Jenkins Os X – 3nd install
this time no jenkins group => using munki
1 Create jenkins Home Dir & log dirs
1.1 Create the jenkins folder + the Home folder
sudo su - jenkins
mkdir -p /Volumes/DEPLOY_IMAGES/DEPLOYMENT_STAGE/jenkins/Home
1.2 Apply ownership
find "/Volumes/DEPLOY_IMAGES/DEPLOYMENT_STAGE/jenkins" \( -not -user jenkins -or -not -group munki \) -print0 | xargs -0 chown jenkins:munki
1.3 Create log folder
mkdir /var/log/jenkins
touch /var/log/jenkins/jenkins.log
touch /var/log/jenkins/jenkins_error.log
chown -R jenkins:munki /var/log/jenkins
1.4 Apply ownership
chown -R jenkins:munki /var/log/jenkins
1.5 create symlinks for some command line tools (optional)
Home dir symlink creation
Jenkins has its user dir at /Users/Shared/Jenkins. Some command line tools assumes that home dir is at /Users/jenkins. You have to make symlink:
sudo ln -s /Volumes/DEPLOY_IMAGES/DEPLOYMENT_STAGE/jenkins /Users/jenkins
sudo chown jenkins:jenkins /Users/jenkins
Note: finally Doing so seems to help to get correct paths.
also note I changed jenkins home jenkins.war to reflect actual path. see 5.1! I did both actions together so not sure wich one or if both did the trick.
Obviously giving the correct path seems logic to me ;)
2 Create jenkins User & Group
- used system Prefs
- Edit user to be in group jenkins
- Edit user to have NFSHomedir in /Volumes/DEPLOY_IMAGES/DEPLOYMENT_STAGE/jenkins
3 jenkins install via brew
brew install jenkins
==> Downloading http://mirrors.jenkins-ci.org/war/1.534/jenkins.war
######################################################################## 100.0%
==> Caveats
To have launchd start jenkins at login:
ln -sfv /usr/local/opt/jenkins/*.plist ~/Library/LaunchAgents
Then to load jenkins now:
launchctl load ~/Library/LaunchAgents/homebrew.mxcl.jenkins.plist
Or, if you don't want/need launchctl, you can just run:
java -jar /usr/local/opt/jenkins/libexec/jenkins.war
==> Summary
/usr/local/Cellar/jenkins/1.534: 3 files, 60M, built in 77 seconds
3.1 Important Note ! :
Don’t run “manually”
java -jar /usr/local/opt/jenkins/libexec/jenkins.war
as stated by brew after the install.
It has messed things up for me.
I noticed than if I launched it as my current user, it creates a .jenkins folder inside the current user (the one than runs the java jar).
AND it then configure user.home varaible with the user and not jenkins.
I would not try either as logged in as jenkins user.
Tried it too, it made the .jenkins folder inside the jenkins home dir.
We don’t want that as we edited plist and .sh scripts with variables.
Note : I may be wrong as .jenkins seems to be needed anyway. and it’s been recreated in my home dir ?
3.2 Important Note bis :
Concerning the LaunchAgent from brew. Just leave it, and follow on, as other have done work before and we can use that instead as it is more suited.
4 jenkins Setting-Up Defaults
With sudo
defaults write /Library/Preferences/org.jenkins-ci war "/usr/local/opt/jenkins/libexec/jenkins.war"
defaults write /Library/Preferences/org.jenkins-ci heapSize 512m
defaults write /Library/Preferences/org.jenkins-ci httpListenAddress 127.0.0.1
defaults write /Library/Preferences/org.jenkins-ci httpPort 8080
defaults write /Library/Preferences/org.jenkins-ci permGen 256m
defaults write /Library/Preferences/org.jenkins-ci JENKINS_HOME "/Volumes/DEPLOY_IMAGES/DEPLOYMENT_STAGE/jenkins/Home"
Will create the plist preferences file:
/Library/Preferences/org.jenkins-ci
5 jenkins App support script
sudo cp /Volumes/DEPLOY_IMAGES/DEPLOYBUILDS_DEV/APPLICATIONS_DEV_git/jenkins_stuff/LIBRARY_APPSUP_JENKINS/jenkins-runner.sh /Library/Application\ Support/jenkins/jenkins-runner.sh
sudo chown root:wheel /Library/Application\ Support/jenkins/jenkins-runner.sh && chmod 644 /Library/Application\ Support/jenkins/jenkins-runner.sh
/Library/Application Support/jenkins/jenkins-runner.sh
5.1 Note :
On Line 15-16 Path /Applications/jenkins/jenkins.war is wrong.
