CloudBees CI on modern cloud platforms 2.440.1.3

Rolling release: 2024-02-21

Based on Jenkins LTS 2.440.1

CloudBees CI release highlights

Watch video

What’s new in CloudBees CI 2.440.1.3

Watch video

New Features

Google Cloud Storage now available for Workspace Caching

CloudBees introduces Workspace Caching with Google Cloud Storage that allows pipelines caching artifacts on Google Storage and using them for upcoming builds.

This is due to two steps available for pipelines: readCache and writeCache. When these steps are used, the pipelines look for an available cache and use it if it is found. For new builds where caches do not exist, the pipelines will continue. For pull requests, the cache for the target branch is retrieved for the first build and used to create a cache dedicated for the pull request’s branch. Refer to CloudBees Workspace Cache Plugin for more information.

Controller Lifecycle Notifications

Controller Lifecycle Notifications allow an admin to configure a webhook and controllers to send notifications to an endpoint. These notifications contain status updates as a controller progresses through its lifecycle. These notifications support mutual TLS authentication and controller statuses such as connection, provisioning, starting, stopping, restarting, and errors. For the full list of statuses, refer to Controller Lifecycle Notifications Plugin.

Feature Enhancements

Support for Java 17

Support for Java 17 was added in this version. CloudBees recommends that you upgrade your instances to Java 17 as soon as possible for the best experience.

In the October 2024 release, support for Java 11 will be discontinued and you will be unable to run new versions of the product on Java 11. Releases that occurred during the support window for Java 11 will continue to run on Java 11.

For more information about how to migrate to Java 17, refer to Migrate to Java 17 on modern platforms or Migrate to Java 17 on traditional platforms.

CloudBees Pipeline Explorer advanced tree options

The Pipeline Explorer tree view now has options to show steps within stages. Users can show all the steps for a Pipeline or show only steps from a specific branch. The steps are distinguished by function name and you can search them from within the stage search box.

CloudBees Pipeline Explorer Feature Enhancements

The following enhancements have been made to the CloudBees Pipeline Explorer:

  • Configure a preferred build console provider

    Added a new "Console URL Provider" configuration option in Jenkins core, that now allows administrators and users to select a preferred build console provider. This provider replaces the classic console view when it follows any links to the build console from within Jenkins.

  • Jump to a specific line

    There are new controls that allow a user to jump to a specific line.

  • Related Builds supports autopolling

    Builds that are in progress in the Related Builds panel are updated with autopolling.

  • Add support for operations-center-context triggerRemoteJob step

    Added support for the operations-center-context triggerRemoteJob step.

    This enhancement is compatible High Availability (HA).

  • The name of the failing step included in the Unsuccessful Steps view

    The name of the failing step is now included in the Unsuccessful Steps view.

  • Improve performance of the CloudBees Pipeline Explorer by caching the FlowGraph

    Cache the flow graph computation in the CloudBees Pipeline Explorer to improve its performance.

Shared Agents and operations center credentials now use the HTTP transport by default

The remoting implementation of Shared Agents provisioning and operations center credentials has been replaced by the HTTP implementation. If you have any issues related to these features after this change, please contact CloudBees Support.

Display executors for all replicas

The executors widget now displays all computers and executors from any replica in a High Availability (HA) controller. When you browse from a computer that is connected to another replica, it is now transparently proxied to the owning replica.

Stricter Configuration as Code (CasC) Bundle API version validations

Previously, the required property apiVersion in bundle.yaml accepted any non-negative integer value. This has changed and the only allowed values for this property are now 1 and 2.

Configuration as Code (CasC) bundle validations can optionally be shown when running in "quiet mode"

The list of validations performed against a bundle is now shown in a "hidden" state when Quiet Mode is enabled for Configuration as Code (CasC) validation visualization mode.

RBAC files in Configuration as Code (CasC) bundles now support anchors

RBAC files in Configuration as Code (CasC) bundles did not support YAML anchors.

The anchors are now supported at any location in a rbac.yaml file. The anchor description element name must be prefixed by x-.

Resolved Issues

Form validation message on the managed controller manage page updated

As hibernation is now supported for a controller in High Availability (HA) mode, when the number of replicas is <1, the message on the Managed controller replicas field now says Replicas must be at least one.

Dynamic plugin installation is blocked on managed controllers with multiple replicas

A managed controller with multiple replicas force all new plugin installations to take effect only after a controller restart. That is normally done by accepting the option to trigger a rolling restart.

However, a managed controller with only one replica continues to allow dynamic plugin loading.

There is no change in behavior in the client controllers.

