問題

When trying to use native Git executable, Bamboo gives a permission denied error:

Executing Task 'Checkout Default Repository(2)' of type com.atlassian.bamboo.plugins.vcs:task.vcs.checkout.(java.lang.RuntimeException : 
com.atlassian.bamboo.repository.RepositoryException: Cannot fetch branch
 '(unresolved) 963c55456144b9549c2ea196c68b89f47982368e' from 'git@git.company.com:repo' to source directory '/var/bamboo-home/xml-data/build-dir/PROJ1-PLAN1-JOB1'. command /usr/bin/git ls-remote ssh://f20b0a52-1011-4674-86a2-3a58d47f22d6@127.0.0.1:59897/bbb-api failed with code 128. Working directory was [/var/bamboo-home/xml-data/build-dir/PROJ1-PLAN1-JOB1]., stderr: [fatal: cannot exec '/tmp/bamboo-ssh.9900a68e.sh': Permission denied, fatal: unable to fork])

NOTE: Bamboo is running as root, and /usr/bin/git is owned by root and has "rwxr-xr-x" permissions.

原因

The /tmp directory on your server is a mount point. That mount point has 'noexec' set on it. That's where the 'Permission denied' error is coming from.

回避策

If noexec must remain set on the mount for /tmp, you can override the temp directory location to another path does have execute permissions.

1. Edit the $HOME/bamboo-agent-home/conf/wrapper.conf

2. Add an additional parameter to override tmpdir. Example below:

   wrapper.java.additional.1=-Dbamboo.home=/<path>/bamboo-agent-home/
   wrapper.java.additional.2=-Dbamboo.agent.ignoreServerCertName=false
   #wrapper.java.additional.3=-Dlog4j.configuration=
   #wrapper.java.additional.3=-agentlib:yjpagent
   wrapper.java.additional.3=-Djava.io.tmpdir=/<path>/bamboo-agent-home/temp

   • 
     Note, wrapper.java.additional.x must be numbered sequentially for the argument to be read. In this default example, both 3's are commented out so we need to re-use it for the tmpdir but your configuration might be different.
3. Restart the agent.

ソリューション

Here are the investigation steps leading to the solution.

Temporarily set the GIT_SSH environment variable to point to /tmp/bamboo-ssh.9900a68e.sh file and try to run normal Git clone procedure from command line. It might be useful to edit the /tmp/bamboo-ssh.9900a68e.sh file and, for example, cut the 'exec' from the beginning to see how the Git checkout will behave:

ssh -o StrictHostKeyChecking=no -o BatchMode=yes -o UserKnownHostsFile=/dev/null $@

Here is the result of a Git clone from command line after changing the GIT_SSH environment variable and trying to clone:

[root@server tmp]# git clone $GIT:product
 Cloning into 'product'...
 fatal: cannot exec '/tmp/bamboo-ssh.9900a68e.sh': Permission denied
 fatal: unable to fork
 [root@server tmp]# ./bamboo-ssh.9900a68e.sh 
 -bash: ./bamboo-ssh.9900a68e.sh: /bin/sh: bad interpreter: Permission denied

If /bin/sh is set correctly, and bamboo-ssh.9900a68e.sh script is owned by root and has at least 755 permissions, then 'Permission denied' error means a system-level issue (when running the script as root).

After running the following command you will see that the /tmp directory is a mount (and has 'noexec'):

[root@server tmp]# mount | grep tmp
 /dev/mapper/Vol00-Log01 on /tmp type ext3 (rw,noexec,nosuid,nodev)

Edit /etc/fstab and remove 'noexec' (and nosuid), then reboot the Bamboo server and try to checkout again.