Running Jenkins as a Different User
481 views
Skip to first unread message
Wt Riker
Dec 11, 2014, 8:55:57 AM12/11/14
to jenkins...@googlegroups.com
I am trying to set up Jenkins to run as a different user. I followed these instructions:
http://blog.manula.org/2013/03/running-jenkins-under-different-user-in.html
That seems pretty simple and Jenkins seems to start fine. However, when I try to access it I get this error:
Powered by Jetty://
There are no errors in the Jenkins log. Searching for this error seems to indicate a security problem with Jetty but they all include a Java traceback which in my case does not happen. Can someone help me trouble shoot this? TIA.
http://blog.manula.org/2013/03/running-jenkins-under-different-user-in.html
That seems pretty simple and Jenkins seems to start fine. However, when I try to access it I get this error:
HTTP ERROR: 503
Problem accessing /. Reason:
Service Unavailable
Powered by Jetty://
There are no errors in the Jenkins log. Searching for this error seems to indicate a security problem with Jetty but they all include a Java traceback which in my case does not happen. Can someone help me trouble shoot this? TIA.
Jeff Thornsen
Dec 11, 2014, 6:50:54 PM12/11/14
to jenkins...@googlegroups.com
I assume you're on Linux of some sort.
1. Verify permissions on JENKINS_HOME
2. Verify home directory for your service user is valid and writable (e.g. ~<user> exists and is owned by <user>)
I typically re-configure the account in /etc/passwd so that ~<user> === JENKINS_HOME, which is almost always /var/lib/jenkins or sometimes /home/jenkins
What happens if you try to run it manually? You should be able to get some kind of error information in the console output.
# su <user>
# java -jar jenkins.war
What OS are you using, and how did you install Jenkins as a service? That may help us provide places for you to look as well.
1. Verify permissions on JENKINS_HOME
2. Verify home directory for your service user is valid and writable (e.g. ~<user> exists and is owned by <user>)
I typically re-configure the account in /etc/passwd so that ~<user> === JENKINS_HOME, which is almost always /var/lib/jenkins or sometimes /home/jenkins
What happens if you try to run it manually? You should be able to get some kind of error information in the console output.
# su <user>
# java -jar jenkins.war
What OS are you using, and how did you install Jenkins as a service? That may help us provide places for you to look as well.
Wt Riker
Dec 15, 2014, 8:32:55 AM12/15/14
to jenkins...@googlegroups.com
Thanks for the reply. I have already done all that except trying to run it manually. That did produce some additional errors but it does mean anything to me other than is cannot load Jetty (no idea where that is). I tried to search for it but nothing seemed applicable. Here is the output:
Running from: /usr/lib/jenkins/jenkins.war
webroot: $user.home/.jenkins
Dec 15, 2014 5:27:02 AM winstone.Logger logInternal
INFO: Beginning extraction from war file
Dec 15, 2014 5:27:02 AM winstone.Logger logInternal
INFO: Winstone shutdown successfully
Dec 15, 2014 5:27:02 AM winstone.Logger logInternal
SEVERE: Container startup failed
Throwable occurred: java.io.FileNotFoundException: /users/dtvjnkns/.jenkins/war/META-INF/MANIFEST.MF (No such file or directory)
at java.io.FileOutputStream.<init>(FileOutputStream.java:190)
at java.io.FileOutputStream.<init>(FileOutputStream.java:142)
at winstone.HostConfiguration.getWebRoot(HostConfiguration.java:277)
at winstone.HostConfiguration.<init>(HostConfiguration.java:81)
at winstone.HostGroup.initHost(HostGroup.java:66)
at winstone.HostGroup.<init>(HostGroup.java:45)
at winstone.Launcher.<init>(Launcher.java:143)
at winstone.Launcher.main(Launcher.java:354)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at Main._main(Main.java:293)
at Main.main(Main.java:98)
Running from: /usr/lib/jenkins/jenkins.war
webroot: $user.home/.jenkins
Dec 15, 2014 5:27:02 AM winstone.Logger logInternal
INFO: Beginning extraction from war file
Dec 15, 2014 5:27:02 AM winstone.Logger logInternal
INFO: Winstone shutdown successfully
Dec 15, 2014 5:27:02 AM winstone.Logger logInternal
SEVERE: Container startup failed
Throwable occurred: java.io.FileNotFoundException: /users/dtvjnkns/.jenkins/war/META-INF/MANIFEST.MF (No such file or directory)
at java.io.FileOutputStream.<init>(FileOutputStream.java:190)
at java.io.FileOutputStream.<init>(FileOutputStream.java:142)
at winstone.HostConfiguration.getWebRoot(HostConfiguration.java:277)
at winstone.HostConfiguration.<init>(HostConfiguration.java:81)
at winstone.HostGroup.initHost(HostGroup.java:66)
at winstone.HostGroup.<init>(HostGroup.java:45)
at winstone.Launcher.<init>(Launcher.java:143)
at winstone.Launcher.main(Launcher.java:354)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at Main._main(Main.java:293)
at Main.main(Main.java:98)
Wt Riker
Dec 15, 2014, 8:38:17 AM12/15/14
to jenkins...@googlegroups.com
I just noticed one additional point, and that may be the crux of the problem. Why does it try to use /users/dtvjnkns/.jenkins? That is not the home directory for this user. I specified /var/lib/jenkins as the home directory in /etc/sysconfig/jenkins.
Dirk Heinrichs
Dec 15, 2014, 9:35:09 AM12/15/14
to jenkins...@googlegroups.com
Am 15.12.2014 um 14:38 schrieb Wt
Riker:
I just noticed one additional point, and that may be the crux of the problem. Why does it try to use /users/dtvjnkns/.jenkins? That is not the home directory for this user. I specified /var/lib/jenkins as the home directory in /etc/sysconfig/jenkins.
Don't mix $JENKINS_HOME with the users $HOME. While you may specify
the former in /etc/sysconfig/jenkins, you need to set the latter in
/etc/passwd. In case you have set JENKINS_HOME in
/etc/sysconfig/jenkins and wonder why it's not used, check your init
script (/etc/init.d/jenkins). Does it actually read that file.
What Linux distribution are you using? Debian family systems don't have /etc/sysconfig, they use /etc/default.
Bye...
Dirk
What Linux distribution are you using? Debian family systems don't have /etc/sysconfig, they use /etc/default.
Bye...
Dirk
--
Dirk Heinrichs, Senior Systems Engineer, Engineering Solutions
Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
Tel: +49 2226 1596666 (Ansage) 1149
Email: d...@recommind.com
Skype: dirk.heinrichs.recommind
www.recommind.com
Dirk Heinrichs, Senior Systems Engineer, Engineering Solutions
Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
Tel: +49 2226 1596666 (Ansage) 1149
Email: d...@recommind.com
Skype: dirk.heinrichs.recommind
www.recommind.com
Wt Riker
Dec 15, 2014, 9:56:29 AM12/15/14
to jenkins...@googlegroups.com, d...@recommind.com
I pretty much figured this was the case. This is RHEL 6.2. The problem is that by corporate policy, local accounts are not permitted. Vintella is used on all Linux servers so AD users, called "generic" users, must be created to comply with security policy. Therefore that user will not show up in /etc/passwd. Home directories are generally not provided with generic accounts. Since the Jenkins documentation said nothing about a home directory, it took me a long time to figure this out. I need to get with our security folks to figure out how to so this in compliance with policy. Thanks.
Reply all
Reply to author
Forward
0 new messages