damex.incus.incus_profiles role – Ensure Incus profiles.

Note

This role is part of the damex.incus collection (version 1.6.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install damex.incus.

To use it in a playbook, specify: damex.incus.incus_profiles.

Entry point main – Ensure Incus profiles.

Synopsis

• Ensure Incus profiles.

Parameters

Parameter	Comments
incus_profiles list / elements=dictionary	List of Incus profiles to ensure.
config dictionary	Profile configuration key-value pairs.
agent.nic_config boolean	Use instance NIC names and MTU for default interfaces. Choices: false true
boot.autorestart boolean	Whether to restart the instance on unexpected stop. Choices: false true
boot.autostart boolean	Whether to start the instance on daemon startup. Choices: false true
boot.autostart.delay integer	Seconds to wait after the instance started.
boot.autostart.priority integer	Instance startup priority, higher starts first.
boot.host_shutdown_action string	Action to perform on host shutdown.
boot.host_shutdown_timeout integer	Seconds to wait for graceful shutdown on host stop.
boot.stop.priority integer	Instance shutdown priority, higher stops first.
cloud-init.network-config dictionary	Cloud-init network configuration.
bonds list / elements=dictionary	Bond device configurations.
addresses list / elements=string	Static addresses in CIDR notation.
dhcp4 boolean	Whether to enable DHCPv4. Choices: false true
interfaces list / elements=string	Member interfaces for the bond.
name string / required	Bond device name.
nameservers dictionary	DNS resolver configuration.
addresses list / elements=string	List of DNS server addresses.
parameters dictionary	Bond-specific parameters.
mii-monitor-interval integer	MII monitoring interval in milliseconds.
mode string	Bonding mode.
routes list / elements=dictionary	Static routes for the device.
to string	Destination network in CIDR notation.
via string	Gateway address for the route.
bridges list / elements=dictionary	Bridge device configurations.
addresses list / elements=string	Static addresses in CIDR notation.
dhcp4 boolean	Whether to enable DHCPv4. Choices: false true
interfaces list / elements=string	Member interfaces for the bridge.
name string / required	Bridge device name.
nameservers dictionary	DNS resolver configuration.
addresses list / elements=string	List of DNS server addresses.
parameters dictionary	Bridge-specific parameters.
forward-delay integer	Forwarding delay in seconds.
stp boolean	Whether to enable Spanning Tree Protocol. Choices: false true
routes list / elements=dictionary	Static routes for the device.
to string	Destination network in CIDR notation.
via string	Gateway address for the route.
ethernets list / elements=dictionary	Ethernet device configurations.
addresses list / elements=string	Static addresses in CIDR notation.
dhcp4 boolean	Whether to enable DHCPv4. Choices: false true
match dictionary	Device match criteria.
driver string	Kernel driver name to match.
name string / required	Ethernet device name.
nameservers dictionary	DNS resolver configuration.
addresses list / elements=string	List of DNS server addresses.
routes list / elements=dictionary	Static routes for the device.
to string	Destination network in CIDR notation.
via string	Gateway address for the route.
renderer string	Network renderer backend.
version integer	Network config format version.
vlans list / elements=dictionary	VLAN device configurations.
addresses list / elements=string	Static addresses in CIDR notation.
dhcp4 boolean	Whether to enable DHCPv4. Choices: false true
id integer / required	VLAN ID.
link string / required	Parent device for the VLAN.
name string / required	VLAN device name.
nameservers dictionary	DNS resolver configuration.
addresses list / elements=string	List of DNS server addresses.
routes list / elements=dictionary	Static routes for the device.
to string	Destination network in CIDR notation.
via string	Gateway address for the route.
cloud-init.user-data dictionary	Cloud-init user data configuration.
bootcmd list / elements=any	Commands to run early in the boot process.
chpasswd dictionary	Password change settings.
expire boolean	Whether to expire the password after first login. Choices: false true
package_upgrade boolean	Whether to upgrade packages on first boot. Choices: false true
packages list / elements=string	Packages to install on first boot.
password string	Password for the default user.
power_state dictionary	Power state change after cloud-init completes.
mode string	Power state action. Choices: "reboot" "poweroff" "halt"
runcmd list / elements=any	Commands to run after cloud-init completes.
ssh_pwauth boolean	Whether to enable SSH password authentication. Choices: false true
user string	Default user name to create.
write_files list / elements=dictionary	Files to write on first boot.
content string	Content to write to the file.
owner string	Owner and group in user:group format.
path string / required	Absolute path of the file to write.
