I’m trying to configure lxc containers via ansible running on a remote host. I have ssh access to the remote host, but inside the containers there are no ssh services running. There is a lxc connection plugin that handle access to the containers via lxc-attach but it seems that this works only on the lxc-host.
There is also third party plugin (https://github.com/chifflier/ansible-lxc-ssh) that should to this via an ssh connection, but it does not work (was written for ansible 2.0 with last update over 11 months ago) and also need direct root access to the remote machine (no sudo after ssh connect). So this is also no option.
Is there a way for the built in lxc connector to be used remote?
I could manage the config for all containers in a git repo and use ansible in my local machine to trigger “git pull” and “ansible-playbook runs” on the remote lxc-host to configure the containers, but it would be nice if there’s a simpler way to do this.
Is there any particular reason you don’t want have ssh inside the container at least initially? You can always disable it after you’re done with initial configuration.
Running a bunch of sshd on a single host in every container just for automation is the opposite to the lightweight idea of ansible. Currently the host has lxc installed, so the lxd connection will not work because it uses “lxc exec” instead of “lxc-attach” to run commands.
I will give lxd a try on a new host to check if this will solve my problem at least for new lxd(c) hosts.
It is, furthermore, illogical and causes a chicken-egg-problem:
Depends on what you define as 'containers'.
I have multiple containers running on my hosts, and all have sshd
running. Thus I can manage them like normal machines. No matter if
this is a VM or a container or a real machine. The same things apply.
But of course, your mileage my vary.
How would one install an sshd with ansible, if ansible requires an
sshd to be present?
Exactly as you would create the container, by starting the task from
the host. As this is a one time thing I do not consider this a major
problem. Idempotency is slightly harder, but solvable.
One could argue that if you run lxc/lxd you’re after system-like functionality (and not docker-style containers) hence you treat it the same way you’d treat a VM.
One easy way of installing ssh inside a container is to use images with cloud-init.