format
for the plugin catalog. |
2 | Add the manage-permission plugin to enable Overall/Manage permission. |
3 | Install version 1.0.1 . As this example is an apiVersion:1 CasC bundle, the plugin ID must be
part of the plugins.yaml file. |
4 | Plugin direct download URL. |
5 | Beekeeper plugin exception to install a different version for a plugin under CAP. |
type: plugin-catalog version: '1' (1) name: casc-catalog displayName: casc Catalog configurations: - description: casc includePlugins: beer: (2) version: "1.0" (3) beekeeperExceptions: (4) support-core: version: "2.70"
1 | version (required) - must currently have the value 1, which defines the current metadata format
for the plugin catalog. |
2 | Add the beer plugin. |
3 | This plugin was previously defined as a part of the plugins.yaml file using and URL and version 1.2 .
Version 1.0 , which is defined in this plugin catalog, prevails. |
4 | Beekeeper plugin exception to install a different version for a plugin under CAP. |
The |
Bundle inheritance and CasC plugin management
By default parent and child CasC bundles must have the same value for the |
Plugin management with CasC allows you to create CasC bundles with differente values for the apiVersion
property
in the bundle.yaml
file. A different apiVersion
implies a different structure for the files. This difference
can impact bundle inheritance when ancestors and descendants use different apiVersion
values.
Regarding the apiVersion
values and bundle inheritance:
-
Bundle inheritance is only allowed if the descendants’s
apiVersion
is equal or higher than the ancestor’s. -
If parent(ancestor) and child(descendant) bundles have the same
apiVersion
, the expected behavior is the default behavior for the usedapiVersion
. -
When ancestors and descendant are merged to create and effective bundle, the effective bundle has the same
apiVersion
as the latest child in the hierarchy.
As expressed here, when the effective
bundle is calculated, the child and parent bundles are merged following some strategies. As child and parent can
now have different values for the apiVersion
property, additional aspects must be considered when the merge is
performed.
-
If the child bundle has
apiVersion:1
, the effective bundle also hasapiVersion:1
, and theplugins.yaml
file contains a list of non-duplicated plugin IDs. -
Merge strategy for the
plugin-catalog
file remains as described here. If present on both bundles, only theplugin-catalog
file in the child bundle is processed. -
If the child bundle has
apiVersion:2
, the effective bundle also hasapiVersion:2
. If a plugin is present on both bundles, the download method defined at the child bundle prevails.
Instance hot reload with CasC plugin management
When your CloudBees CI instance has been configured using a CasC bundle, and a new version for that bundle is available, you can update your instance utilizing this bundle new version.
Under some circumstances, you can perform what is called a Hot Reload by selecting the Reload Configuration button, if present, on the Bundle update tab of the CloudBees Configuration as Code export and update screen.
When you select that button, a Hot Reload is performed, and CloudBees CI applies the new configuration described in the CasC bundle update without restarting the instance.
It doesn’t matter if you use apiVersion:1
or apiVersion:2
bundles, a Hot Reload is only possible if
none of the plugins installed gets a new version with the new CasC update process.
For apiVersion:1
bundles, new versions for non-CAP plugins may appear only in the plugin.catalog.yaml
file,
where you pin the desired version for the plugin.
For apiVersion:2
bundles, new versions for non-CAP plugins may also appear in the plugins.yaml
file
by means of changes in the different download locations or even changes in the version provided by the
Update Center.
Versions for CAP plugins are tied to the CloudBees CI instance version and can only change when there is a CloudBees CI upgrade that, in any case, requires a restart.
CasC plugin report
When you configure your CloudBees CI instance using CasC, a CasC plugin report with all the effectively
installed plugins is created in the plugin-installation-report.json
file within you
$JENKINS_HOME
folder.
This report has a JSON format and contains:
-
The
apiVersion
used for the bundle in thebundle-api-version
property. -
A list with ids and the versions for the bootstrap plugins.
-
A
requested
list containing an entry for the rest of the installed plugins with:-
The plugin id.
