Hi,
I want to manage a docker container or docker compose inside an Incus container from Ansible control machine ( laptop ) using Ansible, what are the tools that i need and what is the appropriate approach to do so.
If you run sshd inside every incus container then it’s completely transparent: ansible manages them just like any other virtual machine.
In the past, I’ve also configured ansible to use the lxd protocol - which means you don’t have to set up ssh authentication to each individual container, but you instead you talk to the outer host where lxd (or now incus) is running.
Although it worked, it was to be honest a bit of a mess. The module which you used to create and destroy lxd containers used the lxd API directly (so you had to give the host URL and configure certificates within ansible); but the connection plugin which executed ansible tasks inside an lxd container worked by shelling out to the lxc command line (which meant you had to use named remotes in ~/.config/lxc or snap/lxd/common/config/).
I’ve never attempted this in incus, but it looks like that at least the connection plugin is available.
Unless you have very large numbers of incus containers, I think your life will be much easier if you use ssh.
From what I’ve dealt with, Ansible’s Incus connection interacts with the Incus client, so whatever user Ansible is running as, you need to have the Incus client configured in the Ansible user’s context with the appropriate remotes. This means you could have a separate account for Ansible and it have it’s own client certs for Incus.
As Brian said it gets you into the command line level in the instance. You can even set up Swarms by getting join tokens, worker/manager, create secrets etc… as for the compose file you’ll have to get it there through other means I think, but you could still use Ansible Incus connection to get the instance to pull fro a repo.