LXD Inventory does not take defined variables

[dkettman]

Summary

While using the community.general.lxd inventory plugin, I am unable to assign any variables group. For instance, here is my lxd.yaml file:

---
plugin: community.general.lxd
url: unix:/var/lib/incus/unix.socket
type_filter: both
state: RUNNING
groupby:
  windows:
    type: profile
    attribute: windows
    ansible_user: ansible
    ansible_password: --ReDaCtEd--
  ubuntu:
    type: os
    attribute: ubuntu

I would expect when running ansible-inventory -i lxd.yaml --list I would see my ansible_user and ansible_password variables defined. Instead they seem to be ignored. Output:

(ansible) dkettman@desktop:~/ansible$ ansible-inventory -i lxd.yaml --list
{
    "_meta": {
        "hostvars": {
            "amslab-dc01": {
                "ansible_host": {
                    "__ansible_unsafe": "10.202.124.221"
                },
                "ansible_lxd_os": {
                    "__ansible_unsafe": "windows"
                },
                "ansible_lxd_profile": [
                    {
                        "__ansible_unsafe": "default"
                    },
                    {
                        "__ansible_unsafe": "windows"
                    }
                ],
                "ansible_lxd_project": {
                    "__ansible_unsafe": "default"
                },
                "ansible_lxd_release": {
                    "__ansible_unsafe": "server 2022"
                },
                "ansible_lxd_state": {
                    "__ansible_unsafe": "running"
                },
                "ansible_lxd_type": {
                    "__ansible_unsafe": "virtual-machine"
                }
            }
        },
        "profile": "inventory_legacy"
    },
    "all": {
        "children": [
            "ungrouped",
            "windows",
            "ubuntu"
        ]
    },
    "windows": {
        "hosts": [
            "amslab-dc01"
        ]
    }
}
(ansible) dkettman@desktop:~/ansible$

I saw in a thread elsewhere for another dynamic inventory to define the groupvars in a static inventory file. When attempting that, I found that it worked for all variables except for the ansible_connection variable. I was able to define my other variables, but this one stayed the same.

inventory.yaml:

---
windows:
  vars:
    ansible_connection: psrp
    ansible_user: ansible
    ansible_password: --ReDaCtEd--
    ansible_psrp_cert_validation: ignore
    ansible_psrp_protocol: http

So when I run ansible-inventory -i lxd.yaml -i inventory.yaml --list I now see:

{
    "_meta": {
        "hostvars": {
            "amslab-dc01": {
                "ansible_connection": "ssh",
                "ansible_host": {
                    "__ansible_unsafe": "10.202.124.221"
                },
                "ansible_lxd_os": {
                    "__ansible_unsafe": "windows"
                },
                "ansible_lxd_profile": [
                    {
                        "__ansible_unsafe": "default"
                    },
                    {
                        "__ansible_unsafe": "windows"
                    }
                ],
                "ansible_lxd_project": {
                    "__ansible_unsafe": "default"
                },
                "ansible_lxd_release": {
                    "__ansible_unsafe": "server 2022"
                },
                "ansible_lxd_state": {
                    "__ansible_unsafe": "running"
                },
                "ansible_lxd_type": {
                    "__ansible_unsafe": "virtual-machine"
                },
                "ansible_password": "--ReDaCtEd--",
                "ansible_psrp_cert_validation": "ignore",
                "ansible_psrp_protocol": "http",
                "ansible_user": "ansible"
            }
        },
        "profile": "inventory_legacy"
    },
    "all": {
        "children": [
            "ungrouped",
            "windows",
            "ubuntu"
        ]
    },
    "windows": {
        "hosts": [
            "amslab-dc01"
        ]
    }
}

Note that in the inventory.yaml file, I am specifying that ansible_connection: psrp but in my resolved inventory, it is ansible_connection: ssh

I found in the lxd.py file this:

https://github.com/ansible-collections/community.general/blob/a3987c9844c1afaba4d3234b52b114db0c641240/plugins/inventory/lxd.py#L674C9-L678C86

If I comment out the line setting the ansible_connection statically to 'ssh', I am able to re-assign it. Why would we be statically overriding the connection in this way?

