kjh/ansible-lxc-ssh

Fork 0

Ansible connection plugin using ssh + lxc-attach This repo gets mirrored to github: https://github.com/usbpc/ansible-lxc-ssh

Python 99.5%
Jinja 0.4%
Makefile 0.1%

Find a file

Kevin Holm fd30c4a0ba Some checks failed LXC ssh test / Check the PR (ubuntu user) (push) Has been cancelled Details LXC ssh test / Check the PR (ubuntu user)-1 (push) Has been cancelled Details LXC ssh test / Check the PR (ubuntu user)-2 (push) Has been cancelled Details LXC ssh test / Check the PR (ubuntu user)-3 (push) Has been cancelled Details LXC ssh test / Check the PR (ubuntu user)-4 (push) Has been cancelled Details LXC ssh test / Check the PR (ubuntu user)-5 (push) Has been cancelled Details LXC ssh test / Check the PR (ubuntu user)-6 (push) Has been cancelled Details LXC ssh test / Check the PR (ubuntu user)-7 (push) Has been cancelled Details LXC ssh test / Check the PR (ubuntu user)-8 (push) Has been cancelled Details LXC ssh test / Check the PR (ubuntu user)-9 (push) Has been cancelled Details LXC ssh test / Check the PR (ubuntu user)-10 (push) Has been cancelled Details LXC ssh test / Check the PR (ubuntu user)-11 (push) Has been cancelled Details LXC ssh test / Check the PR (ubuntu user)-12 (push) Has been cancelled Details LXC ssh test / Check the PR (ubuntu user)-13 (push) Has been cancelled Details Lint / lint (push) Failing after 24s Details Updated README		2026-05-25 18:09:55 +02:00
.github	Update test matrix with Ubuntu 24.04 (#62 )	2025-05-03 02:10:06 +02:00
tests	Define _sshpass_available (fixes #46 ) (#47 )	2022-04-23 23:19:50 +02:00
.gitignore	Gitignore for *.pyc	2019-12-22 07:46:04 +03:00
ansible.mk	Add makefile for ansible-base	2017-09-21 02:08:07 +02:00
lxc_ssh.py	Added host_become_method parameter to allow the use of sudo	2026-05-25 18:01:45 +02:00
pyproject.toml	black re-formatter: line-length = 89	2021-05-20 09:43:41 +02:00
README.md	Updated README	2026-05-25 18:09:55 +02:00

README.md

ansible-lxc-ssh

Ansible connection plugin using ssh + lxc-attach

Description

This plugin allows to use Ansible on a remote server hosting LXC containers, without having to install SSH servers in each LXC container.

The plugin connects to the host using SSH, then uses lxc or lxc-attach to enter the container.

For LXC version 1 this means the SSH connection must login as root, otherwise lxc-attach will fail.

For LXC version 2 this means that the user must either login as root or must be in the lxc group in order to execute the lxc command.

If you are looking for Proxmox support, there's a fork: ansible-pct-ssh:

Configuration

Add to ansible.cfg:

[defaults]
connection_plugins = /path/to/connection_plugins/lxc_ssh

Then, modify your hosts file to use the lxc_ssh transport:

container ansible_host=server ansible_connection=lxc_ssh lxc_host=container

lxc_container=container also works for setting the LXC container name.

Fork

This is a fork from the forked plugin plugin:

ansible-lxc-ssh by Andreas Scherbaum

This fork adds the option host_become_method. It is inspired by the proxmox_become_method parameter from proxmox_pct_remote connection plugin.

The default for host_become_method is an empty string and dosen't change the behaviour of the plugin at all. Setting it to sudo prefixes all lxc-attach commands with sudo.

For it to work the user ansible connects with needs to have password less access to execute sudo lxc-attach. Assuming the connection user is ansible this can be configured using the following task:

- name: Add sudoers entry for ansible user
  ansible.builtin.copy:
    content: 'ansible ALL = (root) NOPASSWD: /usr/bin/lxc-attach'
    dest: /etc/sudoers.d/ansible_lxc
    owner: root
    group: root
    mode: '0440'

How to create a container

The following is an extract from a Playbook which creates a container. First the hosts.cfg:

[containers]
web ansible_host=physical.host lxc_host=web host_become_method=sudo

The Playbook:

# deploy the container
- hosts: containers
  become: yes
  # the container is not up, nothing to gather here
  gather_facts: False
  # files on the host system are changed,
  # creating multiple containers in parallel might cause a race condition
  serial: 1

  tasks:
  - name: Create LXD Container
    become: True
    lxd_container:
      name: "{{ inventory_name }}"
      state: started
      source:
        type: image
        mode: pull
        server: https://cloud-images.ubuntu.com/releases
        protocol: simplestreams
        alias: 16.10/amd64
      profiles: ['default']
      wait_for_ipv4_addresses: true
      timeout: 600
    register: container_setup
    delegate_to: "{{ ansible_host }}"
    #delegate_facts: True

The actual container creation is redirected to the ansible_host, also fact gathering is turned off because the container is not yet live. It might be a good idea to create the containers one by one, hence the serialization. In my case I also setup ssh access and hostname resolution during the container setup - this does not work well when run in parallel for multiple containers.