Incus agent from the container

aguy · June 4, 2025, 3:06pm

I noticed that incus uses this socket

root@zzz:~# file /dev/incus/sock 
/dev/incus/sock: socket

The older agent is gone?

root@zzz:~# ps aux | grep -E '[i]ncus-agent|[l]xd-agent'
root@zzz:~# ss -lx | grep -E 'incus-agent|lxd-agent'
root@zzz:~# netstat -lx | grep -E 'incus-agent|lxd-agent'
root@zzz:~# ls -l /dev/lxd/sock
ls: cannot access '/dev/lxd/sock': No such file or directory
root@zzz:~#

I want to create a health check that can return some data that i can write some volatile data that I can query to check the health of my running containers.

If there are updated workflows other that having a custom script that writes some data to the socket, please point me in the right direction.

stgraber · June 4, 2025, 4:24pm

Containers don’t run the agent, only VMs do.

aguy · June 4, 2025, 4:54pm

Any suggested ways to move forward on my end?

stgraber · June 4, 2025, 4:55pm

Incus doesn’t allow the guests to write stuff back to the host, that’d be pretty bad from a security standpoint, so I’m not sure exactly what you’re trying to do with the guest api socket.

aguy · June 4, 2025, 5:57pm

a way to get status update on the state of the running container.

stgraber · June 4, 2025, 6:00pm

The only thing the guest can toggle is the ready state through /dev/incus/sock, basically allows the container to set its state to either running (default) or ready (optional status).

We don’t expose any other API back to the host which the container can use to send state.

aguy · June 4, 2025, 6:22pm

Thats what I am asking about.

Do you have a suggested way where the host can query the container? Do I have to incus exec on a container to go in and possibly read a file i log in the container?

stgraber · June 4, 2025, 6:23pm

The two options are either through exec or through reading files using the file API.

So incus exec or incus file pull.