marito/LXC-Incus-stable-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added init-pressed on admin init; imported incus network playbook

Browse Source
This commit is contained in:
marmattheo 2025-06-13 14:46:35 +08:00
parent 2bc5236ba0
commit 750435b8d3
3 changed files with 98 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
README.md
View File

@ -14,11 +14,9 @@ This playbook automates the installation and setup of the **stable** version of
## How to Run ## How to Run
1. **Setup:** Clone the repository and go to the project directory 1. **Setup:** Clone the repository and go to the project directory
```bash ```bash
git clone https://git.marmattheo.com/marmattheo/incus-stable-playbook.git && cd incus-stable-playbook git clone https://git.marmattheo.com/marmattheo/LXC-Incus-stable-playbook.git && cd incus-stable-playbook
``` ```
1. **Customize Variables (Optional):** Open `playbook.yml` and review the `vars` section.
2. **Execute the Playbook:** 2. **Execute the Playbook:**
Run the following command from the same directory as the playbook file. It will prompt you for your `sudo` password to perform the administrative tasks. Run the following command from the same directory as the playbook file. It will prompt you for your `sudo` password to perform the administrative tasks.
@ -33,73 +31,27 @@ After the playbook completes successfully:
1. **Configure User Access:** 1. **Configure User Access:**
Add your user to incus-admin group Refresh group membership.
```bash
sudo usermod -aG incus-admin $USER
```
To refresh group membership.
```bash ```bash
newgrp incus-admin newgrp incus-admin
``` ```
2. **Initialize Incus:** 2. **Verify Setup:**
Run the interactive initialization and follow the prompts to configure storage pools, networks, and other settings.
```bash
incus admin init
```
> Press 'Enter' all throughout the interactive initialization for defaults
3. **Verify Setup:**
You can test the installation by running. You can test the installation by running.
```bash ```bash
incus list incus --version
``` ```
4. **Access the Incus Web UI:** 3. **Access the Incus Web UI:**
Ensure Incus is listening on the network: Access the Web UI at:
```bash
incus config set core.https_address :8443
```
Then, access the Web UI at:
```bash ```bash
https://localhost:8443 or https://vps-ip:8443 https://localhost:8443 or https://vps-ip:8443
``` ```
> Follow the self-signed certificate instructions when prompted. > Follow the self-signed certificate instructions when prompted for mLTS
5. **Configure Firewall using ufw (Optional):**
Install and enable ufw:
```bash
sudo apt install ufw -y && sudo ufw enable -y
```
Ensure Incus is listening on the network:
```bash
sudo ufw allow in on incusbr0
sudo ufw route allow in on incusbr0
sudo ufw route allow out on incusbr0
```
5. **Incus Network - Access Containers by Name (Optional):**
Configuring name-to-IP resolution so the host OS can reach Incus containers using their names.
```bash
ansible-playbook incus-network.yml --ask-become-pass
```
> After this you should be able to reach your containers via their names or with the domain .incus
> i.e., `sudo ping container_name`, `sudo ping container_name.incus` on terminal or `http://container_name.incus` inside an nginx config

45
init-preseed.yml Normal file
View File

@ -0,0 +1,45 @@
config:
core.https_address: :8443
networks:
- config:
ipv4.address: 10.69.69.1/24
ipv4.nat: "true"
ipv6.address: fd42:4e03:3ced:c255::1/64
ipv6.nat: "true"
description: ""
name: incusbr0
type: bridge
project: default
storage_pools:
- config:
source: /var/lib/incus/storage-pools/default
description: ""
name: default
driver: dir
storage_volumes: []
profiles:
- config: {}
description: Default Incus profile
devices:
eth0:
name: eth0
network: incusbr0
type: nic
root:
path: /
pool: default
type: disk
name: default
project: ""
projects:
- config:
features.images: "true"
features.networks: "true"
features.networks.zones: "true"
features.profiles: "true"
features.storage.buckets: "true"
features.storage.volumes: "true"
description: Default Incus project
name: default
certificates: []

48
playbook.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: Install Incus from Zabbly Stable Repository - name: Install and Initialize Incus from Zabbly Stable Repository
hosts: localhost hosts: localhost
become: yes become: yes
@ -63,6 +63,50 @@
- incus-ui-canonical - incus-ui-canonical
state: present state: present
- name: Wait for incus daemon to be ready
shell: |
until incus list &>/dev/null; do
sleep 1
done
retries: 10
delay: 2
register: incus_ready
until: incus_ready.rc == 0
- name: Run incus admin init with preseed
command: incus admin init --preseed < init-preseed.yml
args:
chdir: "{{ playbook_dir }}"
- name: Add current user to incus-admin group
user:
name: "{{ lookup('env', 'SUDO_USER') | default(lookup('env', 'USER'), true) }}"
groups: incus-admin
append: yes
- name: Ensure Incus listens on HTTPS port 8443
command: incus config set core.https_address :8443
- name: Install UFW
apt:
name: ufw
state: present
- name: Enable UFW
command: ufw --force enable
- name: Allow inbound traffic on incusbr0
command: ufw allow in on incusbr0
- name: Allow routed inbound traffic on incusbr0
command: ufw route allow in on incusbr0
- name: Allow routed outbound traffic on incusbr0
command: ufw route allow out on incusbr0
- name: Run incus network DNS setup
import_playbook: incus-network.yml
- name: "Post Installation Instructions" - name: "Post Installation Instructions"
debug: debug:
msg: "Post Installation Instructions: https://git.marmattheo.com/marmattheo/incus-stable-playbook/src/branch/master/README.md" msg: "Post Installation Instructions: https://git.marmattheo.com/marmattheo/LXC-Incus-stable-playbook/src/branch/master/README.md"