permissions string	File permissions in octal notation.
cloud-init.vendor-data dictionary	Cloud-init vendor data configuration.
bootcmd list / elements=any	Commands to run early in the boot process.
chpasswd dictionary	Password change settings.
expire boolean	Whether to expire the password after first login. Choices: false true
package_upgrade boolean	Whether to upgrade packages on first boot. Choices: false true
packages list / elements=string	Packages to install on first boot.
password string	Password for the default user.
power_state dictionary	Power state change after cloud-init completes.
mode string	Power state action. Choices: "reboot" "poweroff" "halt"
runcmd list / elements=any	Commands to run after cloud-init completes.
ssh_pwauth boolean	Whether to enable SSH password authentication. Choices: false true
user string	Default user name to create.
write_files list / elements=dictionary	Files to write on first boot.
content string	Content to write to the file.
owner string	Owner and group in user:group format.
path string / required	Absolute path of the file to write.
permissions string	File permissions in octal notation.
cluster.evacuate string	Action to perform on cluster member evacuation. Choices: "auto" "live-migrate" "migrate" "stop" "stateful-stop" "force-stop"
limits.cpu string	Number or range of CPUs to expose.
limits.cpu.allowance string	CPU time allowance as percentage or fixed rate.
limits.cpu.nodes string	NUMA nodes to place the instance on.
limits.cpu.priority integer	CPU scheduling priority compared to other instances.
limits.disk.priority integer	I/O request priority when under load (0-10).
limits.hugepages.1GB string	Limit for 1GB hugepages.
limits.hugepages.1MB string	Limit for 1MB hugepages.
limits.hugepages.2MB string	Limit for 2MB hugepages.
limits.hugepages.64KB string	Limit for 64KB hugepages.
limits.memory string	Percentage of host memory or fixed value in bytes.
limits.memory.enforce string	Memory limit enforcement mode.
limits.memory.hotplug string	Whether to allow memory hotplug.
limits.memory.hugepages boolean	Whether to back instance memory with hugepages. Choices: false true
limits.memory.oom_priority integer	OOM killer priority compared to other instances.
limits.memory.swap string	Whether to enable swap for the instance.
limits.memory.swap.priority integer	Swap usage priority compared to other instances.
limits.network.priority integer	Network traffic priority compared to other instances.
limits.processes integer	Maximum number of processes in the instance.
linux.kernel_modules string	Comma-separated list of kernel modules to load.
migration.incremental.memory boolean	Whether to use incremental memory transfer. Choices: false true
migration.incremental.memory.goal integer	Target percentage of dirty memory for completion.
migration.incremental.memory.iterations integer	Maximum number of incremental memory transfer rounds.
migration.stateful boolean	Allow stateful stop/start and snapshots. Choices: false true
nvidia.driver.capabilities string	NVIDIA driver capabilities to expose.
nvidia.require.cuda string	Required CUDA version expression.
nvidia.require.driver string	Required NVIDIA driver version expression.
nvidia.runtime boolean	Pass NVIDIA runtime libraries into the container. Choices: false true
oci.cwd string	Working directory for OCI containers.
oci.entrypoint string	Entrypoint override for OCI containers.
oci.gid string	GID to run OCI container process as.
oci.uid string	UID to run OCI container process as.
raw.apparmor string	Raw AppArmor profile entries to append.
raw.idmap string	Raw UID/GID mapping configuration.
raw.lxc string	Raw LXC configuration to append.
raw.qemu string	Raw QEMU command-line arguments to append.
raw.qemu.conf string	Raw QEMU configuration file overrides.
raw.qemu.qmp.early string	QMP commands to run early in QEMU startup.
raw.qemu.qmp.post-start string	QMP commands to run after instance start.
raw.qemu.qmp.pre-start string	QMP commands to run before instance start.
raw.qemu.scriptlet string	Scriptlet to run during QEMU startup.
raw.seccomp string	Raw seccomp profile to apply.
security.agent.metrics boolean	Whether the guest agent exposes metrics. Choices: false true
security.bpffs.delegate_attachs string	BPF attach types to delegate to the instance.
security.bpffs.delegate_cmds string	BPF commands to delegate to the instance.
security.bpffs.delegate_maps string	BPF map types to delegate to the instance.
security.bpffs.delegate_progs string	BPF program types to delegate to the instance.
security.bpffs.path string	Path at which to mount the BPF filesystem.
security.csm boolean	Whether to enable Compatibility Support Module for VMs. Choices: false true
security.guestapi boolean	Whether to enable the guest API. Choices: false true
security.guestapi.images boolean	Whether to allow image access via the guest API. Choices: false true
security.idmap.base integer	Base host ID for the instance UID/GID map.
