remote access to lxc containers on lxc-host without ssh inside the containers
931 views
Skip to first unread message
Mario Keller
Jan 24, 2017, 6:31:41 PM1/24/17
to Ansible Project
Hello,
I'm trying to configure lxc containers via ansible running on a remote host. I have ssh access to the remote host, but inside the containers there are no ssh services running. There is a lxc connection plugin that handle access to the containers via lxc-attach but it seems that this works only on the lxc-host.
There is also third party plugin (https://github.com/chifflier/ansible-lxc-ssh) that should to this via an ssh connection, but it does not work (was written for ansible 2.0 with last update over 11 months ago) and also need direct root access to the remote machine (no sudo after ssh connect). So this is also no option.
Is there a way for the built in lxc connector to be used remote?
I could manage the config for all containers in a git repo and use ansible in my local machine to trigger "git pull" and "ansible-playbook runs" on the remote lxc-host to configure the containers, but it would be nice if there's a simpler way to do this.
Brian Coca
Jan 24, 2017, 7:19:14 PM1/24/17
to ansible...@googlegroups.com
look at lxd connection plugin, IIRc it allows for remote connections
----------
Brian Coca
Pshem Kowalczyk
Jan 24, 2017, 7:19:56 PM1/24/17
to Ansible Project
Is there any particular reason you don't want have ssh inside the container at least initially? You can always disable it after you're done with initial configuration.
kind regards
Pshem
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8a172e53-babd-42e0-94c9-97672eaa69e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Johannes Kastl
Jan 25, 2017, 2:34:34 AM1/25/17
to ansible...@googlegroups.com
On 25.01.17 01:19 Pshem Kowalczyk wrote:
> Is there any particular reason you don't want have ssh inside the container
> at least initially? You can always disable it after you're done with
> initial configuration.
+1 for installing ssh in the container.
> Is there any particular reason you don't want have ssh inside the container
> at least initially? You can always disable it after you're done with
> initial configuration.
And use the host as a jumphost (ProxyCommand in ~/.ssh/config).
Johannes
Mario Keller
Jan 25, 2017, 11:56:22 AM1/25/17
to Ansible Project
Running a bunch of sshd on a single host in every container just for automation is the opposite to the lightweight idea of ansible. Currently the host has lxc installed, so the lxd connection will not work because it uses "lxc exec" instead of "lxc-attach" to run commands.
I will give lxd a try on a new host to check if this will solve my problem at least for new lxd(c) hosts.
Hadmut Danisch
Jan 25, 2017, 12:14:07 PM1/25/17
to Ansible Project
Am Mittwoch, 25. Januar 2017 17:56:22 UTC+1 schrieb Mario Keller:
Running a bunch of sshd on a single host in every container just for automation is the opposite to the lightweight idea of ansible.
It is, furthermore, illogical and causes a chicken-egg-problem:
How would one install an sshd with ansible, if ansible requires an sshd to be present?
Johannes Kastl
Jan 25, 2017, 1:19:44 PM1/25/17
to ansible...@googlegroups.com
On 25.01.17 18:14 'Hadmut Danisch' via Ansible Project wrote:
> It is, furthermore, illogical and causes a chicken-egg-problem:
Depends on what you define as 'containers'.
> It is, furthermore, illogical and causes a chicken-egg-problem:
I have multiple containers running on my hosts, and all have sshd
running. Thus I can manage them like normal machines. No matter if
this is a VM or a container or a real machine. The same things apply.
But of course, your mileage my vary.
> How would one install an sshd with ansible, if ansible requires an
> sshd to be present?
the host. As this is a one time thing I do not consider this a major
problem. Idempotency is slightly harder, but solvable.
Johannes
Pshem Kowalczyk
Jan 25, 2017, 1:29:31 PM1/25/17
to ansible...@googlegroups.com
One could argue that if you run lxc/lxd you're after system-like functionality (and not docker-style containers) hence you treat it the same way you'd treat a VM.
One easy way of installing ssh inside a container is to use images with cloud-init.
kind regards
Pshem
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/412b1002-811a-4acf-a0fc-6c1d9776efa4%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages