CloudBees CI on modern cloud platforms 2.277.2.3

Rolling release: 2021-04-07

Based on Jenkins LTS 2.277.2-cb-3

Critical issues

Upgrading the CloudBees CasC API plugin

Issue

The CloudBees CasC API plugin has been promoted to the CloudBees Assurance Program (CAP). If you have previously modified the plugin-catalog.yaml file to include the CasC API plugin, when you upgrade, your controller(s) will not start properly and you may receive exceptions.

Workaround

You must edit the plugin-catalog.yaml file to remove the CasC plugin and version string: cloudbees-casc-api: {version: X.X}, where X.X represents the version of the CasC plugin. For more information, see Updating a plugin catalog on operations center.

Remove the jquery and jquery-detached plugins from your CloudBees CI instance

The jquery and jquery-detached plugins have been removed from all CloudBees Jenkins-based products and are no longer part of CloudBees Assurance Program. However, these plugins are not automatically uninstalled from your CloudBees CI instance as other plugins you use may still have dependencies on them. Please ensure that your CloudBees CI instance does not have any dependencies on these plugins, and then remove them. For instructions on how to check for dependencies in a particular plugin, refer to How to determine if a plugin is in use.

Security advisories

CloudBees Security Advisory 2021-04-07

Release highlights video

What’s New in CloudBees CI 2.277.2.3

Select to watch a video describing the highlights of this release

What’s New in CloudBees CI 2.277.2.3

New features

Deploy controllers using subdomains instead of context only paths for OpenShift (BEE-374)

Previously, subdomains were not supported for deploying the operations center or managed controllers on CloudBees CI on modern cloud platforms. This caused potential configuration issues for OpenShift deployments because you cannot register more than one URL using the same domain.

When deploying operations center or controllers on CloudBees CI on modern cloud platforms for OpenShift, it is now possible to use a subdomain rather than a context path. For more information, see How to install CloudBees CI on modern cloud platforms

Initial release of Creating folders with Configuration as Code (CasC)

Previously released as a Preview feature, Creating folders with CasC is now fully supported.

CasC allows users to create folders if the items.yaml file is included with the configuration bundle.

See Creating folders with (CasC)

Initial release of Configuring Role-Based Access Control (RBAC) with Configuration as Code (CasC)

Previously released as a Preview feature, Configuring RBAC with CasC is now fully supported.

RBAC can now be configured with CasC by adding an rbac.yaml file to the configuration bundle and adding an authorizationStrategy attribute to the jenkins.yaml file.

See Configuring RBAC with (CasC)

New CasC server plugin to provide CloudBees CI Configuration as Code Bundle management in the operations center (BEE-1256)

The Configuration as Code Bundle management functionality was previously included in the operations center server plugin. The code related to CloudBees CI configuration bundle management was extracted from the operations center server plugin and is now included in the new CasC server plugin. When installing or upgrading operations center, the CasC server plugin is installed by default and does not need to be manually installed.

See Configuration as Code (CasC) for Masters

Feature enhancements

Add CloudBees Configuration as Code as part of the support bundle (BEE-397)

When a new support bundle is generated, it is possible to add the CloudBees Configuration as Code bundle. If desired, the YAML files can also be anonymized.

Resolved issues

Threading issue causes exception when creating controller (BEE-213)

A threading issue occasionally caused an exception when you attempted to create a controller in the operations center.

The threading issue was identified and fixed. This issue is resolved.

Reporting error causes builds to fail (BEE-1284)

A random error in CloudBees SCM Reporting occasionally modified the Notifications#context field, causing builds to fail with a ConcurrentModificationException. When the error occurred, the failed build blocked the build queue.

A multithreading error was identified and corrected. This issue has been resolved.

Helm chart generates warning due to ingress api version (BEE-383)

A deprecated API version that was being used in the Helm chart was generating a warning.

The chart was updated to use the correct API version based on the version of Kubernetes.

operations center stops responding when communicating with a hibernated managed controller (BEE-459)

In some circumstances, the operations center dashboard stops responding while attempting to display information from a hibernated managed controller.

The operations center dashboard now renders immediately, whether or not controllers are connected.

Cloud labels not being added to Jenkins model on creation (BEE-739)

Labels from Kubernetes clouds were not being added when Jenkins started up. As a result, the labels were not listed as autocomplete options for freestyle jobs.

