damex.incus.incus_server role – Ensure Incus server.

Note

This role is part of the damex.incus collection (version 1.11.7).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install damex.incus.

To use it in a playbook, specify: damex.incus.incus_server.

Entry point main – Ensure Incus server.

Synopsis

  • Ensure Incus server.

Parameters

Parameter

Comments

incus_server_client_cert

string

Client certificate content for API authentication.

incus_server_client_cert_path

path

TLS client certificate path for API authentication.

incus_server_client_key

string

Client key content for API authentication.

incus_server_client_key_path

path

TLS client key path for API authentication.

incus_server_cluster

dictionary

Cluster configuration for preseed initialization.

cluster_address

string

Address of an existing cluster member to join.

cluster_certificate

string

Expected cluster certificate in X509 PEM format.

cluster_token

string

Join token for the target cluster.

enabled

boolean

Clustering.

Choices:

  • false

  • true

member_config

list / elements=dictionary

Member-specific configuration overrides for joining.

entity

string / required

Type of entity being configured.

key

string / required

Configuration key to set.

name

string / required

Name of the entity.

value

string

Value for the configuration key.

server_address

string

Address of the cluster member for cluster communication.

server_name

string

Name of the cluster member.

incus_server_config

dictionary / required

Server configuration key-value pairs.

acme.agree_tos

boolean

Agree to ACME terms of service.

Choices:

  • false

  • true

acme.ca_url

string

URL to the ACME CA directory.

acme.challenge

string

ACME challenge type to use.

Choices:

  • "HTTP-01"

  • "DNS-01"

acme.domain

string

Domain for which to issue the certificate.

acme.email

string

Email address for the account registration.

acme.http.port

string

Port to use for HTTP-01 challenge listener.

acme.provider

string

DNS provider for DNS-01 challenge.

acme.provider.environment

string

Environment variables for the DNS provider.

acme.provider.resolvers

string

DNS resolvers for the DNS-01 challenge.

authorization.scriptlet

string

Starlark scriptlet for custom authorization logic.

backups.compression_algorithm

string

Compression algorithm to use for backups.

cluster.healing_threshold

integer

Threshold after which an offline cluster member is evacuated.

cluster.https_address

string

Address to bind for intra-cluster communication.

cluster.images_minimal_replica

integer

Minimum number of cluster members that keep a copy of an image.

cluster.join_token_expiry

string

Expiry time for cluster join tokens.

cluster.max_standby

integer

Maximum number of standby database members.

cluster.max_voters

integer

Maximum number of voting database members.

cluster.offline_threshold

integer

Seconds after which an unresponsive member is considered offline.

cluster.rebalance.batch

integer

Number of instances to move per rebalance batch.

cluster.rebalance.cooldown

string

Cooldown period between rebalance batches.

cluster.rebalance.interval

integer

Interval in seconds between rebalance checks.

cluster.rebalance.threshold

integer

Percentage threshold to trigger instance rebalancing.

core.bgp_address

string

Address to bind the BGP server to.

core.bgp_asn

string

BGP Autonomous System Number for the local server.

core.bgp_routerid

string

BGP router ID for the local server.

core.debug_address

string

Address to bind the pprof debug server to.

core.dns_address

string

Address to bind the authoritative DNS server to.

core.https_address

string

Address to bind the remote API to.

core.https_allowed_credentials

boolean

Access-Control-Allow-Credentials.

Choices:

  • false

  • true

core.https_allowed_headers

string

Access-Control-Allow-Headers header value.

core.https_allowed_methods

string

Access-Control-Allow-Methods header value.

core.https_allowed_origin

string

Access-Control-Allow-Origin header value.

core.https_trusted_proxy

string

Comma-separated list of trusted proxy IP addresses.

core.metrics_address

string

Address to bind the metrics server to.

core.metrics_authentication

boolean

Metrics endpoint authentication.

Choices:

  • false

  • true

core.proxy_http

string

HTTP proxy to use.

core.proxy_https

string

HTTPS proxy to use.

core.proxy_ignore_hosts

string

Hosts that do not need the proxy.

core.remote_token_expiry

string

Expiry time for remote add join tokens.

core.shutdown_timeout

integer

Number of minutes to wait for running operations to complete before shutdown.

core.storage_buckets_address

string

Address to bind the storage buckets API to.

core.syslog_socket

boolean

Syslog socket listener.

