CloudBees CI on modern cloud platforms 2.164.1.2

Rolling release: 2019-03-19

Based on Jenkins LTS 2.164.1-cb-1

New features

None

Resolved issues

Certain users cannot view s3 artifacts

Users outside of the Overall/Administrator role were not able to view Amazon s3 UI artifacts. This update allows users outside the roll to view the artifacts.

Operations Center uses obsolete Docker image

Updated INSTALLATION.md to use latest version of Operations Center docker image cloudbees-cloud-core-oc.

Maven builds Failed when changing templates during backup

A bug has been fixed where backing up Maven projects during a template change can cause a build to be marked failed regardless of actual result.

API calls were blocked by the CSRF protection using OC SSO

Token-authenticated API calls were blocked by the CSRF protection when using Operations Center SSO. Crumb check is now skipped on API calls using an API token. Operations Center SSO will delegate to the underlying Jenkins API Token system to authenticate.

Bitbucket Cloud Endpoint Plugin IP whitelist was incomplete

Add supported IP addresses to Bitbucket Plugin whitelist.

Page timeout, Team Master inaccessible when adding role filter

Update the Role-Based Access Control nectar-rbac plugin to v5.26 or greater as this fixes the Team Master inaccessibility and page request timeouts.

Cluster Operations with Groovy steps fails at different versions

Cluster Operations with Groovy steps can fail with java.io.InvalidClassException errors when Operations Center & master are at different versions. Updating operations-center-clusterops to version 2.150.2.5 fixes this issue.

Some plugins need APIs not available in SCM API v2.2.8

scm-api has been updated to version 2.3.0 with additional APIs needed to fix this issue.

Known issues

Docker root issue with Kubernetes users of CloudBees Core

Kubernetes users who updated to CloudBees Core 2.150.3.2 may have encountered a bug where the Docker user was changed to root.

Users affected by this issue see the following error in the Operations Center UI:

An error occurred processing your request. Ask your Jenkins administrator to look up the details.
ErrorID=912ccd14-06af-41c0-ba6c-adcbb4dc2b34

Stack trace suppressed by the suppress stack trace plugin

To fix the problem:

On your local machine, create a file called patch-permissions.yaml with the following contents:

kind: StatefulSet
spec:
 template:
   spec:
       containers:
       - name: jenkins
         securityContext:
           runAsUser: 1000
       initContainers:
       - name: init-chown
         image: alpine
         env:
         - name: JENKINS_HOME
           value: /var/jenkins_home
         - name: MARKER
           value: .cplt2-5503
         - name: UID
           value: '1000'
         command:
         - sh
         - -c
         - if [ ! -f $JENKINS_HOME/$MARKER ]; then chown $UID:$UID -R $JENKINS_HOME; touch $JENKINS_HOME/$MARKER; chown $UID:$UID $JENKINS_HOME/$MARKER; fi
         volumeMounts:
         - mountPath: "/var/jenkins_home"
           name: "jenkins-home"

From your local machine, execute the following patch command on the Kubernetes cluster:

kubectl patch statefulset.apps/cjoc -p "$(cat patch-permissions.yaml)"

On each affected master, go into the Core UI and select Master > Configure > Advanced Configuration YAML, and add the same YAML code:

kind: StatefulSet
spec:
 template:
   spec:
       containers:
       - name: jenkins
         securityContext:
           runAsUser: 1000
       initContainers:
       - name: init-chown
         image: alpine
         env:
         - name: JENKINS_HOME
           value: /var/jenkins_home
         - name: MARKER
           value: .cplt2-5503
         - name: UID
           value: '1000'
         command:
         - sh
         - -c
         - if [ ! -f $JENKINS_HOME/$MARKER ]; then chown $UID:$UID -R $JENKINS_HOME; touch $JENKINS_HOME/$MARKER; chown $UID:$UID $JENKINS_HOME/$MARKER; fi
         volumeMounts:
         - mountPath: "/var/jenkins_home"
           name: "jenkins-home"

Restart the master.

Pipeline stages, parallels, and step incorrectly marked unstable

When there is a build with an unstable stage, parallel, or step, all the stages, parallels, and steps are incorrectly marked as unstable instead of just the unstable one that caused the Pipeline to be unstable. This is a known issue in the pipeline-graph-analysis plugin.

Upgrade notes

CloudBees Azure CLI plugin deprecated

The CloudBees Azure CLI plugin and its dependency the Azure Publisher Settings Credentials plugin have been deprecated due to a security vulnerability and should not be used.

This version of CloudBees Core will tell you that the CloudBees Azure CLI plugin has been disabled, but it will not uninstall it. If you are using the CloudBees Azure CLI plugin, please uninstall it and instead use the Azure CLI plugin https://plugins.jenkins.io/azure-cli/.

Revisions

Revision 3 (2020-04-14)

Plugin updates

Revision 2 (2019-03-25)

CloudBees Security Advisory 2019-03-25