Inbound static agents might be passed to another HA controller replica inappropriately

Under certain conditions in a High Availability (HA) controller, a replica might be left waiting for an inbound static agent that was actually idle and connected to another replica. This issue has been resolved.

Honor preferred console URL for builds running on other HA replicas

When you run a High Availability (HA) controller, the builds that run on other replicas may be displayed in the history and executor widgets.

When you click the progress bar, it now navigates to a console variant, such as CloudBees Pipeline Explorer, according to the global and per-user configuration, whether the build is local or remote.

Allow CloudBees CI to read the bundle regardless of CasC Bundle Retriever failures

Regardless of a failure due to a non-existent bundle path, the previous CasC bundle is restored and available to CloudBees CI.

In the CloudBees Pipeline Explorer, the remote copy artifact fails if the file group ID exceeds the limit (> 2097151)

In the CloudBees Pipeline Explorer, when you copy the archived artifact from a local/remote job step, if the file group ID exceeds the limit (> 2097151), the step fails and is not copied.

You can now use group IDs that exceed the limits and successfully perform the copy.

Wrap the test names in the CloudBees Pipeline Explorer test insights drawer

In the CloudBees Pipeline Explorer, the test names in the test insights drawer are now wrapped.

Validate button does not work with non-default AppRole path for CloudBees HashiCorp Vault Plugin

The form used on connection tests did not pass on the AppRole path.

This issue is resolved. The form now passes the correct AppRole path.

Specific conditions leading to the deletion of running managed controllers led to partially deleted Kubernetes resources

Deletion of running managed controllers is forbidden. However, in some cases it was allowed and the Kubernetes resources for that controller were not properly deleted.

Managed controllers are now deprovisioned every time they are deleted.

Switching old icon for controller provisioning to a modern one to fix a too large icon in breadcrumbs

On top of using an old icon for controller provisioning, an issue made it appear bigger than expected in breadcrumbs.

The icon has been replaced by a modern symbol that is now displayed at the correct size everywhere.

Anchors validation should accept all kinds of objects

Previously, anchors validation only accepted object. Now, anchors validations accept all types of objects (string, number, object , boolean, or array).

Prevent deadlock when the websocket connection between a controller and the operations center is closed

There was a potential deadlock when the websocket connection between a controller and the operations center is closed.

This issue is resolved.

Known Issues

Failed parsing of data in the User Activity Monitoring plugin leads to incomplete data

Failed parsing of data from the User Activity Monitoring plugin will overwrite the user activity database. All user activity data that is logged up to that point in time is lost, in order to avoid this, refer to this knowledge base article Why is my user activity missing?.

HTTP Client used for Operations Center to Controllers connection leads to performance issues

Because of known issues in the Java HTTP Client, there could be performance issues in Operations Center to Controllers interactions in heavily loaded environments.

More details about this issue and workarounds are documented in Operations Center Client leaks HTTP Clients since version 2.401.1.3.

Saving shared cloud from GUI lost WebSocket checkbox

If a shared cloud (as opposed to a single agent) was defined in 2.426.x (or earlier) with an inbound launcher and a specific launch configuration, particularly the Use WebSocket checkbox (also tunnel and custom work dir settings), configuring and resaving that cloud in the GUI in 2.440.x will silently drop that configuration, potentially breaking a working setup.

As a workaround, avoid resaving such shared clouds using the GUI. Use Configuration as Code with YAML or REST or CLI with XML if some unrelated aspect of the cloud needs to be adjusted.

Reconfiguring static inbound WebSocket agent improperly added blank tunnel

After reconfiguring a static inbound agent in the GUI using fields, such as WebSocket, deprecated in 2.440.x, the suggested launch instructions incorrectly include -tunnel (with no argument) even if that field had been left blank.

As a workaround, do the following:

  • Manually remove -tunnel from the command line before using.

  • Reconfigure the agent using Configuration as Code YAML or REST or CLI XML to not include the tunnel field.

Inbound shared agents aligned with new Remoting CLI options

Certain options for the inbound agent launcher, particularly the checkbox for WebSocket, were removed from the configuration GUI in 2.440.x, in favor of passing the corresponding option such as -webSocket on the CLI. In the case of inbound shared agents or clouds, this did not suffice since the operations center was responsible for launching the cloned agent that connects to the controller. This makes it impossible to create new shared agents or clouds using WebSocket transport via GUI configuration.

As a workaround, configure fields, such as webSocket, in the agent/cloud launcher definition via Configuration as Code YAML or REST or CLI upload of XML; or copy a working agent/cloud item instead of creating one from scratch.

