dkettman
October 24, 2025, 2:50pm
1
Hello,
I am working on some lab building Ansible playbooks and using Incus/LXD for the “hypervisor”. Some of my VMs are Windows machines which I want to use the psrp module to connect to them. This requires setting some variables for these hosts. What I have attempted is this for my inventory:
---
plugin: community.general.lxd
url: unix:/var/lib/incus/unix.socket
type_filter: both
state: RUNNING
groupby:
windows:
type: profile
attribute: windows
ansible_connection: psrp
ansible_user: ansible
ansible_password: --ReDaCtEd--
ubuntu:
type: os
attribute: ubuntu
As you can see, I’m specifying the Incus socket to use rather than the LXD as there is currently no Incus-specific Inventory plugin at this time. Essentially, if they have the ‘windows’ profile added to their container/vm, then they need to have the following defined:
ansible_connection: psrp
ansible_user: ansible
ansible_password: --ReDaCtEd--
Is there another way to make sure the systems in the ‘windows’ group have these defined prior to connection time?
tags
Inventory
LXC/LXD
Incus
Hostvars (? maybe?)
dkettman
October 24, 2025, 3:04pm
2
Still digging into this, it looks like in the lxd.py inventory script in the community.general collection is part of the cause. There is a line (about line 676) where ansible_connection is set to ssh so long as there is a network interface. This does not allow that value to be reassigned prior to running my playbook. If I comment out the offending line in the lxd.py that hard-codes the ansible_connection to be ssh and then set a group var in another static inventory file, it will reassign it.
So at the moment, I have commented out the line hard-coding the value of ansible_connection. I have my lxd.yaml file:
---
plugin: community.general.lxd
url: unix:/var/lib/incus/unix.socket
type_filter: both
state: RUNNING
groupby:
windows:
type: profile
attribute: windows
ubuntu:
type: os
attribute: ubuntu
and my ‘static’ inventory (inventory.yaml):
---
windows:
vars:
ansible_connection: psrp
ansible_user: ansible
ansible_password: --ReDaCtEd--
When I run ansible-inventory -i lxd.yaml -i inventory.yaml --host win2k22, I get:
{
"ansible_connection": "psrp",
"ansible_host": "10.202.124.212",
"ansible_lxd_profile": [
"default",
"windows"
],
"ansible_lxd_project": "default",
"ansible_lxd_state": "running",
"ansible_lxd_type": "virtual-machine",
"ansible_password": "--ReDaCtEd--",
"ansible_user": "ansible"
}
I think what would make the most sense here is to have a defined default if it isn’t overridden. Also, possibly being able to define hostvars in the lxd.yaml file would be nice so I don’t need to make sure the second inventory file is there.
I would appreciate someone confirming that what I’m doing is “correct”. Also, if someone could confirm whether or not in other dynamic inventories if we can define additional variables such as how I initially tried in my first post.
Thanks!
opened 09:22PM - 24 Oct 25 UTC
bug
connection
plugins
### Summary
While using the `community.general.lxd` inventory plugin, I am unab… le to assign any variables group. For instance, here is my lxd.yaml file:
```yaml
---
plugin: community.general.lxd
url: unix:/var/lib/incus/unix.socket
type_filter: both
state: RUNNING
groupby:
windows:
type: profile
attribute: windows
ansible_user: ansible
ansible_password: --ReDaCtEd--
ubuntu:
type: os
attribute: ubuntu
```
I would expect when running `ansible-inventory -i lxd.yaml --list` I would see my `ansible_user` and `ansible_password` variables defined. Instead they seem to be ignored. Output:
```
(ansible) dkettman@desktop:~/ansible$ ansible-inventory -i lxd.yaml --list
{
"_meta": {
"hostvars": {
"amslab-dc01": {
"ansible_host": {
"__ansible_unsafe": "10.202.124.221"
},
"ansible_lxd_os": {
"__ansible_unsafe": "windows"
},
"ansible_lxd_profile": [
{
"__ansible_unsafe": "default"
},
{
"__ansible_unsafe": "windows"
}
],
"ansible_lxd_project": {
"__ansible_unsafe": "default"
},
"ansible_lxd_release": {
"__ansible_unsafe": "server 2022"
},
"ansible_lxd_state": {
"__ansible_unsafe": "running"
},
"ansible_lxd_type": {
"__ansible_unsafe": "virtual-machine"
}
}
},
"profile": "inventory_legacy"
},
"all": {
"children": [
"ungrouped",
"windows",
"ubuntu"
]
},
"windows": {
"hosts": [
"amslab-dc01"
]
}
}
(ansible) dkettman@desktop:~/ansible$
```
I saw in a thread elsewhere for another dynamic inventory to define the groupvars in a static inventory file. When attempting that, I found that it worked for all variables except for the `ansible_connection` variable. I was able to define my other variables, but this one stayed the same.
