Beginning with Jenkins 2.357 (released on June 28, 2022) and the forthcoming September LTS release, Jenkins requires Java 11. Additionally, beginning with Jenkins 2.355 (released on June 14, 2022) and Jenkins 2.346.1 LTS (released on June 22, 2022), Jenkins supports Java 17. Plugins have already been prepared in JENKINS-68446. Use the Plugin Manager to upgrade all plugins before and after upgrading to Jenkins 2.357.
Omitting -XX:+UnlockDiagnosticVMOptions or -XX:+UnlockExperimentalVMOptions might cause your instance to fail to startup.
To increase GC logs to a longer period of time, we suggest
increasing the value of the arguments -Xlog option filecount=2 and/or filesize=100M
and as ultimate option use file=${LOGDIR}/gc-%t.log instead of file=${LOGDIR}/gc.log.
With the parameter %t, the JVM create a new set of GC files each time that the instance is restarted. It is well known that when the GC log folder gets big enough in terms of size, the support bundle might produce performance issues in the instance given that it needs to compress all of them.
-XX:+AlwaysPreTouch-XX:+HeapDumpOnOutOfMemoryError-XX:HeapDumpPath=${LOGDIR}-XX:+UseG1GC-XX:+UseStringDeduplication-XX:+ParallelRefProcEnabled-XX:+DisableExplicitGC-XX:+UnlockDiagnosticVMOptions-XX:+UnlockExperimentalVMOptions-Xlog:gc*=info,gc+heap=debug,gc+ref*=debug,gc+ergo*=trace,gc+age*=trace:file=${LOGDIR}/gc.log:utctime,pid,level,tags:filecount=2,filesize=100M
-XX:ErrorFile=${LOGDIR}/hs_err_%p.log-XX:+LogVMOutput-XX:LogFile=${LOGDIR}/jvm.log# Heap setting for CloudBees CI on modern cloud platforms:# -XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=50.0# Heap setting for CloudBees CI on traditional platforms:# Heap Size `-Xmx` and `-Xms` should be set to the same value, and determined by following the above section "JVM Heap Size"
java 8
[!NOTE]
To increase GC logs to a longer period of time, we suggest
increasing the value of the arguments -XX:GCLogFileSize and -XX:NumberOfGCLogFiles
and as ultimate option use -Xloggc:${LOGDIR}/gc-%t.log instead of -Xloggc:${LOGDIR}/gc.log.
With the parameter %t, the JVM create a new set of GC files each time that the instance is restarted. It is well known that when the GC log folder gets big enough in terms of size, the support bundle might produce performance issues in the instance given that it needs to compress all of them.
$dockerrun--rmopenjdk:8-jrejava-XX:MaxRAMPercentage=75-help2>&1|headImproperlyspecifiedVMoption'MaxRAMPercentage=75'Error:CouldnotcreatetheJavaVirtualMachine.Error:Afatalexceptionhasoccurred.Programwillexit.$dockerrun--rmopenjdk:8-jrejava-XX:MaxRAMPercentage=75.0-help2>&1|headUsage:java [-options] class [args...] (toexecuteaclass)orjava [-options] -jar jarfile [args...] (toexecuteajarfile)whereoptionsinclude:-d32usea32-bitdatamodelifavailable-d64usea64-bitdatamodelifavailable-servertoselectthe"server"VMThedefaultVMisserver,becauseyouarerunningonaserver-classmachine.
-XX:+AlwaysPreTouch-XX:+HeapDumpOnOutOfMemoryError-XX:HeapDumpPath=${LOGDIR}-XX:+UseG1GC-XX:+UseStringDeduplication-XX:+ParallelRefProcEnabled-XX:+DisableExplicitGC-XX:+UnlockDiagnosticVMOptions-XX:+UnlockExperimentalVMOptions-verbose:gc-Xloggc:${LOGDIR}/gc.log-XX:NumberOfGCLogFiles=2-XX:+UseGCLogFileRotation-XX:GCLogFileSize=100m-XX:+PrintGC-XX:+PrintGCDateStamps-XX:+PrintGCDetails-XX:+PrintHeapAtGC-XX:+PrintGCCause-XX:+PrintTenuringDistribution-XX:+PrintReferenceGC-XX:+PrintAdaptiveSizePolicy-XX:ErrorFile=${LOGDIR}/hs_err_%p.log-XX:+LogVMOutput-XX:LogFile=${LOGDIR}/jvm.log# Heap setting for CloudBees CI on modern cloud platforms:# -XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=50.0# Heap setting for CloudBees CI on traditional platforms:# Heap Size `-Xmx` and `-Xms` should be set to the same value, and determined by following the above section "JVM Heap Size"
$java-jaragent.jar-help-agentLogFILE:Localagenterrorlogdestination (overridesworkDir)-authuser:pass: (deprecated) unused; use-credentialsor-proxyCredentials-certVAL:SpecifyadditionalX.509encodedPEMcertificatestotrustwhenconnectingtoJenkinsrootURLs.Ifstartingwith@thentheremainderisassumedtobethenameofthecertificatefiletoread.-connectToHOST:PORT: (deprecated) make a TCP connection tothegivenhostandport,thenstartcommunication.-credentials (-jnlpCredentials) : HTTP BASIC AUTH header to pass in forUSER:PASSWORDmakingHTTPrequests.-direct (-directConnection) HOST:PORT : Connect directly to this TCP agentport,skippingtheHTTP(S) connectionparameterdownload.Forexample,"myjenkins:50000".