Fixes the security issues described in the advisory
This introduces some new operations to allow the modification of subsystem credentials. The two new operations are
Changes to insure that
lock-project does not check in
secrets for operations.
Resolves a problem where Castle won't start if port
31080 is taken by another application or service.
Access to Alpine linux repositories are no longer required for installation.
Resolved a problem where
cje check fails with some files are not rendered for docker-gc.
Resolved a problem where when palace dies agents are disconnected.
Resolved a problem of storage buckets getting recreated on every new
cje apply attempt.
Along with being able to specify an HTTP proxy, users can now also specify HTTPS proxies and proxy exclusions.
Resolve a problem where the
/usr/share/elasticsearch/snapshot directory is busy or already mounted during
The default volume size was increased from 2GB to 20GB.
If you enter an invalid Managed Master image location under the Manage Jenkins page on Operations Center, when deploying the new instance, the log window will only show that it's attempting to deploy and will not give any further feedback. Correct the image location to resolve this.
CJE allows you to enable using one-shot executors. These provide slightly faster provisioning of the executors. However, the current implementation of one-shot executors doesn't support pipeline resumption.
CJE doesn't support installing the Palace Cloud Plugin into masters that are not managed by CloudBees Jenkins Enterprise.
Managed Masters may appear to be not accessible when Operations Center is being upgraded. This issue occurs when the internal application router is being updated and is a temporary condition.
When deleting a Managed Master, the data associated with the master is retained in a backup snapshot used for recovery purposes. If you add a new master with the same name, it will recover the data from the snapshot and re-create it.
cluster-recover fails if its subnet is created in another availability zone.
When using the operation
cluster-recover, it is simpler to keep the cluster in the same AWS availability zone (AZ).
A CJE Admin can change the JNLP port on the Operations Center UI, however, this is not a best practice as this is set dynamically by CJE on startup.
CJE can fail to upgrade when a worker was incompletely set up.
Under some circumstances, a
cje prepare worker-add operation can fail. The typical case (on Amazon) is when the user's MFA code is incorrectly entered when prompted after the "apply" step. This results in a worker that is incompletely set up and the instance isn't started.
When this condition exists, an upgrade will fail.
To resolve this, use the
cje prepare worker-remove on the partially created workers, and then restart the upgrade process.
In some rare instances, the Jenkins master setup wizard doesn't appear when creating a new managed master.
In these cases, it is simplest to just delete the master, and re-create it.
Under some circumstances, an unexpected file prevents the operation cluster-destroy from completing on AWS.
When destroying a cluster, CJE can also delete the S3 buckets, but a file
docker.tar.gz may be present in the bucket which prevents CJE from finishing. To work around this issue, manually delete the file using the aws CLI and apply the cje operation again.
When running CJE (using the Anywhere template and running CentOS (only) for the VM OS) with an NFS mounted file system for
JENKINS_HOME, you must use the 3.0 version of the NFS protocol for the mount point.
[storage] mount_options = -o "vers=3.0,sec=sys"