Jenkins: Unable to start jenkins on an External Hard Drive

2
votes

I have Jenkins running on a Mac Mini. And I recently added an external hard drive and moved my jenkins data to it. So far so good. Everything worked ok. BUT yesterday I updated to Catalina and now jenkins will not start. If I move the data back to the mac mini hard drive, it will start no problem. I guess it a rights problem but it seems I have all the necessary rights.

Can anyone help?

Some info... - On the mac mini, there is only one user: OLAV - Jenkins is started using a plist file in ~/Library/LaunchAgents/ (in the users directory) - Jenkins is started as follows: launchctl load ~/Library/LaunchAgents/org.jenkins-launch.plist

  • The plist file looks like this:

<key>EnvironmentVariables</key>
<dict>
    <key>JENKINS_HOME</key>
    <string>/Volumes/MacMiniEX/.jenkins</string>
</dict>
<key>Label</key>
<string>org.jenkins-launch</string>
<key>ProgramArguments</key>
<array>
    <string>/usr/libexec/java_home</string>
    <string>-v</string>
    <string>1.8</string>
    <string>--exec</string>
    <string>java</string>
    <string>-jar</string>
    <string>/Applications/jenkins/jenkins.war</string>
    <string>--httpListenAddress=0.0.0.0</string>
    <string>--httpPort=7070</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>UserName</key>
<string>Olav</string>
<key>StandardOutPath</key>
<string>/Users/Olav/desktop/stdout.log</string>
<key>StandardErrorPath</key>
<string>/Users/Olav/desktop/error.log</string>

  • And the error I get is as follows:

2020-04-16 10:48:43.562+0000 [id=1] INFO org.eclipse.jetty.util.log.Log#initialized: Logging initialized @331ms to org.eclipse.jetty.util.log.JavaUtilLog 2020-04-16 10:48:43.678+0000 [id=1] INFO winstone.Logger#logInternal: Beginning extraction from war file 2020-04-16 10:48:43.705+0000 [id=1] WARNING winstone.Logger#logInternal: Failed to delete dirs /Volumes/MacMiniEX/.jenkins/war java.nio.file.FileSystemException: /Volumes/MacMiniEX/.jenkins/war: Operation not permitted at sun.nio.fs.UnixException.translateToIOException(UnixException.java:91) at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) at sun.nio.fs.UnixFileSystemProvider.implDelete(UnixFileSystemProvider.java:244) at sun.nio.fs.AbstractFileSystemProvider.deleteIfExists(AbstractFileSystemProvider.java:108) at java.nio.file.Files.deleteIfExists(Files.java:1165) at winstone.HostConfiguration.deleteRecursive(HostConfiguration.java:330) at winstone.HostConfiguration.getWebRoot(HostConfiguration.java:265) at winstone.HostConfiguration.(HostConfiguration.java:84) at winstone.HostGroup.initHost(HostGroup.java:66) at winstone.HostGroup.(HostGroup.java:45) at winstone.Launcher.(Launcher.java:167) at winstone.Launcher.main(Launcher.java:355) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at Main._main(Main.java:375) at Main.main(Main.java:151)

2
macosjenkinsmacos-catalina

2 Answers

2
votes

YES! Thank you @chrisoneiota for clue I needed. Catalina's SIP is preventing jenkins from using the exteral hard drive without approval, and never prompting for that approval. So --

For jenkins installed via homebrew:

  1. open terminal
  2. brew services stop jenkins-lts
  3. open /System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/ to open a finder window
  4. System Preferences -> Security and Privacy -> Full Disk Access
  5. Click the lock to enable changes
  6. Drag and drop java_home from the finder window into the allowed list.
  7. brew services start jenkins-lts

You should now have access.

The key struggle for me was to figure out which java executable needed the access. Had to investigate which command homebrew was running (stored in /usr/local/opt/jenkins-lts/homebrew.mxcl.jenkins-lts.plist), which pointed to a symlink, whcih pointed to the above java_home. Adding the symlink to Security & Privacy didn't work; it had to be the final path.

1
votes

I'm currently investigating the exact same issue.

I don't yet have a proper solution but I can add the following:

  1. Check the Mac Settings->Security&Privacy->Privacy tab->Files&Folders. I have java listed as an application and have granted removable volume access Mac Settings I've tried granting full disk access as well, with no luck.
  2. Check Console for sandboxd errors Console output

  3. If you run from Terminal command line, you receive permission prompts. Allow them and jenkins will start. Not ideal in the long term, as the command will need doing every time the box is rebooted but it helps narrow down the issue:

    /Library/Application\ Support/Jenkins/jenkins-runner.sh

(I ran the native Jenkins installer as I was having issues with the homebrew installation)