Wasn't sure whether to do a bug or a feature. On one hand, you can't define anything based on the host groups in the dynamic inventory file, so you use a static inventory file. This seems like it could be resolved with a feature request (possibly?). On the other hand is an actual bug: The inventory isn't allowing me to define how to connect to a host just because it is an LXD (or Incus in my case) container/VM.

Issue Type

Bug Report

Component Name

lxd

Ansible Version

(ansible) dkettman@desktop:~/ansible$ ansible --version
ansible [core 2.19.3]
  config file = /home/dkettman/.ansible.cfg
  configured module search path = ['/home/dkettman/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/dkettman/ansible/lib/python3.12/site-packages/ansible
  ansible collection location = /home/dkettman/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/dkettman/ansible/bin/ansible
  python version = 3.12.3 (main, Aug 14 2025, 17:47:21) [GCC 13.3.0] (/home/dkettman/ansible/bin/python3)
  jinja version = 3.1.6
  pyyaml version = 6.0.3 (with libyaml v0.2.5)

Community.general Version

$ ansible-galaxy collection list community.general

# /home/dkettman/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 11.4.0 

Configuration

(ansible) dkettman@desktop:~/ansible$ ansible-config dump --only-changed
CONFIG_FILE() = /home/dkettman/.ansible.cfg
EDITOR(env: EDITOR) = /usr/bin/vim
HOST_KEY_CHECKING(/home/dkettman/.ansible.cfg) = False

GALAXY_SERVERS:

OS / Environment

Control Node: Ubuntu 24.04 LTS
Client Node: Windows Server 2022 (psrp connection)

Steps to Reproduce

While everything is in the description, the "bug" portion of this is that I am unable to "override" the connection type when using the lxd inventory as written.
lxd.yaml:

---
plugin: community.general.lxd
url: unix:/var/lib/incus/unix.socket
type_filter: both
state: RUNNING
groupby:
  windows:
    type: profile
    attribute: windows
    ansible_user: ansible
    ansible_password: --ReDaCtEd--
  ubuntu:
    type: os
    attribute: ubuntu

inventory.yaml:

---
windows:
  vars:
    ansible_connection: psrp
    ansible_user: ansible
    ansible_password: --ReDaCtEd--
    ansible_psrp_cert_validation: ignore
    ansible_psrp_protocol: http

Expected Results

I expected my ansible_connection value for hosts in the 'windows' host group to have the ansible_connection value set per my inventory.yaml file.

Actual Results

(ansible) dkettman@desktop:~/ansible$ ansible-inventory -i lxd.yaml -i inventory.yaml --list
{
    "_meta": {
        "hostvars": {
            "amslab-dc01": {
                "ansible_connection": {
                    "__ansible_unsafe": "ssh"
                },
                "ansible_host": {
                    "__ansible_unsafe": "10.202.124.221"
                },
                "ansible_lxd_os": {
                    "__ansible_unsafe": "windows"
                },
                "ansible_lxd_profile": [
                    {
                        "__ansible_unsafe": "default"
                    },
                    {
                        "__ansible_unsafe": "windows"
                    }
                ],
                "ansible_lxd_project": {
                    "__ansible_unsafe": "default"
                },
                "ansible_lxd_release": {
                    "__ansible_unsafe": "server 2022"
                },
                "ansible_lxd_state": {
                    "__ansible_unsafe": "running"
                },
                "ansible_lxd_type": {
                    "__ansible_unsafe": "virtual-machine"
                },
                "ansible_password": "New123Pass!!",
                "ansible_psrp_cert_validation": "ignore",
                "ansible_psrp_protocol": "http",
                "ansible_user": "ansible"
            }
        },
        "profile": "inventory_legacy"
    },
    "all": {
        "children": [
            "ungrouped",
            "windows",
            "ubuntu"
        ]
    },
    "windows": {
        "hosts": [
            "amslab-dc01"
        ]
    }
}