Choices:

  • false

  • true

core.trust_ca_certificates

boolean

CA-signed client certificate trust.

Choices:

  • false

  • true

images.auto_update_cached

boolean

Cached image auto-update.

Choices:

  • false

  • true

images.auto_update_interval

integer

Interval in hours between image auto-update checks.

images.compression_algorithm

string

Compression algorithm to use for images.

images.default_architecture

string

Default architecture to use in mixed-architecture clusters.

images.remote_cache_expiry

integer

Number of days after which an unused cached remote image is removed.

instances.lxcfs.per_instance

boolean

Per-instance LXCFS process.

Choices:

  • false

  • true

instances.nic.host_name

string

How to set the host name for a NIC.

instances.placement.scriptlet

string

Starlark scriptlet for custom instance placement.

logging

list / elements=dictionary

Logging targets.

lifecycle.projects

string

Projects to send lifecycle events for.

lifecycle.types

string

Lifecycle event types to send.

logging.level

string

Minimum log level to send to the logger.

name

string / required

Name of the logging target.

target.address

string / required

Address of the logging target.

target.ca_cert

string

CA certificate for the server.

target.facility

string

Syslog facility for the log message.

target.instance

string

Name to use as the instance field in Loki events.

target.labels

string

Labels for a Loki log entry.

target.password

string

Password for authentication.

target.retry

integer

Number of delivery retries.

target.type

string / required

Type of logging target.

Choices:

  • "loki"

  • "syslog"

  • "webhook"

target.username

string

Username for authentication.

types

string

Events to send to the logger.

network.hwaddr_pattern

string

MAC address template for the cluster.

network.ovn.ca_cert

string

CA certificate for the OVN northbound connection.

network.ovn.client_cert

string

Client certificate for the OVN northbound connection.

network.ovn.client_key

string

Client key for the OVN northbound connection.

network.ovn.integration_bridge

string

Name of the OVS integration bridge to use.

network.ovn.northbound_connection

string

OVN northbound database connection string.

network.ovs.connection

string

OVS database connection string.

oidc.audience

string

Expected audience value for the OIDC provider.

oidc.claim

string

OIDC claim to use as the username.

oidc.client.id

string

OIDC client ID for the Incus server.

oidc.issuer

string

Issuer URL for the OIDC provider.

oidc.scopes

string

Comma-separated list of OIDC scopes to request.

openfga.api.token

string

API token for the OpenFGA server.

openfga.api.url

string

URL of the OpenFGA server.

openfga.store.id

string

OpenFGA store ID.

storage.backups_volume

string

Volume to use for storing backup tarballs.

storage.images_volume

string

Volume to use for storing image tarballs.

storage.linstor.ca_cert

string

CA certificate for the LINSTOR controller connection.

storage.linstor.client_cert

string

Client certificate for the LINSTOR controller connection.

storage.linstor.client_key

string

Client key for the LINSTOR controller connection.

storage.linstor.controller_connection

string

LINSTOR controller connection string.

storage.linstor.satellite.name

string

LINSTOR satellite node name for this server.

storage.logs_volume

string

Volume to use for storing log files.

incus_server_restart

boolean

Restart daemon when changed keys require it.

Choices:

  • false

  • true

incus_server_restart_keys

list / elements=string

Config keys that require daemon restart when changed.

Choices:

  • "core.https_address"

  • "cluster.https_address"

  • "core.bgp_address"

  • "core.dns_address"

  • "core.metrics_address"

  • "core.storage_buckets_address"

  • "core.debug_address"

  • "core.syslog_socket"

incus_server_server_cert

string

Server certificate content for API verification.

incus_server_server_cert_path

path

TLS server certificate path for API verification.

incus_server_socket_path

path

Incus Unix socket path.

incus_server_token

string

Authentication token for the Incus API.

incus_server_url

string

URL of the Incus server API.

incus_server_validate_certs

boolean

TLS certificate validation.

Choices:

  • false

  • true

Examples

- name: Ensure incus server
  hosts: incus
  tasks:
    - name: Ensure incus server
      ansible.builtin.import_role:
        name: damex.incus.incus_server
      vars:
        incus_server_config:
          core.https_address: :8443