Ubuntu tomcat9 Jenkins setup issue

Question

I have been trying to install Jenkins on tomcat9 but when I go for the first time on http://myip:8080/jenkins to finish the setup; I have the the following error:

java.io.IOException: Read-only file system
    at java.io.UnixFileSystem.createFileExclusively(Native Method)
    at java.io.File.createTempFile(File.java:2026)
    at hudson.util.AtomicFileWriter.<init>(AtomicFileWriter.java:142)
Caused: java.io.IOException: Failed to create a temporary file in /var/lib/jenkins
    at hudson.util.AtomicFileWriter.<init>(AtomicFileWriter.java:144)
    at hudson.util.AtomicFileWriter.<init>(AtomicFileWriter.java:109)
    at hudson.util.AtomicFileWriter.<init>(AtomicFileWriter.java:84)
    at hudson.util.AtomicFileWriter.<init>(AtomicFileWriter.java:74)
    at hudson.util.TextFile.write(TextFile.java:116)
    at jenkins.model.Jenkins.<init>(Jenkins.java:910)
    at hudson.model.Hudson.<init>(Hudson.java:85)
    at hudson.model.Hudson.<init>(Hudson.java:81)
    at hudson.WebAppMain$3.run(WebAppMain.java:262)
Caused: hudson.util.HudsonFailedToLoad
    at hudson.WebAppMain$3.run(WebAppMain.java:279)

First: Tomcat9 is working well, I can access it locally or remortly I have created /var/lib/jenkins which is owned by jenkins (unix user I have created), I have even setup the permission to 777.

Second: if i run the war in command line 'java -jar jankins.war" ( I have exported JENKINS_HOME=/var/lib/jenkins before), then jenkins works correctly. So the war is not corrupt.

third: on tomcat, I have modified the context.xml to set up JENKINS_HOME to /var/lib/jenkins, it is working as you can see the above error (5th line). Then in context.xml I have tried to setup JENKINS_USER to several different users (jenkins, tomcat, root etc) , I tried different ownership for /var/lib/jenkins (and group as well).

here is my context.xml:

<Context>
    <Environment name="JENKINS_HOME" value="/var/lib/jenkins" type="java.lang.String" />
    <Environment name="JENKINS_USER" value="jenkins" type="java.lang.String" />
    <!-- Default set of monitored resources. If one of these changes, the    -->
    <!-- web application will be reloaded.                                   -->
    <WatchedResource>WEB-INF/web.xml</WatchedResource>
    <WatchedResource>WEB-INF/tomcat-web.xml</WatchedResource>
    <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
    <!-- Uncomment this to disable session persistence across Tomcat restarts -->
    <!--
    <Manager pathname="" />
    -->
</Context>

But nothing is working, it looks like JENKINS_USER is not taken into account and/or whatever I do the directory is read-only ....

NB: as I have read there might be some issues with JDK version, so I have tried with open-jdk-11 (at the beginning) then with open-jdk-8

Has anyone face this issue ?

Answer 1

If you run tomcat9 from the Ubuntu repositories, it will run as the unix user tomcat. Providing access to a user jenkins won't give permissions to tomcat. And just defining arbitrary environment variables (JENKINS_HOME, JENKINS_USER) won't make a web application magically change its identity.

All web applications in tomcat run as the same user, and that's the one that you need to provide access to.

Also, notice that Debian's Tomcat runs in a sandboxed environment (see this answer to a relevant question), so you'll need to work on the sandbox environment in addition to the owner of the files/process.