damex.incus.incus_cluster role – Ensure Incus cluster.

Note

This role is part of the damex.incus collection (version 1.6.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install damex.incus.

To use it in a playbook, specify: damex.incus.incus_cluster.

Entry point main – Ensure Incus cluster.

Synopsis

  • Ensure Incus cluster.

Parameters

Parameter

Comments

incus_cluster_client_cert

path

Path to the TLS client certificate for API authentication.

incus_cluster_client_key

path

Path to the TLS client key for API authentication.

incus_cluster_group

string / required

Cluster group to assign the member to.

incus_cluster_preseed

dictionary / required

Preseed configuration for the Incus cluster.

cluster

dictionary / required

Cluster-specific preseed settings.

enabled

boolean

Whether clustering is enabled.

Choices:

  • false

  • true

member_config

list / elements=dictionary

Member-specific configuration overrides.

entity

string / required

Type of entity being configured.

key

string / required

Configuration key to set.

name

string / required

Name of the entity.

value

string

Value for the configuration key.

server_address

string / required

Address of the cluster member.

server_name

string / required

Name of the cluster member.

config

dictionary / required

Server configuration key/value pairs.

acme.agree_tos

boolean

Agree to ACME terms of service.

Choices:

  • false

  • true

acme.ca_url

string

URL of the ACME directory.

acme.challenge

string

ACME challenge type to use.

Choices:

  • "HTTP-01"

  • "DNS-01"

acme.domain

string

Domain for which the certificate is issued.

acme.email

string

Email address for the ACME account.

acme.http.port

string

Port to use for HTTP-01 challenge.

acme.provider

string

DNS provider for DNS-01 challenge.

acme.provider.environment

string

Environment variables for the DNS provider.

acme.provider.resolvers

string

DNS resolvers for the DNS provider.

authorization.scriptlet

string

Starlark scriptlet for custom authorization logic.

backups.compression_algorithm

string

Compression algorithm for backups.

cluster.healing_threshold

integer

Number of seconds after which an offline member is evacuated.

cluster.https_address

string

Address to use for cluster communication.

cluster.images_minimal_replica

integer

Minimum number of cluster members with a copy of an image.

cluster.join_token_expiry

string

Expiry time for cluster join tokens.

cluster.max_standby

integer

Maximum number of standby database members.

cluster.max_voters

integer

Maximum number of voting database members.

cluster.offline_threshold

integer

Number of seconds after which a heartbeat-less member is considered offline.

cluster.rebalance.batch

integer

Number of instances to move per rebalance batch.

cluster.rebalance.cooldown

string

Cooldown period between rebalance runs.

cluster.rebalance.interval

integer

Interval in seconds between rebalance checks.

cluster.rebalance.threshold

integer

Percentage threshold to trigger rebalancing.

core.bgp_address

string

Address to bind the BGP server to.

core.bgp_asn

string

BGP Autonomous System Number for the local server.

core.bgp_routerid

string

Unique BGP router ID for the local server.

core.debug_address

string

Address to bind the pprof debug server to.

core.dns_address

string

Address to bind the authoritative DNS server to.

core.https_address

string / required

Address to bind the HTTPS API server to.

core.https_allowed_credentials

boolean

Whether to set Access-Control-Allow-Credentials.

Choices:

  • false

  • true

core.https_allowed_headers

string

Access-Control-Allow-Headers header value.

core.https_allowed_methods

string

Access-Control-Allow-Methods header value.

core.https_allowed_origin

string

Access-Control-Allow-Origin header value.

core.https_trusted_proxy

string

Comma-separated list of trusted proxy IP addresses.

core.metrics_address

string

Address to bind the metrics server to.

core.metrics_authentication

boolean

Whether to require authentication for metrics.

Choices:

  • false

  • true

core.proxy_http

string

HTTP proxy for the server to use.

core.proxy_https

string

HTTPS proxy for the server to use.

core.proxy_ignore_hosts

string

Hosts that should bypass the proxy.

core.remote_token_expiry

string

Expiry time for remote add tokens.

core.shutdown_timeout

integer

Number of minutes to wait for running operations to complete before shutdown.

core.storage_buckets_address

string

Address to bind the storage buckets server to.

core.syslog_socket

boolean

Whether to enable the syslog Unix socket listener.

