Antivirus Best Practices

Issue

Recommendation when using an antivirus on a server with a CloudBees CI instance

Environment

Resolution

Exclude the $JENKINS_HOME directory

While CloudBees has no specific recommendations for antiviruses to be used in general on servers which are running your instance we have observed possible performance issues from said setup.

Specifically, when using any antivirus on the same server which is running your CloudBees CI/Jenkins instance for best practice it is recommended to exclude any and all Jenkins directories from an antivirus scan.

By default $JENKINS_HOME should be at the following:

  • For CloudBees Jenkins Platform (CJP), Jenkins LTS and CloudBees Jenkins Distribution (CJD) $JENKINS_HOME by default is set to /var/lib/jenkins/

  • For CloudBees Core/CI the default $JENKINS_HOME location is set to /var/lib/cloudbees-core-cm for Masters/Controllers and /var/lib/cloudbees-core-oc for the CJOC.

Excluding the location of these directories from being scanned by any antivirus will improve performance when using an antivirus.

If performance issues persist post exclusion of the Jenkins directory it may be that the antivirus process itself is causing a performance deprecation server wide due to the resources being consumed.

Otherwise, if disabling the antivirus process completely does not yield expected performance for your instance please follow Our guide here for gathering required performance data and contact CloudBees Support.

Excluding other linked directories

Please note if you have also added the --webroot or the --pluginroot startup arguments to extract the war file and plugins from outside of $JENKINS_HOME as described in this CloudBees CI Support article linked here you will need to blacklist these directories from antivirus as well for best practices.

Excluding workspace on Agents

In addition to the CloudBees CI CJOC and Masters, any connected agents will need to have their designated workspace for CloudBees CI builds excluded from any antiviruses installed on the agent server.

Have more questions?

0 Comments

Please sign in to leave a comment.