From 750435b8d33a268ff63a0f47588be431fd8ea96e Mon Sep 17 00:00:00 2001 From: marmattheo Date: Fri, 13 Jun 2025 14:46:35 +0800 Subject: [PATCH] added init-pressed on admin init; imported incus network playbook --- README.md | 62 ++++++------------------------------------------ init-preseed.yml | 45 +++++++++++++++++++++++++++++++++++ playbook.yml | 48 +++++++++++++++++++++++++++++++++++-- 3 files changed, 98 insertions(+), 57 deletions(-) create mode 100644 init-preseed.yml diff --git a/README.md b/README.md index 6c76050..5e59331 100644 --- a/README.md +++ b/README.md @@ -14,11 +14,9 @@ This playbook automates the installation and setup of the **stable** version of ## How to Run 1. **Setup:** Clone the repository and go to the project directory ```bash - git clone https://git.marmattheo.com/marmattheo/incus-stable-playbook.git && cd incus-stable-playbook + git clone https://git.marmattheo.com/marmattheo/LXC-Incus-stable-playbook.git && cd incus-stable-playbook ``` -1. **Customize Variables (Optional):** Open `playbook.yml` and review the `vars` section. - 2. **Execute the Playbook:** Run the following command from the same directory as the playbook file. It will prompt you for your `sudo` password to perform the administrative tasks. @@ -33,73 +31,27 @@ After the playbook completes successfully: 1. **Configure User Access:** - Add your user to incus-admin group - - ```bash - sudo usermod -aG incus-admin $USER - ``` - To refresh group membership. + Refresh group membership. ```bash newgrp incus-admin ``` -2. **Initialize Incus:** - - Run the interactive initialization and follow the prompts to configure storage pools, networks, and other settings. - - ```bash - incus admin init - ``` - > Press 'Enter' all throughout the interactive initialization for defaults - -3. **Verify Setup:** +2. **Verify Setup:** You can test the installation by running. ```bash - incus list + incus --version ``` -4. **Access the Incus Web UI:** +3. **Access the Incus Web UI:** - Ensure Incus is listening on the network: - - ```bash - incus config set core.https_address :8443 - ``` - - Then, access the Web UI at: + Access the Web UI at: ```bash https://localhost:8443 or https://vps-ip:8443 ``` - > Follow the self-signed certificate instructions when prompted. - -5. **Configure Firewall using ufw (Optional):** - - Install and enable ufw: - ```bash - sudo apt install ufw -y && sudo ufw enable -y - ``` - - Ensure Incus is listening on the network: - - ```bash - sudo ufw allow in on incusbr0 - sudo ufw route allow in on incusbr0 - sudo ufw route allow out on incusbr0 - ``` - -5. **Incus Network - Access Containers by Name (Optional):** - - Configuring name-to-IP resolution so the host OS can reach Incus containers using their names. - - ```bash - ansible-playbook incus-network.yml --ask-become-pass - ``` - > After this you should be able to reach your containers via their names or with the domain .incus - > i.e., `sudo ping container_name`, `sudo ping container_name.incus` on terminal or `http://container_name.incus` inside an nginx config - + > Follow the self-signed certificate instructions when prompted for mLTS diff --git a/init-preseed.yml b/init-preseed.yml new file mode 100644 index 0000000..20534bc --- /dev/null +++ b/init-preseed.yml @@ -0,0 +1,45 @@ +config: + core.https_address: :8443 +networks: +- config: + ipv4.address: 10.69.69.1/24 + ipv4.nat: "true" + ipv6.address: fd42:4e03:3ced:c255::1/64 + ipv6.nat: "true" + description: "" + name: incusbr0 + type: bridge + project: default +storage_pools: +- config: + source: /var/lib/incus/storage-pools/default + description: "" + name: default + driver: dir +storage_volumes: [] +profiles: +- config: {} + description: Default Incus profile + devices: + eth0: + name: eth0 + network: incusbr0 + type: nic + root: + path: / + pool: default + type: disk + name: default + project: "" +projects: +- config: + features.images: "true" + features.networks: "true" + features.networks.zones: "true" + features.profiles: "true" + features.storage.buckets: "true" + features.storage.volumes: "true" + description: Default Incus project + name: default +certificates: [] + diff --git a/playbook.yml b/playbook.yml index a66e383..ec77b92 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,5 +1,5 @@ --- -- name: Install Incus from Zabbly Stable Repository +- name: Install and Initialize Incus from Zabbly Stable Repository hosts: localhost become: yes @@ -63,6 +63,50 @@ - incus-ui-canonical state: present + - name: Wait for incus daemon to be ready + shell: | + until incus list &>/dev/null; do + sleep 1 + done + retries: 10 + delay: 2 + register: incus_ready + until: incus_ready.rc == 0 + + - name: Run incus admin init with preseed + command: incus admin init --preseed < init-preseed.yml + args: + chdir: "{{ playbook_dir }}" + + - name: Add current user to incus-admin group + user: + name: "{{ lookup('env', 'SUDO_USER') | default(lookup('env', 'USER'), true) }}" + groups: incus-admin + append: yes + + - name: Ensure Incus listens on HTTPS port 8443 + command: incus config set core.https_address :8443 + + - name: Install UFW + apt: + name: ufw + state: present + + - name: Enable UFW + command: ufw --force enable + + - name: Allow inbound traffic on incusbr0 + command: ufw allow in on incusbr0 + + - name: Allow routed inbound traffic on incusbr0 + command: ufw route allow in on incusbr0 + + - name: Allow routed outbound traffic on incusbr0 + command: ufw route allow out on incusbr0 + + - name: Run incus network DNS setup + import_playbook: incus-network.yml + - name: "Post Installation Instructions" debug: - msg: "Post Installation Instructions: https://git.marmattheo.com/marmattheo/incus-stable-playbook/src/branch/master/README.md" + msg: "Post Installation Instructions: https://git.marmattheo.com/marmattheo/LXC-Incus-stable-playbook/src/branch/master/README.md"