damex.incus.incus_cluster role – Ensure Incus cluster.

Note

This role is part of the damex.incus collection (version 1.11.7).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install damex.incus.

To use it in a playbook, specify: damex.incus.incus_cluster.

Entry point main – Ensure Incus cluster.

Synopsis

  • Ensure Incus cluster.

Parameters

Parameter

Comments

incus_cluster_client_cert

string

Client certificate content for API authentication.

incus_cluster_client_cert_path

path

TLS client certificate path for API authentication.

incus_cluster_client_key

string

Client key content for API authentication.

incus_cluster_client_key_path

path

TLS client key path for API authentication.

incus_cluster_cluster

dictionary / required

Cluster preseed settings.

cluster_address

string

Address of an existing cluster member to join.

cluster_certificate

string

Expected cluster certificate in X509 PEM format.

cluster_token

string

Join token for the target cluster.

enabled

boolean

Clustering.

Choices:

  • false

  • true

member_config

list / elements=dictionary

Member-specific configuration overrides for joining.

entity

string / required

Type of entity being configured.

key

string / required

Configuration key to set.

name

string / required

Name of the entity.

value

string

Value for the configuration key.

server_address

string / required

Address of the cluster member for cluster communication.

server_name

string / required

Name of the cluster member.

incus_cluster_config

dictionary / required

Server configuration key-value pairs.

acme.agree_tos

boolean

Agree to ACME terms of service.

Choices:

  • false

  • true

acme.ca_url

string

URL of the ACME directory.

acme.challenge

string

ACME challenge type to use.

Choices:

  • "HTTP-01"

  • "DNS-01"

acme.domain

string

Domain for which the certificate is issued.

acme.email

string

Email address for the ACME account.

acme.http.port

string

Port to use for HTTP-01 challenge.

acme.provider

string

DNS provider for DNS-01 challenge.

acme.provider.environment

string

Environment variables for the DNS provider.

acme.provider.resolvers

string

DNS resolvers for the DNS provider.

authorization.scriptlet

string

Starlark scriptlet for custom authorization logic.

backups.compression_algorithm

string

Compression algorithm for backups.

cluster.healing_threshold

integer

Number of seconds after which an offline member is evacuated.

cluster.https_address

string

Address to use for cluster communication.

cluster.images_minimal_replica

integer

Minimum number of cluster members with a copy of an image.

cluster.join_token_expiry

string

Expiry time for cluster join tokens.

cluster.max_standby

integer

Maximum number of standby database members.

cluster.max_voters

integer

Maximum number of voting database members.

cluster.offline_threshold

integer

Number of seconds after which a heartbeat-less member is considered offline.

cluster.rebalance.batch

integer

Number of instances to move per rebalance batch.

cluster.rebalance.cooldown

string

Cooldown period between rebalance runs.

cluster.rebalance.interval

integer

Interval in seconds between rebalance checks.

cluster.rebalance.threshold

integer

Percentage threshold to trigger rebalancing.

core.bgp_address

string

Address to bind the BGP server to.

core.bgp_asn

string

BGP Autonomous System Number for the local server.

core.bgp_routerid

string

Unique BGP router ID for the local server.

core.debug_address

string

Address to bind the pprof debug server to.

core.dns_address

string

Address to bind the authoritative DNS server to.

core.https_address

string / required

Address to bind the HTTPS API server to.

core.https_allowed_credentials

boolean

Access-Control-Allow-Credentials.

Choices:

  • false

  • true

core.https_allowed_headers

string

Access-Control-Allow-Headers header value.

core.https_allowed_methods

string

Access-Control-Allow-Methods header value.

core.https_allowed_origin

string

Access-Control-Allow-Origin header value.

core.https_trusted_proxy

string

Comma-separated list of trusted proxy IP addresses.

core.metrics_address

string

Address to bind the metrics server to.

core.metrics_authentication

boolean

Metrics authentication requirement.

Choices:

  • false

  • true

core.proxy_http

string

HTTP proxy for the server to use.

core.proxy_https

string

HTTPS proxy for the server to use.

core.proxy_ignore_hosts

string

Hosts that should bypass the proxy.

core.remote_token_expiry

string

Expiry time for remote add tokens.

core.shutdown_timeout

integer

Number of minutes to wait for running operations to complete before shutdown.

core.storage_buckets_address

string

Address to bind the storage buckets server to.

core.syslog_socket

boolean

Syslog Unix socket listener.

Choices:

  • false

  • true

core.trust_ca_certificates

boolean

CA-signed client certificate trust.