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[ansibullbot]

Files identified in the description:

• plugins/connection/lxd.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @mattclay
click here for bot help

[dkettman]

Not sure if there is something different for the Inventory plugin vs. the Connection plugin, but this is for the Inventory Plugin

[felixfontein]

!component =plugins/inventory/lxd.py

[ansibullbot]

Files identified in the description:

• plugins/inventory/lxd.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @conloos
click here for bot help

[felixfontein]

The fields ansible_user and ansible_password in

groupby:
  windows:
    type: profile
    attribute: windows
    ansible_user: ansible
    ansible_password: --ReDaCtEd--

have no effect and are ignored. The only supported keys in groupby[name] are type and attribute.

The plugin doesn't support the constructed interface, so you cannot define arbitrary variables.

[dkettman]

Ok, that explains why that was behaving that way. As for the hard coded ansible_connection, that does seem like something I should be able to override in practice, correct?

[felixfontein]

That depends on the plugin. This one doesn't seem to allow it.

[victorbrca]

I'm adding to this open bug instead of creating a new one, as to me, it looks like the ansible_connection precedence is not being respected when using the inventory plugin.

I'm experiencing the same issue. I'm able to specify ansible_connection: lxd with extra-vars, in inventory/host_vars, or in the playbook, but not in inventory/group_vars:

ansible.cfg

[defaults]
inventory      = ./inventory/lxd.yml
remote_tmp = /tmp/.ansible/tmp
roles_path    = ./roles
forks = 10
nocows = 1
retry_files_enabled = False
stdout_callback = debug

inventory/lxd.yml

plugin: community.general.lxd
url: unix:/var/snap/lxd/common/lxd/unix.socket
type_filter: both

groupby:
  ubuntu:
    type: os
    attribute: ubuntu

inventory/group_vars/all.yml

---
ansible_connection: lxd

$ ansible-inventory --host ubuntu-2404
{
    "ansible_connection": "ssh",
    "ansible_host": "10.48.212.128",
    "ansible_lxd_os": "ubuntu",
    "ansible_lxd_profile": [
        "default"
    ],
    "ansible_lxd_project": "default",
    "ansible_lxd_release": "noble",
    "ansible_lxd_state": "running",
    "ansible_lxd_type": "virtual-machine"
}

$ ansible-inventory --host ubuntu-2404 -e 'ansible_connection=lxd'
{
    "ansible_connection": "lxd",
    "ansible_host": "10.48.212.128",
    "ansible_lxd_os": "ubuntu",
    "ansible_lxd_profile": [
        "default"
    ],
    "ansible_lxd_project": "default",
    "ansible_lxd_release": "noble",
    "ansible_lxd_state": "running",
    "ansible_lxd_type": "virtual-machine"
}

Create inventory/ubuntu-2404.yml

---
ansible_connection: lxd

$ ansible-inventory --host ubuntu-2404
{
    "ansible_connection": "lxd",
    "ansible_host": "10.48.212.128",
    "ansible_lxd_os": "ubuntu",
    "ansible_lxd_profile": [
        "default"
    ],
    "ansible_lxd_project": "default",
    "ansible_lxd_release": "noble",
    "ansible_lxd_state": "running",
    "ansible_lxd_type": "virtual-machine"
}

[felixfontein]

I'm adding to this open bug instead of creating a new one, as to me, it looks like the ansible_connection precedence is not being respected when using the inventory plugin.

Could you please clarify what you mean, and how this is a bug? I don't think this ia bug either, the inventory plugin is doing what it is designed to do, and that seems to be different from what you are assuming it should do.

[victorbrca]

Could you please clarify what you mean, and how this is a bug? I don't think this ia bug either, the inventory plugin is doing what it is designed to do, and that seems to be different from what you are assuming it should do.

Shouldn't variables configured in group_vars take precedence over inventory plugin variables?