Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
This branch is 67 commits ahead of chifflier:master.


Ansible connection plugin using ssh + lxc-attach

GitHub Workflow Status GitHub Workflow Status

GitHub Open Issues GitHub Stars GitHub Forks


This plugin allows to use Ansible on a remote server hosting LXC containers, without having to install SSH servers in each LXC container.

The plugin connects to the host using SSH, then uses lxc or lxc-attach to enter the container.

For LXC version 1 this means the SSH connection must login as root, otherwise lxc-attach will fail.

For LXC version 2 this means that the user must either login as root or must be in the lxc group in order to execute the lxc command.


Add to ansible.cfg:

connection_plugins = /path/to/connection_plugins/lxc_ssh

Then, modify your hosts file to use the lxc_ssh transport:

container ansible_host=server ansible_connection=lxc_ssh lxc_host=container

lxc_container=container also works for setting the LXC container name.


This is a fork from the original plugin:

ansible-lxc-ssh by Pierre Chifflier

This fork incorporates a few PRs from the original version, which (April 2017) were never applied. It also works with LXC version 1 (using lxc-*) and LXC version 2 (just using a single lxc binary). The version is autodetected on runtime.

How to create a container

The following is an extract from a Playbook which creates a container. First the hosts.cfg:

web lxc_host=web

The Playbook:

# deploy the container
- hosts: containers
  become: yes
  # the container is not up, nothing to gather here
  gather_facts: False
  # files on the host system are changed,
  # creating multiple containers in parallel might cause a race condition
  serial: 1

  - name: Create LXD Container
    become: True
      name: "{{ inventory_name }}"
      state: started
        type: image
        mode: pull
        protocol: simplestreams
        alias: 16.10/amd64
      profiles: ['default']
      wait_for_ipv4_addresses: true
      timeout: 600
    register: container_setup
    delegate_to: "{{ ansible_host }}"
    #delegate_facts: True

The actual container creation is redirected to the ansible_host, also fact gathering is turned off because the container is not yet live. It might be a good idea to create the containers one by one, hence the serialization. In my case I also setup ssh access and hostname resolution during the container setup - this does not work well when run in parallel for multiple containers.


Ansible connection plugin using ssh + lxc-attach







No releases published


No packages published


  • Python 99.5%
  • Other 0.5%