Keychain access when starting Bamboo at boot (OSX)

I've run into a very bizarre issue:

We recently changed one of our OSX agents to start bamboo at boot, following the instructions here:

https://confluence.atlassian.com/display/BAMKB/Configuring+Bamboo+to+start+automatically+on+startup+on+Mac+OSX

This seems to work just fine and launches the agent online when the system boots.

The problem is, when I try and do a build from the command line, Xcode cannot find my certificates that are in my keychain. I absolutely know they are there because I can build find from the GUI and even through SSH. I even run security unlock on the keychain (which reports success) and yet Xcode still can't find the certs/keys.

If we *don't* launch Bamboo at boot, and instead ssh in and launch bamboo as the build-user, i.e. ./build-agent.sh start, this problem goes away and everything builds just fine.

In other words, there seems to be a difference between starting bamboo at boot and starting bamboo through ssh manually. Has anyone run into this? Is this a known issue? I've tried to look around, and apologies if I've missed something and just need to RTFM.

EDIT: by "starting bamboo" and "launching bamboo" I mean starting the agent -- Bamboo itself is running just fine :)

4 answers

1 accepted

1 vote
Accepted answer

What I found out is when setting up the bamboo server not using the LaunchDaemon but the LaunchAgent it is using the correct user. Downside is that you need to login to be able to start the service, but that can be automated as well. Then the keychain can stay the same.

Bamboo is likely not running as your user now, it's running as a system user. Keychains are typically user specific, not machine specific, so you'll run into all sorts of problems.

There are a few ways to deal with this, but the easiest is just to copy your certificates and signing profiles from your keychain to the system keychain in Keychain Access.

Hi,

I run in exactly the same issue, did you find a solution for this?

 

Cheers,

 

Philip

Hi Philip! 

Unfortunately I have not found a solution. Since the machines are not rebooted that often, I've just continued to use ssh as the mechanism to bring the agent back online (when we do reboot). 

Suggest an answer

Log in or Sign up to answer
Community showcase
Asked Thursday in Jira Ops

I'm John Allspaw, Ask Me Anything about incident analysis and postmortems

I'm John Allspaw, co-founder of   Adaptive Capacity Labs, where we help teams use their incidents to learn and improve. We bring research-driven methods and approaches to drive effective inciden...

4,236 views 19 12
View question

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you