Choices:

  • false

  • true

core.trust_ca_certificates

boolean

Whether to trust CA-signed client certificates.

Choices:

  • false

  • true

images.auto_update_cached

boolean

Whether to auto-update cached images.

Choices:

  • false

  • true

images.auto_update_interval

integer

Interval in hours between image update checks.

images.compression_algorithm

string

Compression algorithm for images.

images.default_architecture

string

Default architecture for images.

images.remote_cache_expiry

integer

Number of days after which unused cached images expire.

instances.lxcfs.per_instance

boolean

Whether to run a separate LXCFS per instance.

Choices:

  • false

  • true

instances.nic.host_name

string

Template for host-side veth interface names.

instances.placement.scriptlet

string

Starlark scriptlet for custom instance placement.

network.ovn.ca_cert

string

CA certificate for OVN northbound connection.

network.ovn.client_cert

string

Client certificate for OVN northbound connection.

network.ovn.client_key

string

Client key for OVN northbound connection.

network.ovn.integration_bridge

string

OVS integration bridge to use for OVN networks.

network.ovn.northbound_connection

string

OVN northbound database connection string.

network.ovs.connection

string

OVS database connection string.

oidc.audience

string

Expected audience value for OIDC tokens.

oidc.claim

string

OIDC claim to use as the username.

oidc.client.id

string

OIDC client ID.

oidc.issuer

string

OIDC issuer URL.

oidc.scopes

string

Comma-separated list of OIDC scopes to request.

openfga.api.token

string

API token for the OpenFGA server.

openfga.api.url

string

URL of the OpenFGA server.

openfga.store.id

string

OpenFGA store ID.

storage.backups_volume

string

Volume to use for storing backup tarballs.

storage.images_volume

string

Volume to use for storing image tarballs.

storage.linstor.ca_cert

string

CA certificate for LINSTOR controller connection.

storage.linstor.client_cert

string

Client certificate for LINSTOR controller connection.

storage.linstor.client_key

string

Client key for LINSTOR controller connection.

storage.linstor.controller_connection

string

LINSTOR controller connection string.

storage.linstor.satellite.name

string

Name of the LINSTOR satellite on this cluster member.

storage.logs_volume

string

Volume to use for storing log files.

incus_cluster_server_cert

path

Path to the trusted server certificate.

incus_cluster_socket_path

path

Path to the Incus Unix socket.

incus_cluster_token

string

Authentication token for the Incus API.

incus_cluster_url

string

URL of the Incus REST API endpoint.

incus_cluster_validate_certs

boolean

Whether to validate TLS certificates.

Choices:

  • false

  • true

Examples

- name: Ensure incus cluster
  hosts: incus
  tasks:
    - name: Ensure incus cluster
      ansible.builtin.import_role:
        name: damex.incus.incus_cluster
      vars:
        incus_cluster_group: incus
        incus_cluster_preseed:
          cluster:
            server_name: "{{ inventory_hostname }}"
            enabled: true
            server_address: "{{ ansible_default_ipv4.address }}:8443"
            cluster_address: "{{ ansible_default_ipv4.address }}:8443"

- name: Ensure incus cluster with letsencrypt
  hosts: incus
  tasks:
    - name: Ensure incus cluster with letsencrypt
      ansible.builtin.import_role:
        name: damex.incus.incus_cluster
      vars:
        incus_cluster_group: incus
        incus_cluster_preseed:
          config:
            acme.ca_url: https://acme-v02.api.letsencrypt.org/directory
            acme.domain: incus.example.com
            acme.agree_tos: "true"
          cluster:
            server_name: "{{ inventory_hostname }}"
            enabled: true
            server_address: "{{ ansible_default_ipv4.address }}:8443"
            cluster_address: "{{ ansible_default_ipv4.address }}:8443"