This issue has been resolved and the labels now appear.

Jenkins location panel displayed when skipping admin setup (BEE-1538)

When you installed CloudBees CI on modern cloud platforms on Kuberentes, if you specified a hostname and chose to use the initial admin user rather than creating a custom one, you were prompted to set the root URL.

The option to set the root URL is now consistently suppressed when you already have defined a location during the installation.

Configuration fields such as java options were not trimmed (BEE-2104)

When a newline character was present in Java options or another field that used a textarea, the character was not trimmed, potentially causing provisioning issues.

All fields that use textareas are now trimmed. This issue has been resolved.

Master Provisioning plugin causes too many NGINX reload events (BEE-2331)

Every time a controller was restarted, its backend was reloaded, which resulted in external agents being disconnected after a specified timeout.

Now, restarting a controller from the operations center does not interrupt the existing service or ingress, preventing unnecessary ingress controller configuration reloads. This issue has been resolved.

A plugin catalog cannot include more than 150 plugins (BEE-750)

The 150 limit has been removed from the plugin catalog, to allow an unlimited set of defined plugins.

CloudBees Unified Data Plugin used overly broad terminology (BEE-746)

The CloudBees Unified Data Plugin used overly broad terminology on the status page for CloudBees Analytics and on the management link to that page. The terminology has been improved to be more specific.

Disabled permissions did not cause the role creation to fail (BEE-726)

If the rbac.yaml file contains disabled permissions, the role creation process and instance startup now properly fail.

Disabled permissions that were already created in the instance are not removed or synced during the rbac.yaml file process.

Role-Based Access Control cannot be configured if controllers are managed by the operations center (BEE-632)

The controller quickly fails if Role-Based Access Control is managed by the operations center and the configuration bundle contains the rbac.yaml file. This is an incorrect configuration and should not be used.

Preparation for Jenkins 2.277-2 version (BEE-2702)

The endpoint to obtain the administrative monitors has changed. Now the CloudBees navigation is using the new URL.

"Configuration as Code for Masters" has been renamed to "Configuration as Code Bundles" (BEE-1232)

In the operations center Manage Jenkins page, the Configuration as Code for Masters button has been renamed to Configuration as Code Bundles.

In operations center, the Configuration as Code for Masters page has been renamed to Configuration as Code Bundles.

Remove the Ignore button from the Configuration as Code Bundles management page for controllers (BEE-235)

There is no reason to ignore a bundle update on the Configuration as Code Bundles management page, so the button has been removed from the UI.

Folder configuration should support the display name in the configuration bundle (BEE-224)

When using Configuration as Code with Folders, the displayName property of the folder is now exported and imported as expected.

A role cannot be filtered using Configuration as Code (BEE-223)

Roles can now be filtered on folders as part of the items.yaml file.

github-branch-source plugin authentication failure (BEE-754)

github-branch-source-plugin fails to authenticate with GitHub App ID due to sleep interrupted exception.

Removed incorrect rate limit check in GitHub App Installation Token retrieval.

New clients for each backup (BEE-453)

Previously, each backup job had a long-living S3 client that was reused for all backups until either Jenkins was restarted or the job was reconfigured. However, when you used an IAM role, the resulting session’s credentials were retained indefinitely without being refreshed.

With this change, a new S3 client is created for each backup and left for garbage collection once the backup thread is complete. Therefore, each backup gets new session credentials.

Backups that involve multiple steps fail (BEE-465)

When a restricted backup that can’t be run anonymously requires multiple steps, the job fails.

This issue has been resolved. Jobs no longer fail because they contain multiple backup or restore steps.

License expiration alert displays incorrectly (BEE-469)

The alert message that warns you a license is about to expire was displaying incorrectly, with some actionable buttons disappearing from the screen.

This issue has been resolved. The full alert message is now viewable.

Known issues

None.

Upgrade notes

Jenkins 2.277 upgrade notes

Revisions

Revision 2 (2021-04-08)
Disabled permissions and group permissions cannot be removed from roles (BEE-2976)

Disabled permissions and group permissions granted into roles were not removed when roles were created with Configuration as Code (CASC) for Role-Based Access Control. Now, existing permissions in roles are completely replaced by data in the rbac.yaml file.