Jenkins on Mac OS X; git w/ ssh public key

June 15, 2011 21 Comments by Richard

Jenkins on Mac OS X

I just finished setting up a build server on Mac OS X using Jenkins (formerly Hudson). The company I’m working for (GradeCam) uses git and gitolite for our source control and so I expected no trouble using Jenkins to build our tools using the git plugin.

However, I quickly ran into a snag: the source control server is on a public address and so our source code is not available except via ssh, and gitolite ssh access uses private key authentication.  Well, I’m an experience unix sysadmin, so that didn’t sound like a big issue — after all, setting up public key authentication is childs play, right?

Default install

The default installation of Jenkins on Mac OS X (at the time of this writing) installs a Launch Agent plist to /Library/LaunchAgents/org.jenkins-ci.plist. This plist file causes Jenkins to load as user “daemon”, which sounds fine — except that the home directory for the “daemon” user is /var/root, same as for user root.  This means that the .ssh dir in there will never have the right permissions for a private key to be used.

Creating a new hidden user

My solution was to create a new “hidden” user for Jenkins to run under. Following instructions I found on a blog post, I created a user “jenkins” with a home directory “/Users/Shared/Jenkins/Home”:

sudo dscl . create /Users/jenkins
sudo dscl . create /Users/jenkins PrimaryGroupID 1
sudo dscl . create /Users/jenkins UniqueID 300   
sudo dscl . create /Users/jenkins UserShell /bin/bash
sudo dscl . passwd /Users/jenkins $PASSWORD
sudo dscl . create /Users/jenkins home /Users/Shared/Jenkins/Home/

I then stopped Jenkins: “sudo launchctl unload -w /Library/LaunchAgents/org.jenkins-ci.plist” and edited the plist file to set the username to jenkins instead of daemon.  “chown -R jenkins: /Users/Shared/Jenkins/Home” sets the permissions how they need to be, and then “sudo launchctl load -w /Library/LaunchAgents/org.jenkins-ci.plist” should get you up and running!

To get git over ssh running, “sudo su – jenkins” to get a console as the jenkins user and set up the ssh keys and such. Make sure you can ssh to where you want to go (or even do a test git clone) because you need to save the keys so it doesn’t ask for them when jenkins tries to do the clone.

That should do you! Hope it helps someone.

18 Comments

  1. humblehacker
    5 years ago

    How do you handle the passphrase?  My job fails with “Permission denied (publickey,keyboard-interactive).”

  2. taxilian
    5 years ago

    you use a key without a passphrase

  3. Swee mechai
    5 years ago

    Will this also fix rvm command not found error?

  4. Ben
    5 years ago

    Nothing in this post is specific to ruby or rvm. If you are getting a command not found error for rvm, I would verify your PATH is set appropriately. You may need to install rvm individually for your jenkins user, or set the PATH explicitly for your build to include the path for rvm.

  5. Swee mechai
    5 years ago

    Hi tks for reply, may I know why is it that we need to create “hidden user”. Is normal user okay? I try to login to this hidden user using sudo su – jenkins and install RVM using the bash << thinggy.. but nothing happen

  6. taxilian
    5 years ago

    Troubleshooting something like that is beyond the scope of this tutorial; a normal user would work, but you don’t want it to show up in your login dialog. That’s why you use a hidden one.

  7. BetterApps
    5 years ago

    For the latest version of the Jenkins Mac Os X installer (1.427) the unload command is “sudo launchctl unload -w /Library/LaunchDaemons/org.jenkins-ci.plist”

  8. Yuichiro MASUI
    5 years ago

    Thank you for great article!
    I succeeded to set up Jenkins on my OSX Lion.

  9. nick
    5 years ago

    hmm, i have been trying to solve this problem for 2 days now. I am having significant problems with the fact the jenkins wants to only run as daemon. SSH keys for github, and general keychain access (IOS requires access to certificates and filesystem access to provisions) is a huge problem. 

    What strikes me is that having looked around google and read many posts on the subject, that a vanilla install of jenkins will immediately break after editing the daemon launch properties. 

    Any edit to the file changes the owner of the file from system to my user. launchctl will then reject attempts to launch. (at least thats what it looks like) 

    am i doing something wrong? or could this be due to an apple update (OSX v 10.7.2 (b11c74)), and i just need to wait for a new version of Jenkins?

  10. Jag Reehal
    5 years ago

    Thanks this help me out

  11. hlclark78
    5 years ago

    This was super helpful this weekend.  I just have to things I would add.

    1. ‘Hidden’ user doesn’t seem to be true for OSX Lion.  The Jenkins user shows up on my log-in screen and you can even log in from the Log-in screen.  It’s not a big deal, but for consistency sake it might be better to have normal user account account.  You can see in my screenshot that my git account for Gitosis at least looks pretty and the jenkins user still shows up… but doesn’t look pretty. :D

    2. Also, the .plist for jenkins is in /Library/LaunchDaemons/ these days not ‘LaunchAgents’.

  12. Jason Nerothin
    5 years ago

    For any git users out there, I had to use sudo to copy over a .gitconfig file into the _jenkins user’s home directory. Then it worked :)

  13. Anonymous
    5 years ago

    Very helpful! Thank you.

  14. Roni Yaniv
    5 years ago

    You may want to update this post to reflect the fact that the current OSX installer allows custom installation where the user is called jenkins by default.

  15. Colin
    5 years ago

    Thank you so much for this post!! been trying to get this working all day and finally got it running by following your install guide.

  16. Christopher Perry
    5 years ago

    #2 helped me out a lot. Thanks. This post should be updated to reflect this.

  17. Decklyn Dubs
    5 years ago

    this appears to be a part of the user agent installation now. su jenkins and ‘cd ‘ brings to /Users/Shared/Jenkins

  18. Aerendir
    5 years ago

    As i had some problems with permissions, i’d like to assign the jenkins user to a group “Developer”. This operation can be done by the Users control panel of the Mac, but in the users list the Jenkin user hasn’t a name following this procedure.

    So, during the creation of this new hidden user, could be useful to set also his (“its” ?) name by executing the following command:

    sudo dscl . create /Users/jenkins RealName “Jenkins”

    This could be useful to operate on the user properties via control panel correctly identifying it.

    Hope this could help!

    Adamo “Aerendir

3 Trackbacks

  1. […] 1) Install Jenkins Go to http://jenkins-ci.org/ and install Jenkins for Mac OS X, make sure to use seperate new user. Here’s a great tutorial about this: http://colonelpanic.net/2011/06/jenkins-on-mac-os-x-git-w-ssh-public-key/ […]

  2. […] I just had to figure out a similar trick on Mac: http://colonelpanic.net/2011/06/jenkins-on-mac-os-x-git-w-ssh-public-key/ […]

  3. […] June 15, 2011 – Jenkins on Mac OS X; git w/ ssh public key […]

Post a Comment

Your email is never published or shared. Required fields are marked *