inventory.yaml:
```yaml
---
windows:
vars:
ansible_connection: psrp
ansible_user: ansible
ansible_password: --ReDaCtEd--
ansible_psrp_cert_validation: ignore
ansible_psrp_protocol: http
```
So when I run `ansible-inventory -i lxd.yaml -i inventory.yaml --list` I now see:
```json
{
"_meta": {
"hostvars": {
"amslab-dc01": {
"ansible_connection": "ssh",
"ansible_host": {
"__ansible_unsafe": "10.202.124.221"
},
"ansible_lxd_os": {
"__ansible_unsafe": "windows"
},
"ansible_lxd_profile": [
{
"__ansible_unsafe": "default"
},
{
"__ansible_unsafe": "windows"
}
],
"ansible_lxd_project": {
"__ansible_unsafe": "default"
},
"ansible_lxd_release": {
"__ansible_unsafe": "server 2022"
},
"ansible_lxd_state": {
"__ansible_unsafe": "running"
},
"ansible_lxd_type": {
"__ansible_unsafe": "virtual-machine"
},
"ansible_password": "--ReDaCtEd--",
"ansible_psrp_cert_validation": "ignore",
"ansible_psrp_protocol": "http",
"ansible_user": "ansible"
}
},
"profile": "inventory_legacy"
},
"all": {
"children": [
"ungrouped",
"windows",
"ubuntu"
]
},
"windows": {
"hosts": [
"amslab-dc01"
]
}
}
```
Note that in the inventory.yaml file, I am specifying that `ansible_connection: psrp` but in my resolved inventory, it is `ansible_connection: ssh`
I found in the `lxd.py` file this:
https://github.com/ansible-collections/community.general/blob/a3987c9844c1afaba4d3234b52b114db0c641240/plugins/inventory/lxd.py#L674C9-L678C86
If I comment out the line setting the ansible_connection statically to 'ssh', I am able to re-assign it. Why would we be statically overriding the connection in this way?
Wasn't sure whether to do a bug or a feature. On one hand, you can't define anything based on the host groups in the dynamic inventory file, so you use a static inventory file. This seems like it could be resolved with a feature request (possibly?). On the other hand is an actual bug: The inventory isn't allowing me to define how to connect to a host just because it is an LXD (or Incus in my case) container/VM.
### Issue Type
Bug Report
### Component Name
lxd
### Ansible Version
```console (paste below)
(ansible) dkettman@desktop:~/ansible$ ansible --version
ansible [core 2.19.3]
config file = /home/dkettman/.ansible.cfg
configured module search path = ['/home/dkettman/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/dkettman/ansible/lib/python3.12/site-packages/ansible
ansible collection location = /home/dkettman/.ansible/collections:/usr/share/ansible/collections
executable location = /home/dkettman/ansible/bin/ansible
python version = 3.12.3 (main, Aug 14 2025, 17:47:21) [GCC 13.3.0] (/home/dkettman/ansible/bin/python3)
jinja version = 3.1.6
pyyaml version = 6.0.3 (with libyaml v0.2.5)
```
### Community.general Version
```console (paste below)
$ ansible-galaxy collection list community.general
# /home/dkettman/.ansible/collections/ansible_collections
Collection Version
----------------- -------
community.general 11.4.0
```
### Configuration
```console (paste below)
(ansible) dkettman@desktop:~/ansible$ ansible-config dump --only-changed
CONFIG_FILE() = /home/dkettman/.ansible.cfg
EDITOR(env: EDITOR) = /usr/bin/vim
HOST_KEY_CHECKING(/home/dkettman/.ansible.cfg) = False
GALAXY_SERVERS:
```
### OS / Environment
Control Node: Ubuntu 24.04 LTS
Client Node: Windows Server 2022 (psrp connection)
### Steps to Reproduce
While everything is in the description, the "bug" portion of this is that I am unable to "override" the connection type when using the lxd inventory as written.
lxd.yaml:
```yaml
---
plugin: community.general.lxd
url: unix:/var/lib/incus/unix.socket
type_filter: both
state: RUNNING
groupby:
windows:
type: profile
attribute: windows
ansible_user: ansible
ansible_password: --ReDaCtEd--
ubuntu:
type: os
attribute: ubuntu
```
inventory.yaml:
```yaml
---
windows:
vars:
ansible_connection: psrp
ansible_user: ansible
ansible_password: --ReDaCtEd--
ansible_psrp_cert_validation: ignore
ansible_psrp_protocol: http
```
### Expected Results
I expected my `ansible_connection` value for hosts in the 'windows' host group to have the `ansible_connection` value set per my inventory.yaml file.
### Actual Results
```console (paste below)
(ansible) dkettman@desktop:~/ansible$ ansible-inventory -i lxd.yaml -i inventory.yaml --list
{
"_meta": {
"hostvars": {
"amslab-dc01": {
"ansible_connection": {
"__ansible_unsafe": "ssh"
},
"ansible_host": {
"__ansible_unsafe": "10.202.124.221"
},
"ansible_lxd_os": {
"__ansible_unsafe": "windows"
},
"ansible_lxd_profile": [
{
"__ansible_unsafe": "default"
},
{
"__ansible_unsafe": "windows"
}
],
"ansible_lxd_project": {
"__ansible_unsafe": "default"
},
"ansible_lxd_release": {
"__ansible_unsafe": "server 2022"
},
"ansible_lxd_state": {
"__ansible_unsafe": "running"
},
"ansible_lxd_type": {
"__ansible_unsafe": "virtual-machine"
},
"ansible_password": "New123Pass!!",
"ansible_psrp_cert_validation": "ignore",
"ansible_psrp_protocol": "http",
"ansible_user": "ansible"
}
},
"profile": "inventory_legacy"
},
"all": {
"children": [
"ungrouped",
"windows",
"ubuntu"
]
},
"windows": {
"hosts": [
"amslab-dc01"
]
}
}
```
### Code of Conduct
- [x] I agree to follow the Ansible Code of Conduct
TLDR: Right now it’s not possible, the plugin doesn’t implement the Constructed interface.