Monday 17 September 2012

Ensuring Jenkins can delete files created by Tomcat7

The problem is that Jenkins is not root. In the past the work Jenkins is doing would be done by root invoked from cron.

Our scenario is to build and deploy to Tomcat7 and then invoke the deployed web service from Jenkins. The web service downloads a lot of files to a cache. Once a week we want to clear the cache, from Jenkins, but the files in the cache are owned by Tomcat7.

The solution is to put Jenkins and Tomcat7 into the same group.

Edit the tomcat startup script /etc/init.d/tomcat7 and change the umask value to 002.

start)
if [ -z "$JAVA_HOME" ]; then
log_failure_msg "no JDK found - please set JAVA_HOME"
exit 1
fi
if [ ! -d "$CATALINA_BASE/conf" ]; then
log_failure_msg "invalid CATALINA_BASE: $CATALINA_BASE"
exit 1
fi
log_daemon_msg "Starting $DESC" "$NAME"
if start-stop-daemon --test --start --pidfile "$CATALINA_PID" \
--user $TOMCAT6_USER --exec "$JAVA_HOME/bin/java" > /dev/null; then
# Regenerate POLICY_CACHE file
umask 002
echo "// AUTO-GENERATED FILE from /etc/tomcat6/policy.d/" > "$POLICY_CACHE"
echo "" >> "$POLICY_CACHE"
cat $CATALINA_BASE/conf/policy.d/*.policy >> "$POLICY_CACHE"

Make Jenkins a member of the tomcat7 group.


usermod -G tomcat7 jenkins

Restart tomcat7 and Jenkins


/etc/init.d/tomcat7 restart
/etc/init.d/jenkins restart

change premisions on existing cache


chmod -R g+w .

Run Jenkins manually:

The job should succeed next weekend.

No comments:

Post a Comment