change
#war=`$defaults war` || war="/Applications/jenkins/jenkins.war"
to
war=`$defaults war` || war="/usr/local/opt/jenkins/libexec/jenkins.war"
6 jenkins launchAgent
Copy the file
sudo cp /Volumes/DEPLOY_IMAGES/DEPLOYBUILDS_DEV/APPLICATIONS_DEV_git/jenkins_stuff/LIBRARY_LaunchAgent/org.jenkins-ci.plist /Library/LaunchAgents/org.jenkins-ci.plist
Apply root ownership and chmod 644
PLIST='/Library/LaunchAgents/org.jenkins-ci.plist'; chown root:wheel $PLIST && chmod 644 $PLIST
/Library/LaunchAgents/org.jenkins-ci.plist
Finally let’s launch this:
WARNING be sure to be the jenkins user at any time you need to start and stop – no being so made errors on errors after updates or with java launched by me and notjenkins ????
didn’t get why – took me hours to figure out what was braking, notwhat but why. Please note also that I don’t know shit about java at all. Well I know that I worked on the National French Launch of Java back in the days I was working in an agency ;)
launchctl load -w /Library/LaunchAgents/org.jenkins-ci.plist
Go to http://127.0.0.1:8080
Success
launchd is ok
Note : you WANT to make a backup of the full jenkins directory (or not)
I use CarbonCopyCloner: easy GUI, fast cloning.
7 Setup Security once on the homepage
Setting up Security
http://127.0.0.1:8080/configureSecurity/?
7.1 step1 Security Realm
Security Realm
Choosed to UNIX user/group db (aka system)
- Delegate to servlet container
- Jenkins’s own user database
- LDAP
- Unix user/group database
change only this then apply and test if you can login !
If ok, then we can go on and change Authorization
Later on we’ll try to add LDAP support
- Ok Success for me I now have the log in menu.
- logged as jenkins ok
7.1 step2 Authorization
Authorization
Choosed: Logged-in users can do anything
- Anyone can do anything
- Legacy mode
- Logged-in users can do anything
- Matrix-based security
- Project-based Matrix Authorization Strategy
Ok Success for me I now have the log in menu
8 Configure from within the webapp
from
go there
http://127.0.0.1:8080/configure
in GLobal Properties
check Environment variables
name: OSX_KEYCHAIN_LOCATION
value: /Volumes/DEPLOY_IMAGES/DEPLOYMENT_STAGE/jenkins/Library/Keychains/login.keychain
name: OSX_KEYCHAIN_PASSWORD
value: jenkins
Note:
- For now no keychain exists yet.
- We could use the security commandline to create one, I’ll deal later with this in case we (an app) need it.
9 jenkins ssh-keygen
I want jenkins to be able to do commits with git
(not done yet)
so let’s prepare the work
- Create .ssh dir
- Create the file known_hosts
- Create id_rsa (and then add the public key to your gitlab)
let’s go
sudo su - jenkins
pwd
check we’re in jenkins home
mkdir .ssh
touch .ssh/known_hosts
cd .ssh ; ls -la
ssh-keygen -t rsa -C "moc.l1656641550iamee1656641550mos@s1656641550nikne1656641550j1656641550"
Note:
I copied my own known_hosts to get things faster.
10 Start and stop jenkins
with launchctl (launchd)
Do it as jenkins user
launchctl stop org.jenkins-ci
to stop
launchctl stop org.jenkins-ci
or you might want to unload
launchctl unload -w /Library/LaunchAgents/org.jenkins-ci.plist
to start again
(if you unloaded)
launchctl load -w /Library/LaunchAgents/org.jenkins-ci.plist
or start
launchctl start org.jenkins-ci
from web interface:
http://127.0.0.1:8080/restart
http://127.0.0.1:8080/exit
Success
jenkins is ok
Note : you WANT to make a backup of the full jenkins directory (or not)
I use CarbonCopyCloner: easy GUI, fast cloning.
