damex.incus.incus_networks role – Ensure Incus networks.

Note

This role is part of the damex.incus collection (version 1.11.7).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install damex.incus.

To use it in a playbook, specify: damex.incus.incus_networks.

Entry point main – Ensure Incus networks.

Synopsis

  • Ensure Incus networks.

Parameters

Parameter

Comments

incus_networks

list / elements=dictionary

Networks to ensure.

config

dictionary

Network configuration options.

bgp.ipv4.nexthop

string

Override the next-hop for advertised IPv4 prefixes.

bgp.ipv6.nexthop

string

Override the next-hop for advertised IPv6 prefixes.

bgp_peers

list / elements=dictionary

BGP peers for OVN downstream networks.

address

string / required

IP address of the BGP peer.

asn

integer / required

Autonomous System Number of the BGP peer.

holdtime

integer

Hold time in seconds for the BGP session.

name

string / required

Name identifier for the BGP peer.

password

string

Password for the BGP session.

bridge.driver

string

Bridge driver to use.

Choices:

  • "native"

  • "openvswitch"

bridge.external_interfaces

string

Comma-separated list of unconfigured NICs to bridge.

bridge.hwaddr

string

MAC address for the bridge.

bridge.mtu

string

Bridge MTU.

dns.domain

string

Domain to advertise to DHCP clients and use for DNS resolution.

dns.mode

string

DNS registration mode.

Choices:

  • "managed"

  • "dynamic"

  • "none"

dns.nameservers

string

Comma-separated list of DNS nameservers.

string

Comma-separated list of DNS search domains.

dns.zone.forward

string

Comma-separated list of DNS zone names for forward DNS records.

dns.zone.reverse.ipv4

string

DNS zone name for IPv4 reverse DNS records.

dns.zone.reverse.ipv6

string

DNS zone name for IPv6 reverse DNS records.

gvrp

boolean

GARP VLAN Registration Protocol.

Choices:

  • false

  • true

ipv4.address

string

IPv4 address for the bridge (use none or auto).

ipv4.dhcp

boolean

DHCP address allocation.

Choices:

  • false

  • true

ipv4.dhcp.expiry

string

DHCP lease expiry time.

ipv4.dhcp.gateway

string

Address of the gateway for the subnet.

ipv4.dhcp.ranges

string

Comma-separated list of IPv4 DHCP ranges.

ipv4.dhcp.routes

string

Additional IPv4 routes to advertise via DHCP.

ipv4.firewall

boolean

Filtering firewall rule generation.

Choices:

  • false

  • true

ipv4.gateway

string

Override gateway for the subnet.

ipv4.gateway.hwaddr

string

MAC address of the gateway.

ipv4.nat

boolean

IPv4 NAT.

Choices:

  • false

  • true

ipv4.nat.address

string

Source address for outbound IPv4 NAT.

ipv4.nat.order

string

NAT rule placement relative to pre-existing rules.

Choices:

  • "before"

  • "after"

ipv4.routes

string

Comma-separated list of additional IPv4 CIDR subnets to route to the bridge.

ipv4.routes.anycast

boolean

Overlapping route allowance on multiple networks.

Choices:

  • false

  • true

ipv4.routing

boolean

IPv4 bridge traffic routing.

Choices:

  • false

  • true

ipv6.address

string

IPv6 address for the bridge (use none or auto).

ipv6.dhcp

boolean

Additional DHCPv6 network configuration.

Choices:

  • false

  • true

ipv6.dhcp.expiry

string

DHCPv6 lease expiry time.

ipv6.dhcp.ranges

string

Comma-separated list of IPv6 DHCP ranges.

ipv6.dhcp.stateful

boolean

Stateful DHCPv6 address allocation.

Choices:

  • false

  • true

ipv6.firewall

boolean

Filtering firewall rule generation.

Choices:

  • false

  • true

ipv6.gateway

string

Override gateway for the subnet.

ipv6.gateway.hwaddr

string

MAC address of the gateway.

ipv6.nat

boolean

IPv6 NAT.

Choices:

  • false

  • true

ipv6.nat.address

string

Source address for outbound IPv6 NAT.

ipv6.nat.order

string

NAT rule placement relative to pre-existing rules.

Choices:

  • "before"

  • "after"

ipv6.routes

string

Comma-separated list of additional IPv6 CIDR subnets to route to the bridge.

ipv6.routes.anycast

boolean

Overlapping route allowance on multiple networks.

Choices:

  • false

  • true

ipv6.routing

boolean

IPv6 bridge traffic routing.

