CloudBees CI on modern cloud platforms 2.277.4.2

Rolling release: 2021-05-05

Based on Jenkins LTS 2.277.4-cb-2

New features

Configuration as Code (CasC) bundles can be assigned to more than one controller (BEE-2275)

In the Operations Center, CasC bundles can now be assigned to more than one controller. Additionally, the administrator can globally change or modify the default bundle behavior, allowing a single configuration bundle to be used by all controllers. Once a bundle has been verified with one controller, it can be used across one or multiple controllers. This eliminates the need to create a new bundle each time you set up a new controller thus reducing time, manual error, and overhead. Assigning a bundle to more than one controller is a Preview feature.

The Availability pattern replaces the Master Path field. When upgrading, the Master Path is automatically translated to an Availability pattern, and the appropriate bundle is assigned to the controller from the controller configuration screen.
A new Help menu is now available in CloudBees Software Delivery Automation (BEE-562)

The CloudBees Software Delivery Automation navigation bar has been updated to include a new Help menu that contains useful links for CloudBees documentation, release notes, onboarding, troubleshooting, support, and providing product feedback.

For more information, see Navigating the Operations Center interface.

Feature enhancements

Configuration bundles are assigned to a controller in the controller configuration screen (BEE-1253)

To allow a configuration bundle to be assigned to one or more controllers, the assignment of a bundle to a controller has been moved from the Configuration as Code bundles screen to the controller configuration screen in Operations Center.

A new Bundle dropdown field is available in the controller configuration screen. The list of bundles is filtered using the Availability pattern from the Configuration as Code bundles screen.

The Availability pattern replaces the Master Path field. When upgrading, the Master Path is automatically translated to an Availability pattern, and the appropriate bundle is assigned to the controller from the controller configuration screen.

Resolved issues

All permissions granted to users when RBAC configuration does not load (BEE-2742)

When the nectar-rbac plugin fails to read its configuration at startup, it uses the default authorization, granting administrative permissions to all authenticated users.

Jenkins startup now fails if the nectar-rbac plugin cannot read its configuration file. A user with access to the JENKINS_HOME file system must fix the nectar-rbac.xml configuration file, and restart CloudBees CI.

Using Helm to deploy CloudBees CI on modern cloud platforms on EKS with Kubernetes 1.19 or higher fails (BEE-3184)

When you attempt to deploy CloudBees CI on modern cloud platforms on EKS with Kubernetes 1.19 or higher using the Helm chart, the deployment fails with an error on an unknown field service name.

This issue occurred due to differing schema support for Ingress and redirection rules. The chart now generates the correct syntax based on APIVersion. This issue has been resolved.

Helm chart chooses wrong Ingress when the minor version number contains a + (BEE-2750)

When the Kubernetes MinorVersion value contained a +, the Helm chart chose the incorrect Ingress. This issue was occurred mainly in cloud environments (EKS/GKE/AKS) and Kubernetes forks.

This issue has been resolved. The Helm chart now views MinorVersion as a string and not an integer, so it is unaffected if the number contains a +.

When a controller is disconnected from the Operations Center, the offline security realm is broken (BEE-1204)

When a controller falls back to the offline security realm, some security realms such as LDAP fail. The configuration is incorrect due to a serialization issue.

The serialization issue has been fixed. The LDAP security realm can now be used even when the controller is disconnected from the Operations Center.

Mail validation fails when defining a shared configuration (BEE-2763)

When you define a shared configuration in Operations Center, and you add a mail configuration snippet, the validation fails. The validation method is broken due to a compatibility problem with the mailer plugin.

Compatibility issues with the mailer plugin have been fixed and mail validation now works as expected. This issue is resolved.

Broken URL to download pip for Python (BEE-1675)

The URL used to download pip for Python was broken, and a manual fix was required to install the AWS CLI.

The hardcoded URL used to download pip for Python was fixed. Additionally, a new option was added that allows you to override the default download link. You can now configure URLs to download pip for Python 2 or pip for Python 3.

AWS CLI doesn’t support Python 3 in every scenario (BEE-1984)

If only pip for Python 3 is installed on a system, the python-pip plugin is unable to install the AWS CLI.

The plugin now looks for pip and pip 3 executables. If it doesn’t find them, it installs the proper version according to the Python installation.

Missing permission check in update center (BEE-183)

A missing permission check allowed users with read permissions to reload custom update centers.

The permission check has been restored so that you must have configuration privileges on a custom update center to reload it.

Missing authentication call (BEE-2514)

An authentication call was not being activated when users logged in, causing audit implementations to miss it.

The call has been restored and this issue is resolved. Audit implementations are now properly receiving authentication events.

Missing health check declarations when using the ALB Ingress Controller on EKS (BEE-2600)

On EKS, the ALB Ingress Controller annotation to define the health check path was not defined, causing the target groups to be unhealthy.

The health check path for each target group is now correctly set. This issue is resolved.

Move/copy/promote log access (BEE-178)

Previously, users could access the move/copy/promote logs without the proper permissions.

This issue has been resolved. Now, only users with the privileges to trigger move/copy/promote operations can access the logs.

SNI support on ElasticSearch Reporter plugin (BEE-1630)

Before this change, HTTP communications were handled by an old version of async-http-client that didn’t support Server Name Indication (SNI).

The underlying http library has now been migrated to use okhttp, which does support SNI. This issue has been resolved.

Legacy terminology update (BEE-1606, BEE-1607, BEE-1608, BEE-1609, BEE-1612, BEE-1613, BEE-1623, BEE-1624, BEE-1625, BEE-1627, BEE-1628, BEE-2347, BEE-2393, BEE-2434)

CloudBees is updating terminology to remove offensive text. During this ongoing initiative, “controller” replaces “master,” “agent” replaces “slave,” “allowlist” replaces “whitelist,” and “denylist” replaces “blacklist.”

Known issues

OperationsCenter.Hostname is no longer optional (BEE-3186)

A known issue has changed the behavior of the OperationsCenter.HostName value. Until the issue is resolved, you must either configure a hostname or change the system properties when you install CloudBees CI on modern cloud platforms.

Refer to the links below for more information about how to configure the hostname or change the system properties: