Ansible fails when run from docker agent in the Jenkins pipeline

Question

I'm trying to deploy a build via Jenkins pipeline using agent docker and Ansible playbook but it fails on Gathering Facts stage as shown below:

TASK [Gathering Facts] *********************************************************
fatal: [destination.box.local]: UNREACHABLE! => {"changed": false, "msg": "argument must be an int, or have a fileno() method.", "unreachable": true}

Similar Jenkins pipeline using agent any and Ansible not from docker (local installation) will do the job w/o any hiccups.

Agent section from Jenkins pipeline looks like:

   agent {
      docker {
         image 'artifactory.devbox.local/docker-local/myrepo/jdk8:latest'
         args '-v $HOME/.m2:/root/.m2 -v /etc/ansible:/etc/ansible -v $HOME/.ansible/tmp:/.ansible/tmp -v $HOME/.ssh:/root/.ssh'
      }
   }

Any thought what I need to add to it to let Ansible run a playbook?

PS.

After adding ansible_ssh_common_args='-o StrictHostKeyChecking=no' to the Ansible inventory (or setting host_key_checking = False in the config) I have got that error:

TASK [Gathering Facts] *********************************************************
fatal: [destination.box.local]: UNREACHABLE! => {"changed": false, "msg": "'getpwuid(): uid not found: 700'", "unreachable": true}
fatal: [ansible_ssh_common_args=-o StrictHostKeyChecking=no]: UNREACHABLE! => {"changed": false, "msg": "[Errno -3] Try again", "unreachable": true}

Answer 1

In my case it ended up that Jenkins was running docker agent with specific UID and GID. To get that fixed it required to rebuild that docker image with creating internal Jenkins user with the same UID and GID

For that purpose on top of the Jenkinsfile to crate that docker image I have added:

def user_id
def group_id
node {
   user_id = sh(returnStdout: true, script: 'id -u').trim()
   group_id = sh(returnStdout: true, script: 'id -g').trim()
}

and then during the build stage I have passed additional arguments to the docker as

--build-arg JenkinsUserId=${user_id} --build-arg JenkinsGroupId=${group_id}

then in the Dockerfile for that build:

FROM alpine:latest

#pick up provided ARGs for the bild

ARG JenkinsUserId
ARG JenkinsGroupId

//do your stuff here

#create Ansible config directory
RUN set -xe \
    && mkdir -p /etc/ansible

#create Ansible tmp directory
RUN set -xe \
    && mkdir -p /.ansible/tmp

#set ANSIBLE_LOCAL_TEMP
ENV ANSIBLE_LOCAL_TEMP /.ansible/tmp

#create Ansible cp directory
RUN set -xe \
    && mkdir -p /.ansible/cp

#set ANSIBLE_SSH_CONTROL_PATH_DIR
ENV ANSIBLE_SSH_CONTROL_PATH_DIR /.ansible/cp

# Create Jenkins group and user
RUN if ! id $JenkinsUserId; then \
    groupadd -g ${JenkinsGroupId} jenkins; \
    useradd jenkins -u ${JenkinsUserId} -g jenkins --shell /bin/bash --create-home; \
  else \
    addgroup --gid 1000 -S jenkins && adduser --uid 1000 -S jenkins -G jenkins; \
  fi

RUN addgroup jenkins root

# Tell docker that all future commands should run as the appuser user
USER jenkins

and finally update docker agent for the main pipeline which had issue:

   agent {
      docker {
         image 'artifactory.devbox.local/docker-local/myrepo/jdk8:latest'
         args '-v $HOME/.m2:/root/.m2 -v $HOME/.ssh:/home/jenkins/.ssh  -v /etc/ansible:/etc/ansible -v $HOME/.ansible/tmp:/.ansible/tmp -v $HOME/.ansible/cp:/.ansible/cp'
      }
   }