jenkins docker plugin in pipeline use -u flag, how is possible to not using

问题

I'm using jenkins version 2.89.1 with docker plugin. In a stage of declarative pipeline I launch a docker container with ansible 2.4.x installed in order to run some playbooks as follow:

     agent {
            docker {
                image 'myself/ansible:1.0.3'
                registryUrl 'https://my-artifactory-pro'
                registryCredentialsId 'my-credentials'
                args '-v /var/lib/jenkins/workspace/myworkspace:/tmp/' +
                        ' -v /var/lib/jenkins/.ssh:/root/.ssh'
            }
        }
    steps {

            echo 'Deploying Ansible Server via docker image'
            sh "ansible-playbook -i /tmp/my-inventories-path/ 
                 /my-playbooks/teardown.yaml "+
                 "--extra-vars 'platform=ec2 
                        aws_access_key=${AWS_ACCESS_KEY_ID} 
                        aws_secret_key=${AWS_SECRET_ACCESS_KEY} "+
                  " eip_bastion_host=${EIP_BASTION_HOST} 
                    eip_load_balancer=${EIP_LOAD_BALANCER} '"
    }

The pipeline manages to spin the docker container and tries to execute the ansible playbook, but I'm facing the following issue:

+ ansible-playbook -i /tmp/my-inventories/ /tmp/my-playbooks/teardown.yaml --extra-vars platform=ec2 aws_access_key=**** aws_secret_key=****  eip_bastion_host=X.X.X.X eip_load_balancer=X.X.X.X 
 [WARNING]: Unable to set correct type for configuration entry:
DEFAULT_LOCAL_TMP

PLAY [localhost] ***************************************************************

TASK [install_python_pip : Create pip folder] **********************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: KeyError: 'getpwuid(): uid not found: 112'
fatal: [localhost]: FAILED! => {"msg": "Unexpected failure during module execution.", "stdout": ""}
    to retry, use: --limit @/tmp/my-playbooks/teardown.retry

PLAY RECAP *********************************************************************
localhost                  : ok=0    changed=0    unreachable=0    failed=1 

Looking at the Jenkins log I see that when it spins the docker container it launches in the following way:

docker run -t -d -u 112:116 -v /var/lib/jenkins/workspace/my-workspace --entrypoint cat myself/ansible:1.0.3

where the 112 is the jenkins uid and the 116 is the jenkins gid.

If I launch the same ansible playbook in the same container started manually without the -u flag it works properly.

Then is it possible to launch the container without that -u flag ??? And why is considered that the docker container should have the same uid & gid of the jenkins server ?

Thanks a lot in advance Marco

回答1:

By default, when the user is not specified, docker lauches the container with the user defined in the dockerfile which if not specified is root. You can try to force the default user by passing it:

args '-u root:root -v /var/lib/jenkins/workspace/myworkspace:/tmp/' +
                        ' -v /var/lib/jenkins/.ssh:/root/.ssh'

来源：https://stackoverflow.com/questions/47812815/jenkins-docker-plugin-in-pipeline-use-u-flag-how-is-possible-to-not-using