senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/ansible/roles/incus/readme.md

97 lines
10 KiB
Markdown
Raw Normal View History

BASE: completing the initial repo state
2025-12-03 21:56:50 +00:00
# incus role
<!-- TOC -->
* [incus role](#incus-role)
* [Variable reference](#variable-reference)
* [Mandatory variables](#mandatory-variables)
* [Optional variables](#optional-variables)
* [incus_cluster tips](#incus_cluster-tips)
* [incus_subuid_list and incus_subgid_list: mount directory from host to container with the host uid/gid](#incus_subuid_list-and-incus_subgid_list-mount-directory-from-host-to-container-with-the-host-uidgid)
* [Misc](#misc)
* [Incus logs](#incus-logs)
* [Detection of unconfigured incus](#detection-of-unconfigured-incus)
<!-- TOC -->
## Variable reference
### Mandatory variables
| Variable | Description | Example value |
| -------- | ----------- | ------------- | ------ |
| incus_repository | name of the zabbly incus repo to use | lts-6.0 |
### Optional variables
| Variable | Description | Default value | Example value |
|----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|
| incus_version | inucs specific version to pin, only useful in a cluster configuration ; [a minor upgrade can block the cluster](https://linuxcontainers.org/incus/docs/main/howto/cluster_manage/#upgrade-cluster-members). Use `--extra-vars "incus_update_now=true"` to upgrade cluster members. | | |
| incus_trust_list | list of servers name authrorized to have their certificate added in incus trust config | None | {{ backup_server_list + [ 'srv-379' ] }} |
| incus_zfs_backend | create a zfs dataset for incus | true | false |
| incus_zfs_root_dataset | the zfs dataset to create for incus | nvme/incus | tank/incus |
| incus_standard_profiles | list of all default profiles | Look in the `defaults/main.yml` file for the standard configuration | see `defaults/main.yml` |
| incus_subuid_list | grand access to specific uid for incus | None | ['5001'] |
| incus_subgid_list | grand access to specific gid for incus | None | ['5000'] |
| incus_cluster_name | Set this variable if you want the host to be part of an incus cluster. Must be defined in a group_vars and have the same name that this group_vars | None | th3_core |
| incus_cluster_main_name | ansible_hostname of the incus cluster main server | None | srv-203 |
| incus_cluster_init_member_config | member_config list of the admin init preseed file. The list of the keys needed is cluster specific but the value is not necessarily the same on each member.<br /> It can be obtained with the command `incus query /1.0/cluster` | None | incus_cluster_init_member_config: \|<br /> entity: storage-pool<br /> name: default<br /> key: driver<br /> value: zfs |
| incus_cluster_scheduler | Per member optional cluster configuration to restrict automatic placement of instances https://linuxcontainers.org/incus/docs/main/explanation/clustering/#clustering-instance-placement | None | group |
| incus_ip | the ip on which incus listen, without CIDR | None | 10.24.10.10 |
| incus_bgp_asn | Private AS number used by the incus bgp daemon. If not set incus bgp daemon will not be activated | None | `65024` |
#### incus_cluster tips
The easiest way to set `incus_cluster_name` `incus_cluster_main_name` and `incus_ip` if you are willing to use OVN on this cluster is by respectivly them to the corresponding vars in ovn:
incus_cluster_name: {{ ovn_cluster_name }}
incus_cluster_main_name: {{ ovn_cluster_main_name }}
incus_ip: {{ ovn_ip }}
#### incus_subuid_list and incus_subgid_list: mount directory from host to container with the host uid/gid
Sometime, you need to give access to a directory to a container without remapping its uid/gid.
To do that, you must modify the system to grand access to specific uid/gid for incus and then modify the container to handle this specific case.
To grand access to specific uid/gid for incus set incus_subuid_list and incus_subgid_list on the host.
Then for the incus container, you must add the following setting:
```
echo -en "uid 5001 5001\ngid 5000 5000" | incus config set container_name raw.idmap -
```
A container restart is necessary to apply the change, it cannot be done live.
Then add the directory to the container storage, for instance:
```
devices:
01OPTI01370:
path: /srv/vaults/01OPTI01370
source: /srv/vaults/01OPTI01370
type: disk
```
You will then be able to access the directory inside the container with the same uid/gid as the host.
# Misc
## Incus logs
Log incus daemon:
```
/var/log/incus/incusd.log
```
Log container incus:
```
/var/log/incus/CONTAINER_NAME
```
## Detection of unconfigured incus
The `incus_yaml_unconfigured` variable is defined in `defaults/main.yml`, it contains the unconfigured state of a incus daemon just after installation, you should not have to change this, the variable exists to handle future incus version that may have a different default configuration.
The `incus_standalone_init_yaml ` variable is also defined in `defaults/main.yml`, it contains the initial configuration that must override the default above, you only need to change this if your default storage pool doesn't use zfs.
Reference in a new issue Copy permalink