-
The plugin version.
-
If the plugin is CAP or non-CAP.
-
The dependencies for the plugin.
-
The reason why the plugin has been installed: As a part of the bundle, as a dependency, or installed outside CAP.
plugin-installation-report.json
example{ "bundle-api-version" : "2", "bootstrap" : { "apache-httpcomponents-client-4-api" : "4.5.14-208.v438351942757", "asm-api" : "9.6-3.v2e1fa_b_338cd7", "bouncycastle-api" : "2.30.1.77-225.v26ea_c9455fd9", "caffeine-api" : "3.1.8-133.v17b_1ff2e0599", "cloudbees-administrative-monitors" : "1.0.13", "cloudbees-analytics" : "1.59", "cloudbees-assurance" : "2.276.0.35", "cloudbees-folder" : "6.879.990.cb-v8176690e44b_9", "cloudbees-folders-plus" : "3.31", "cloudbees-license" : "9.80", "cloudbees-platform-common" : "1.27", "cloudbees-platform-data" : "1.39", "cloudbees-plugin-usage" : "2.20", "cloudbees-uc-data-api" : "4.59", "cloudbees-unified-ui" : "1.31", "command-launcher" : "107.v773860566e2e", "commons-lang3-api" : "3.13.0-62.v7d18e55f51e2", "commons-text-api" : "1.11.0-95.v22a_d30ee5d36", "credentials" : "1337.v60b_d7b_c7b_c9f", "display-url-api" : "2.200.vb_9327d658781", "handy-uri-templates-2-api" : "2.1.8-30.v7e777411b_148", "instance-identity" : "185.v303dc7c645f9", "ionicons-api" : "56.v1b_1c8c49374e", "jackson2-api" : "2.17.0-379.v02de8ec9f64c", "jakarta-activation-api" : "2.1.3-1", "jakarta-mail-api" : "2.1.3-1", "javax-activation-api" : "1.2.0-6", "javax-mail-api" : "1.6.2-9", "jaxb" : "2.3.9-1", "jdk-tool" : "73.vddf737284550", "jjwt-api" : "0.11.5-77.v646c772fddb_0", "joda-time-api" : "2.12.7-29.v5a_b_e3a_82269a_", "jquery3-api" : "3.7.1-2", "json-api" : "20240303-41.v94e11e6de726", "json-path-api" : "2.9.0-58.v62e3e85b_a_655", "mailer" : "472.vf7c289a_4b_420", "mapdb-api" : "1.0.9-28.vf251ce40855d", "metrics" : "4.2.21-449.v6960d7c54c69", "nectar-license" : "8.43", "nectar-rbac" : "5.91", "okhttp-api" : "4.11.0-172.vda_da_1feeb_c6e", "operations-center-agent" : "3.26942", "operations-center-client" : "3.26942", "operations-center-context" : "3.26942", "scm-api" : "689.v237b_6d3a_ef7f", "script-security" : "1326.vdb_c154de8669", "snakeyaml-api" : "2.2-111.vc6598e30cc65", "structs" : "337.v1b_04ea_4df7c8", "support-core" : "1421.v1a_899a_c02a_54", "token-macro" : "400.v35420b_922dcb_", "user-activity-monitoring" : "1.18", "variant" : "60.v7290fc0eb_b_cd", "workflow-api" : "1291.v51fd2a_625da_7", "workflow-step-api" : "657.v03b_e8115821b_", "workflow-support" : "881.v7663695646cf" }, "requested" : { "ansicolor" : { "id" : "ansicolor", "version" : "1.0.1-rc422.90f4bfb7b5a7", "cap" : false, "dependencies" : { "workflow-api" : "2.42", "workflow-step-api" : "2.23" }, "reason" : "bundle" }, "ant" : { "id" : "ant", "version" : "497.v94e7d9fffa_b_9", "cap" : true, "dependencies" : { "structs" : "324.va_f5d6774f3a_d" }, "reason" : "dependency or installed outside CasC" } // ... } }
-