Jenkins Slave for OS X
bash <( curl -L https://raw.github.com/rhwood/jenkins-slave-osx/master/install.sh )
OS X slaves created with this script:
- Start on system boot
- Run as an independent user
- Use an independent Java Truststore for self-signed certificates (so your Jenkins master can use a self-signed certificate, and you do not have to instruct the slave to trust all certificates regardless of source)
- Use an independent OS X Keychain for secrets
bash <( curl -L https://raw.github.com/rhwood/jenkins-slave-osx/master/install.sh ) [options]
The install script has the following options:
--java-args="ARGS"to specify any optional java arguments. Optional; the installer does not test these arguments.
--master=URLto specify the Jenkins Master on the command line. Optional; the installer prompts for this if not specified on the command line.
--node=NAMEto specify the Slave's node name. Optional; this defaults to the OS X hostname and is verified by the installer.
--user=NAMEto specify the Jenkins user who authenticates the slave. Optional; this defaults to your username on the OS X slave and is verified by the installer.
Simply rerun the installer. It will reinstall the scripts, but use existing configuration settings.
/var/lib/jenkins (assuming an installation in the default location) can be used to configure this service with these options:
JAVA_ARGSspecifies any optional java arguments to be passed to the slave. This may be left blank.
JENKINS_SLAVEspecifies the node name for the slave. This is required.
JENKINS_MASTERspecifies the URL for the Jenkins master. This is required.
JENKINS_USERspecifies the Jenkins user used to bind the master to the slave. This is required.
HTTP_PORTspecifies the nonstandard port used to communicate with the Jenkins master. This may be left blank for port 80 (http) or 443 (https). These settings are initially set by the installation script, and only need to be changed if that script is invalidated. The slave must be restarted for changes to take effect.
Adding Developer Certificates
Building application targets for iOS requires that your iPhone Developer certificates be available to the Jenkins slave.
- Export the Certificate and Key from Keychain for your developer profiles.
sudo cp /path/to/exported-keys-and-certificates /var/lib/jenkins
- For each certificate and key:
sudo -i -u jenkins /var/lib/jenkins/security.sh add-apple-certificate --certificate=/var/lib/jenkins/name-of-exported-cert
- Delete the exported certificate file if is not password protected.
Adding Server Certificates
If you decide to secure the Jenkins master, or need to add additional certificates for the slave to trust the Jenkins master, you only need (assuming your service account is "jenkins", and your CA is StartSSL.com) from a command line:
sudo launchctl unload /Library/LaunchDaemons/org.jenkins-ci.slave.jnlp.plist
sudo -i -u jenkins
curl -O http://www.startssl.com/certs/ca.crt
./security.sh add-java-certificate --authority --alias=root-ca --certificate=./ca.crt
curl -O http://www.startssl.com/certs/sub.class1.server.ca.crt
./security.sh add-java-certificate --alias=ca-server --certificate=./sub.class1.server.ca.crt
sudo launchctl load /Library/LaunchDaemons/org.jenkins-ci.slave.jnlp.plist