Choices:

  • false

  • true

mtu

string

MTU of the network interface.

parent

string

Parent interface to use for the network.

raw.dnsmasq

string

Additional dnsmasq configuration to append.

security.acls

string

Comma-separated list of network ACLs to apply.

security.acls.default.egress.action

string

Default action for egress traffic not matching any ACL rule.

Choices:

  • "allow"

  • "reject"

  • "drop"

security.acls.default.egress.logged

boolean

Default egress action logging.

Choices:

  • false

  • true

security.acls.default.ingress.action

string

Default action for ingress traffic not matching any ACL rule.

Choices:

  • "allow"

  • "reject"

  • "drop"

security.acls.default.ingress.logged

boolean

Default ingress action logging.

Choices:

  • false

  • true

tunnels

list / elements=dictionary

Tunnels for bridge networks.

group

string

Multicast address for VXLAN tunnels.

id

integer

Tunnel ID for VXLAN tunnels.

interface

string

Host interface to use for the tunnel.

local

string

Local address for the tunnel.

name

string / required

Name identifier for the tunnel.

port

integer

Destination UDP port for VXLAN tunnels.

protocol

string / required

Tunneling protocol.

Choices:

  • "vxlan"

  • "gre"

remote

string

Remote address for the tunnel.

ttl

integer

TTL for multicast routing topologies.

vlan

integer

VLAN ID to attach to.

vlan.tagged

string

Comma-separated list of VLAN IDs to join for tagged traffic.

description

string

Network description.

name

string / required

Name of the network.

project

string

Incus project to scope the network to.

state

string

Desired state of the network.

Choices:

  • "present"

  • "absent"

targets

list / elements=dictionary

Cluster members to create the network on.

config

dictionary

Per-member network configuration options.

bgp.ipv4.nexthop

string

Override the next-hop for advertised IPv4 prefixes.

bgp.ipv6.nexthop

string

Override the next-hop for advertised IPv6 prefixes.

bridge.external_interfaces

string

Comma-separated list of unconfigured NICs to bridge.

parent

string

Parent interface to use for the network.

tunnels

list / elements=dictionary

Per-member tunnel configuration.

interface

string

Host interface for tunnel.

local

string

Local address for tunnel.

name

string / required

Tunnel name identifier.

name

string / required

Name of the cluster member.

state

string

Desired state of this cluster member’s network entry.

Choices:

  • "present"

  • "absent"

type

string / required

Type of the network.

Choices:

  • "bridge"

  • "macvlan"

  • "ovn"

  • "physical"

  • "sriov"

incus_networks_client_cert

string

Client certificate content for API authentication.

incus_networks_client_cert_path

path

TLS client certificate path for API authentication.

incus_networks_client_key

string

Client key content for API authentication.

incus_networks_client_key_path

path

TLS client key path for API authentication.

incus_networks_project

string

Incus project to scope networks to.

incus_networks_server_cert

string

Server certificate content for API verification.

incus_networks_server_cert_path

path

TLS server certificate path for API verification.

incus_networks_socket_path

path

Incus Unix socket path.

incus_networks_state

string

Desired state of the networks.

Choices:

  • "present"

  • "absent"

incus_networks_token

string

Authentication token for the Incus API.

incus_networks_url

string

URL of the Incus server API.

incus_networks_validate_certs

boolean

TLS certificate validation.

Choices:

  • false

  • true

Examples

- name: Ensure incus networks
  hosts: incus
  tasks:
    - name: Ensure incus networks
      ansible.builtin.import_role:
        name: damex.incus.incus_networks
      vars:
        incus_networks:
          - name: incusbr0
            type: bridge
            config:
              ipv4.address: 10.0.0.1/24
              ipv4.nat: "true"
              ipv6.address: none
          - name: incusbr1
            type: bridge
            config:
              ipv4.address: none
              ipv6.address: none
            targets:
              - name: node1.example.com
                config:
                  bridge.external_interfaces: enp3s0f0
              - name: node2.example.com
                config:
                  bridge.external_interfaces: enp4s0f0
          - name: bgpbr0
            type: bridge
            config:
              ipv4.address: 10.12.102.1/24
              ipv4.nat: "false"
            bgp_peers:
              - name: router
                address: 10.12.101.1
                asn: 64601
          - name: multibr0
            type: bridge
            config:
              ipv4.address: 10.0.0.1/24
              tunnels:
                - name: site2
                  protocol: vxlan
                  local: 192.168.1.1
                  remote: 192.168.1.2
                  id: 100