Pod Templates updates in the operations center are not automatically propagated to controllers

Recent changes to the Kubernetes Shared Cloud item UI enable management of Pod Templates through a different screen, though changes are not automatically synchronized in controllers. Instead go to the configuration of the Kubernetes Shared Cloud item and select Save.

Duplicate Pipeline Template Catalogs in the Configuration as Code for controllers jenkins.yaml file on each instance restart

If a Pipeline Template Catalog is configured in the Configuration as Code jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported Configuration as Code configuration.

NullPointerException when Validating Kubernetes Cluster Endpoint

When using credentials in the Kubernetes Cluster Endpoints configuration, the Validate functionality shows an Angry Jenkins in the UI and a null pointer exception in Jenkins logs.

Clouds do not disappear after the Folder configuration update by a user without Administer permissions

Clouds deselect after a user without Administer permissions edit the Folder configuration.

Pod templates page is read-only for NonConfigurableKubernetesCloud

The NonConfigurableKubernetesCloud setting on the pod template page appeared to be editable. However, it is read-only.

Operations center single sign-on broken on Java 17 when using an authenticated proxy

When running a connected controller on Java 17 with a proxy configured with username/password authentication, the operations center single sign-on fails due to a Java HTTP client limitation.

For more information, refer to CloudBees CI controller login issues with Java 17 and proxy setup.

Upgrade Notes

DevOptics Plugin Incompatibilities with Java 17

If you are actively using devoptics, you must:

  • Not upgrade the devoptics plugin to version 2.0

  • Not upgrade CloudBees CI Modern, to 2.440.1.3

  • Not update the JVM to Java 17 if you use CloudBees CI Traditional

If you are not actively using devoptics, but have it installed:

  • Upgrade to version 2.0 to remove the incompatibility before upgrading CloudBees CI Modern or the JVM for CloudBees CI Traditional or

  • Uninstall the plugin

Remoting Incompatibilities

This release introduces changes to how remote connections work. Although it is backwards-compatible in many ways, this change introduced forbids checks for parameters which, when using the -jnlpUrl to connect, would come from the agent configuration on the server.

Using -direct, -name, -tunnel, -url, or -webSocket in combination with -jnlpUrl results in the launch command failing.

Introduction of a concrete type for controller exposure

Prior to this update, the operations center would dynamically change the behavior of exposing a controller based on a runtime lookup to detect if the underlying Kubernetes infrastructure was OpenShift or not. However, this dynamic check could lead to the creation of an Ingress object for a controller rather than a Route.

After this update, the type needs to be set when configuring the Kubernetes endpoint. Existing configuration will migrate to auto detect but attempts will be made to replace it with the correct type.

Configuration as Code bundles now need to be updated to specify the concrete type of service exposure method and for Ingress types such as ingressClass and IngressAnnotations to be on the ContainerMasterProvisioningDescriptor.

View OpenShift CasC snippet: 
masterprovisioning:
  kubernetes:
    clusterEndpoints:
      - id: "myEndpoint"
        name: "openshift"

becomes:

masterprovisioning:
  kubernetes:
    clusterEndpoints:
    - id: "myEndpoint"
      name: "openshift"
      serviceExposure: "openShiftRoute"
View Generic Kubernetes CasC snippet: 
masterprovisioning:
  kubernetes:
    clusterEndpoints:
    - id: "myEndpoint"
      ingressAnnotations: |-
        key1: value1
        key2: value2
      ingressClass: "myingressclass"
      name: "kubernetes"

becomes:

masterprovisioning:
  kubernetes:
    clusterEndpoints:
    - id: "myEndpoint"
      name: "kubernetes"
      serviceExposure:
        ingress:
          ingressAnnotations: |-
            key1: value1
            key2: value2
          ingressClass: "myingressclass"
Removed global tag support for YAMLs in CloudBees CasC Server (cloudbees-casc-server) plugin

As part of the migration to SnakeYAML 2.0, global tags are no longer used in generated YAML files. However, older existing YAML files including tags will still be read.

Operations center CloudBees Assurance Program plugin changes since 2.426.3.3

The following plugins have been added to the Operations center CloudBees Assurance Program since 2.426.3.3:

  • Controller Lifecycle Notifications Plugin (operations-center-webhooks)

  • Gson API Plugin (gson-api)

  • Joda Time API Plugin (joda-time-api)

  • JSON Path API Plugin (json-path-api)

Controller CloudBees Assurance Program plugin changes since 2.426.3.3

The following plugins have been added to the Controller CloudBees Assurance Program since 2.426.3.3:

  • Gson API Plugin (gson-api)

  • Joda Time API Plugin (joda-time-api)

  • JSON Path API Plugin (json-path-api)

Jenkins 2.440 upgrade notes