Jenkins on Mac OS X; git w/ ssh public key
Jenkins on Mac OS X
I just finished setting up a build server on Mac OS X using Jenkins (formerly Hudson). The company I’m working for (GradeCam) uses git and gitolite for our source control and so I expected no trouble using Jenkins to build our tools using the git plugin.
However, I quickly ran into a snag: the source control server is on a public address and so our source code is not available except via ssh, and gitolite ssh access uses private key authentication. Well, I’m an experience unix sysadmin, so that didn’t sound like a big issue — after all, setting up public key authentication is childs play, right?
The default installation of Jenkins on Mac OS X (at the time of this writing) installs a Launch Agent plist to /Library/LaunchAgents/org.jenkins-ci.plist. This plist file causes Jenkins to load as user “daemon”, which sounds fine — except that the home directory for the “daemon” user is /var/root, same as for user root. This means that the .ssh dir in there will never have the right permissions for a private key to be used.
Creating a new hidden user
My solution was to create a new “hidden” user for Jenkins to run under. Following instructions I found on a blog post, I created a user “jenkins” with a home directory “/Users/Shared/Jenkins/Home”:
sudo dscl . create /Users/jenkins sudo dscl . create /Users/jenkins PrimaryGroupID 1 sudo dscl . create /Users/jenkins UniqueID 300 sudo dscl . create /Users/jenkins UserShell /bin/bash sudo dscl . passwd /Users/jenkins $PASSWORD sudo dscl . create /Users/jenkins home /Users/Shared/Jenkins/Home/
I then stopped Jenkins: “sudo launchctl unload -w /Library/LaunchAgents/org.jenkins-ci.plist” and edited the plist file to set the username to jenkins instead of daemon. “chown -R jenkins: /Users/Shared/Jenkins/Home” sets the permissions how they need to be, and then “sudo launchctl load -w /Library/LaunchAgents/org.jenkins-ci.plist” should get you up and running!
To get git over ssh running, “sudo su – jenkins” to get a console as the jenkins user and set up the ssh keys and such. Make sure you can ssh to where you want to go (or even do a test git clone) because you need to save the keys so it doesn’t ask for them when jenkins tries to do the clone.
That should do you! Hope it helps someone.