Choices:

  • false

  • true

images.auto_update_cached

boolean

Cached image auto-update.

Choices:

  • false

  • true

images.auto_update_interval

integer

Interval in hours between image update checks.

images.compression_algorithm

string

Compression algorithm for images.

images.default_architecture

string

Default architecture for images.

images.remote_cache_expiry

integer

Number of days after which unused cached images expire.

instances.lxcfs.per_instance

boolean

Separate LXCFS per instance.

Choices:

  • false

  • true

instances.nic.host_name

string

Template for host-side veth interface names.

instances.placement.scriptlet

string

Starlark scriptlet for custom instance placement.

logging

list / elements=dictionary

Logging targets.

lifecycle.projects

string

Projects to send lifecycle events for.

lifecycle.types

string

Lifecycle event types to send.

logging.level

string

Minimum log level to send to the logger.

name

string / required

Name of the logging target.

target.address

string / required

Address of the logging target.

target.ca_cert

string

CA certificate for the server.

target.facility

string

Syslog facility for the log message.

target.instance

string

Name to use as the instance field in Loki events.

target.labels

string

Labels for a Loki log entry.

target.password

string

Password for authentication.

target.retry

integer

Number of delivery retries.

target.type

string / required

Type of logging target.

Choices:

  • "loki"

  • "syslog"

  • "webhook"

target.username

string

Username for authentication.

types

string

Events to send to the logger.

network.hwaddr_pattern

string

MAC address template for the cluster.

network.ovn.ca_cert

string

CA certificate for OVN northbound connection.

network.ovn.client_cert

string

Client certificate for OVN northbound connection.

network.ovn.client_key

string

Client key for OVN northbound connection.

network.ovn.integration_bridge

string

OVS integration bridge to use for OVN networks.

network.ovn.northbound_connection

string

OVN northbound database connection string.

network.ovs.connection

string

OVS database connection string.

oidc.audience

string

Expected audience value for OIDC tokens.

oidc.claim

string

OIDC claim to use as the username.

oidc.client.id

string

OIDC client ID.

oidc.issuer

string

OIDC issuer URL.

oidc.scopes

string

Comma-separated list of OIDC scopes to request.

openfga.api.token

string

API token for the OpenFGA server.

openfga.api.url

string

URL of the OpenFGA server.

openfga.store.id

string

OpenFGA store ID.

storage.backups_volume

string

Volume to use for storing backup tarballs.

storage.images_volume

string

Volume to use for storing image tarballs.

storage.linstor.ca_cert

string

CA certificate for LINSTOR controller connection.

storage.linstor.client_cert

string

Client certificate for LINSTOR controller connection.

storage.linstor.client_key

string

Client key for LINSTOR controller connection.

storage.linstor.controller_connection

string

LINSTOR controller connection string.

storage.linstor.satellite.name

string

Name of the LINSTOR satellite on this cluster member.

storage.logs_volume

string

Volume to use for storing log files.

incus_cluster_members

list / elements=dictionary

Incus cluster members to ensure.

config

dictionary

Cluster member configuration key-value pairs.

scheduler.instance

string

Controls how instances are scheduled to run on this member.

Choices:

  • "all"

  • "manual"

  • "group"

description

string

Description of the cluster member.

failure_domain

string

Failure domain of the cluster member.

groups

list / elements=string

Cluster groups for the member.

name

string / required

Name of the cluster member.

roles

list / elements=string

Roles assigned to the cluster member.

state

string

Desired state of the cluster member.

Choices:

  • "present"

  • "absent"

incus_cluster_primary

string / required

Inventory hostname of the primary cluster node.

incus_cluster_server_cert

string

Server certificate content for API verification.

incus_cluster_server_cert_path

path

TLS server certificate path for API verification.

incus_cluster_socket_path

path

Incus Unix socket path.

incus_cluster_token

string

Authentication token for the Incus API.

incus_cluster_url

string

URL of the Incus REST API endpoint.

incus_cluster_validate_certs

boolean

TLS certificate validation.

Choices:

  • false

  • true

Examples

- name: Ensure incus cluster
  hosts: incus
  tasks:
    - name: Ensure incus cluster
      ansible.builtin.import_role:
        name: damex.incus.incus_cluster
      vars:
        incus_cluster_primary: node1
        incus_cluster_config:
          core.https_address: :8443
        incus_cluster_cluster:
          enabled: true
          server_name: "{{ inventory_hostname }}"
          server_address: "{{ ansible_default_ipv4.address }}:8443"