-failIfWorkDirIsMissing:FailstheinitializationiftherequestedworkDirorinternalDiraremissing ('false'bydefault) (default:false)-headless: (deprecated; nowalwaysheadless)-help:Showthishelpmessage (default: true)-instanceIdentityVAL:Thebase64encodedInstanceIdentitybytearrayoftheJenkinscontroller.Whenthisisset,theagentskipsconnectingtoanHTTP(S) portforconnectioninfo.-internalDirVAL:Specifiesanameoftheinternalfileswithinaworkingdirectory ('remoting'bydefault) (default:remoting)-jar-cacheDIR:Cachedirectorythatstoresjarfilessentfromthecontroller-jnlpUrlURL:insteadoftalkingtothecontrollerviastdin/stdout,emulateaJNLPclientbymakingaTCPconnectiontothecontroller.ConnectionparametersareobtainedbyparsingtheJNLPfile.-loggingConfigFILE:Pathtothepropertyfilewithjava.util.loggingsettings-nameVAL:Nameoftheagent.-noCertificateCheck (-disableHttpsCert :IgnoreSSLvalidationerrors-useasValidation) a last resort only. (default:false)-noKeepAlive:DisableTCPsocketkeepaliveonconnectiontothecontroller. (default:false)-noReconnect (-noreconnect) : Doesn't try to reconnect when a communication fail, and exit instead (default: false) -ping : (deprecated; now always pings) -protocols VAL : Specify the remoting protocols to attempt when instanceIdentity is provided. -proxyCredentials USER:PASSWORD : HTTP BASIC AUTH header to pass in for making HTTP authenticated proxy requests. -secret HEX_SECRET : Agent connection secret. -tcp FILE : (deprecated) instead of talking to the controller via stdin/stdout, listens to a random local port, write that port number to the given file, then wait for the controller to connect to that port. -text : encode communication with the controller with base64. Useful for running agent over 8-bit unsafe protocol like telnet -tunnel HOST:PORT : Connect to the specified host and port, instead of connecting directly to Jenkins. Useful when connection to Jenkins needs to be tunneled. Can be also HOST: or :PORT, in which case the missing portion will be auto-configured like the default behavior. -url URL : Specify the Jenkins root URLs to connect to. -version : Shows the version of the remoting jar and then exits (default: false) -webSocket : Make a WebSocket connection to Jenkins rather than using the TCP port. (default: false) -webSocketHeader NAME=VALUE : Additional WebSocket header to set, eg for authenticating with reverse proxies. To specify multiple headers, call this flag multiple times, one with each header -workDir FILE : Declares the working directory of the remoting instance (stores cache and logs by default)
Scripts that obtain a crumb using the `/crumbIssuer/api` URL will now fail to perform actions protected from CSRF unless the scripts retain the web session ID in subsequent requests.
${PROTOCOL_FULLY_QUALIFIED_NAME}.disabled:
where PROTOCOL_FULLY_QUALIFIED_NAME equals PROTOCOL_HANDLER_CLASSNAME without the Handler suffix.
- description - `hudson.remoting.FlightRecorderInputStream.BUFFER_SIZE` :
Size (in bytes) of the flight recorder ring buffer used for debugging remoting issues - `hudson.remoting.Launcher.pingIntervalSec` :
Seconds between ping checks to monitor health of agent nodes; 0 to disable ping | - `hudson.remoting.Launcher.pingTimeoutSec` :
If ping of agent node takes longer than this, consider it dead; 0 to disable ping | - `hudson.remoting.RemoteClassLoader.force` :
Class name String. Forces loading of the specified class name on incoming requests. Works around issues like JENKINS-19445 | - `hudson.remoting.Engine.socketTimeout` :
Socket read timeout in milliseconds. If timeout happens and the failOnSocketTimeoutInReader property is true, the channel will be interrupted. | - `hudson.remoting.SynchronousCommandTransport.failOnSocketTimeoutInReader` :
Boolean flag. Enables the original aggressive behavior, when the channel reader gets interrupted by any SocketTimeoutException | - `hudson.remoting.ExportTable.unexportLogSize` :
Defines number of entries to be stored in the unexport history, which is being analyzed during the invalid object ID analysis. | - `${PROTOCOL_FULLY_QUALIFIED_NAME}.disabled` :
Boolean flag, which allows disabling particular protocols in remoting.
Property example:
org.jenkinsci.remoting.engine.JnlpProtocol3.disabled | - `org.jenkinsci.remoting.nio.NioChannelHub.disabled` :
Boolean flag to disable NIO-based socket connection handling, and switch back to classic IO. Used to isolate the problem. | - `org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.protocolNamesToTry` :
If specified, only the protocols from the list will be tried during the connection. The option provides protocol names, but the order of the check is defined internally and cannot be changed. |