security.idmap.isolated boolean	Whether to use a unique ID map for the instance. Choices: false true
security.idmap.size integer	Size of the UID/GID range to allocate.
security.iommu boolean	Whether to enable IOMMU for the instance. Choices: false true
security.nesting boolean	Allow running Incus inside the instance. Choices: false true
security.privileged boolean	Whether to run the instance in privileged mode. Choices: false true
security.protection.delete boolean	Whether to prevent deletion of the instance. Choices: false true
security.protection.shift boolean	Whether to prevent UID/GID shifting. Choices: false true
security.secureboot boolean	Whether to enable UEFI Secure Boot. Choices: false true
security.sev boolean	Whether to enable AMD SEV encryption. Choices: false true
security.sev.policy.es boolean	Whether to enable SEV-ES (Encrypted State). Choices: false true
security.sev.session.data string	SEV session data blob in base64.
security.sev.session.dh string	SEV guest Diffie-Hellman key in base64.
security.syscalls.allow string	Allowlist of syscalls to permit.
security.syscalls.deny string	List of syscalls to deny.
security.syscalls.deny_compat boolean	Whether to block compat syscalls for x86 on x86_64. Choices: false true
security.syscalls.deny_default boolean	Whether to enable default syscall deny list. Choices: false true
security.syscalls.intercept.bpf boolean	Whether to intercept bpf syscalls. Choices: false true
security.syscalls.intercept.bpf.devices boolean	Whether to allow device map types in intercepted bpf. Choices: false true
security.syscalls.intercept.mknod boolean	Whether to intercept mknod syscalls. Choices: false true
security.syscalls.intercept.mount boolean	Whether to intercept mount syscalls. Choices: false true
security.syscalls.intercept.mount.allowed string	Filesystems allowed for intercepted mount calls.
security.syscalls.intercept.mount.fuse string	FUSE handler for intercepted mount calls.
security.syscalls.intercept.mount.shift boolean	Whether to enable UID/GID shifting for intercepted mounts. Choices: false true
security.syscalls.intercept.sched_setscheduler boolean	Whether to intercept sched_setscheduler syscalls. Choices: false true
security.syscalls.intercept.setxattr boolean	Whether to intercept setxattr syscalls. Choices: false true
security.syscalls.intercept.sysinfo boolean	Whether to intercept sysinfo syscalls. Choices: false true
snapshots.expiry string	Expiry time for automatic snapshots.
snapshots.expiry.manual string	Expiry time for manual snapshots.
snapshots.pattern string	Naming pattern for automatic snapshots.
snapshots.schedule string	Cron expression for automatic snapshots.
snapshots.schedule.stopped boolean	Whether to snapshot stopped instances. Choices: false true
description string	Description of the profile.
devices list / elements=dictionary	List of devices to attach to the profile.
hwaddr string	MAC address for the NIC.
ipv4.address string	IPv4 address for the NIC.
ipv4.routes string	IPv4 static routes to add for the NIC.
ipv6.address string	IPv6 address for the NIC.
ipv6.routes string	IPv6 static routes to add for the NIC.
mtu string	MTU of the NIC.
name string / required	Name of the device.
network string	Managed network to attach the NIC to.
nictype string	NIC type when not using a managed network.
parent string	Parent device for the NIC.
path string	Mount path inside the instance (disk).
pool string	Storage pool for the disk device.
readonly boolean	Whether the disk is read-only. Choices: false true
size string	Size of the disk device.
source string	Source path or volume for the disk device.
type string / required	Type of the device. Choices: "disk" "nic"
name string / required	Name of the profile.
project string	Incus project to scope this profile to.
state string	Desired state of the profile. Choices: "present" "absent"
incus_profiles_client_cert path	Path to the TLS client certificate.
incus_profiles_client_key path	Path to the TLS client key.
incus_profiles_project string	Incus project to scope profiles to.
incus_profiles_server_cert path	Path to the TLS server certificate.
incus_profiles_socket_path path	Path to the Incus Unix socket.
incus_profiles_state string	Desired state of the profiles. Choices: "present" "absent"
incus_profiles_token string	Authentication token for the Incus API.
incus_profiles_url string	URL of the Incus server API.
incus_profiles_validate_certs boolean	Whether to validate TLS certificates. Choices: false true

Examples

- name: Ensure incus profiles
  hosts: incus
  tasks:
    - name: Ensure incus profiles
      ansible.builtin.import_role:
        name: damex.incus.incus_profiles
      vars:
        incus_profiles:
          - name: default
            config:
              security.nesting: "true"
            devices:
              root:
                type: disk
                pool: local
                path: /
              eth0:
                type: nic
                network: incusbr0

Collection links

• Issue Tracker
• Repository (Sources)