Git repository checkout fails when using native Git executable
When trying to use native Git executable, Bamboo gives a permission denied error:
Executing Task 'Checkout Default Repository(2)' of type com.atlassian.bamboo.plugins.vcs:task.vcs.checkout.(java.lang.RuntimeException : com.atlassian.bamboo.repository.RepositoryException: Cannot fetch branch '(unresolved) 963c55456144b9549c2ea196c68b89f47982368e' from 'email@example.com:repo' to source directory '/var/bamboo-home/xml-data/build-dir/PROJ1-PLAN1-JOB1'. command /usr/bin/git ls-remote ssh://firstname.lastname@example.org:59897/bbb-api failed with code 128. Working directory was [/var/bamboo-home/xml-data/build-dir/PROJ1-PLAN1-JOB1]., stderr: [fatal: cannot exec '/tmp/bamboo-ssh.9900a68e.sh': Permission denied, fatal: unable to fork])
NOTE: Bamboo is running as root, and
/usr/bin/git is owned by root and has "
/tmp directory on your server is a mount point. That mount point has '
noexec' set on it. That's where the 'Permission denied' error is coming from.
noexec must remain set on the mount for
/tmp, you can override the temp directory location to another path does have execute permissions.
- Edit the
Add an additional parameter to override tmpdir. Example below:
wrapper.java.additional.1=-Dbamboo.home=/<path>/bamboo-agent-home/ wrapper.java.additional.2=-Dbamboo.agent.ignoreServerCertName=false #wrapper.java.additional.3=-Dlog4j.configuration= #wrapper.java.additional.3=-agentlib:yjpagent wrapper.java.additional.3=-Djava.io.tmpdir=/<path>/bamboo-agent-home/temp
Note, wrapper.java.additional.x must be numbered sequentially for the argument to be read. In this default example, both 3's are commented out so we need to re-use it for the tmpdir but your configuration might be different.
- Restart the agent.
Here are the investigation steps leading to the solution.
Temporarily set the
GIT_SSH environment variable to point to
/tmp/bamboo-ssh.9900a68e.sh file and try to run normal Git clone procedure from command line. It might be useful to edit the
/tmp/bamboo-ssh.9900a68e.sh file and, for example, cut the '
exec' from the beginning to see how the Git checkout will behave:
ssh -o StrictHostKeyChecking=no -o BatchMode=yes -o UserKnownHostsFile=/dev/null $@
Here is the result of a Git clone from command line after changing the
GIT_SSH environment variable and trying to clone:
[root@server tmp]# git clone $GIT:product Cloning into 'product'... fatal: cannot exec '/tmp/bamboo-ssh.9900a68e.sh': Permission denied fatal: unable to fork [root@server tmp]# ./bamboo-ssh.9900a68e.sh -bash: ./bamboo-ssh.9900a68e.sh: /bin/sh: bad interpreter: Permission denied
/bin/sh is set correctly, and
bamboo-ssh.9900a68e.sh script is owned by root and has at least 755 permissions, then 'Permission denied' error means a system-level issue (when running the script as root).
After running the following command you will see that the
/tmp directory is a mount (and has '
[root@server tmp]# mount | grep tmp /dev/mapper/Vol00-Log01 on /tmp type ext3 (rw,noexec,nosuid,nodev)
/etc/fstab and remove '
nosuid), then reboot the Bamboo server and try to checkout again.