11 jenkins Updates
*nix/Mac Auto-Upgrade With Container
If you run Jenkins with java -jar jenkins.war, Jenkins will be able to update itself from the Manage Jenkins page. This is the simplest way to do automatic upgrades.
If you've installed via the OS X installer, the 'jenkins' running the process does not own the .war file. To get auto-upgrade working, just fix the permissions so the jenkins user can write the WAR (in /Applications/Jenkins).
Finnaly got it to work with a simple brew update jenkins
!
Quick tip:
- unload jenkins (from jenkins user!)
- brew update
- brew switch
- load jenkins
- go back to webapp, let jenkins works and restart
- you (should be) good to go!
• we need to stop jenkins with launchctl
sudo launchctl unload -w /Library/LaunchAgents/org.jenkins-ci.plist
• do the switch (or install? or upgrade then switch)
brew switch jenkins 1.535
• reboot — no need to reboot when properly configured :)
• start jenkins again
sudo launchctl load -w /Library/LaunchAgents/org.jenkins-ci.plist
12 reimport olders jobs
I screwed my first and second setups, (and finally it was good on my third attempt, see 3.1)
sudo su - jenkins
cp -R /Volumes/DEPLOY_IMAGES/DEPLOYBUILDS_DEV/APPLICATIONS_DEV_git/jenkins_stuff/1st_setup_jobs.backup/jobs/* /Volumes/DEPLOY_IMAGES/DEPLOYMENT_STAGE/jenkins/Home/jobs/
- go back to webapp
- ==> Manage Jenkins ==> Reload Configuration from Disk
Tada ! All my jobs are here.
Importing old jobs is successfull.
Now let’s see if they are still working as I did not add environment variables for autopkg (will see if needed in a minute)
Had Failures as I said (permissions pb on autopkg and/or munki repo)
from my experience, Autopkg Cache and recipes must be owned by jenkins. if owned by “me” even with munki group it’s a no go.
So I add my user to the munki group. maybe will add some ACLS if needed to get reed of that annoying stuff.
a. /Library/AutoPkgs -> jenkins:munki
/Library/AutoPkgs
Permissions ok (jenkins:munki), so not that.
cp -R /Volumes/DEPLOY_IMAGES/DEPLOYBUILDS_DEV/APPLICATIONS_DEV_git/jenkins_stuff/com.github.autopkg.* /Users/jenkins/Library/Preferences/
b. munkirepo -> myaccount:munki
Check the munki repo premissions (I deleted jenkins user lots of time and changed UID sometimes too)
cd /Volumes/DEPLOY_IMAGES/DEPLOYBUILDS_DEV/
sudo chown -R localadminoem:munki MUNKI_REPO_MASTER
Failure again with jenkins User
c. autopkg from jenkinsuser
Failure from within jenkins user, success from current user (me). Seems to be Autopkg config problems .
sudo su - jenkins
Assuming you are in jenkins homedir
sudo chown -R jenkins:munki .
chmod -R g+xa .
move to Autopkg in ~homedir.
cd Library/AutoPkg
ln -s /Library/AutoPkg/Cache .
ln -s /Library/AutoPkg/RecipeRepos .
ls -l
lrwxr-xr-x 1 jenkins staff 22 Oct 16 18:03 Cache -> /Library/AutoPkg/Cache
lrwxr-xr-x 1 jenkins staff 28 Oct 16 18:03 RecipeRepos -> /Library/AutoPkg/RecipeRepos
OR you could just configure from jenkins user (RTFM)
defaults write com.github.
now run the “jenkins command” manually in the terminal.
macpro:Cache jenkins$ /usr/local/bin/autopkg run --search-dir=/Library/AutoPkg/RecipeRepos/com.github.autopkg.recipes/ Cyberduck.munki
Processing Cyberduck.munki...
Nothing downloaded, packaged or imported.
No errors, all is fine now.
note the result just indicate ther is no new updates
See this post for autopkg command syntax
http://oemden.com/?p=203
Next, I’ll have to get git working with gitlab.
Some usefull links
That helped me out in my quest
http://www.halyph.com/2013/03/jenkins-on-mac-os-x-tips-and-tricks.html
[…] Jenkins setup on Os X server Jenkins setup on Os X server […]