damex.incus.incus_server role – Ensure Incus server.

Note

This role is part of the damex.incus collection (version 1.6.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install damex.incus.

To use it in a playbook, specify: damex.incus.incus_server.

Entry point main – Ensure Incus server.

Synopsis

  • Ensure Incus server.

Parameters

Parameter

Comments

incus_server_force

boolean

Force preseed application even when configuration has not changed.

Choices:

  • false

  • true

incus_server_preseed

dictionary

Preseed configuration for the Incus server.

cluster

dictionary

Cluster configuration for preseed.

enabled

boolean

Whether clustering is enabled.

Choices:

  • false

  • true

server_address

string

Address of the cluster member.

server_name

string

Name of the cluster member.

config

dictionary

Server configuration key-value pairs.

acme.agree_tos

boolean

Agree to ACME terms of service.

Choices:

  • false

  • true

acme.ca_url

string

URL to the ACME CA directory.

acme.challenge

string

ACME challenge type to use.

Choices:

  • "HTTP-01"

  • "DNS-01"

acme.domain

string

Domain for which to issue the certificate.

acme.email

string

Email address for the account registration.

acme.http.port

string

Port to use for HTTP-01 challenge listener.

acme.provider

string

DNS provider for DNS-01 challenge.

acme.provider.environment

string

Environment variables for the DNS provider.

acme.provider.resolvers

string

DNS resolvers for the DNS-01 challenge.

authorization.scriptlet

string

Starlark scriptlet for custom authorization logic.

backups.compression_algorithm

string

Compression algorithm to use for backups.

cluster.healing_threshold

integer

Threshold after which an offline cluster member is evacuated.

cluster.https_address

string

Address to bind for intra-cluster communication.

cluster.images_minimal_replica

integer

Minimum number of cluster members that keep a copy of an image.

cluster.join_token_expiry

string

Expiry time for cluster join tokens.

cluster.max_standby

integer

Maximum number of standby database members.

cluster.max_voters

integer

Maximum number of voting database members.

cluster.offline_threshold

integer

Seconds after which an unresponsive member is considered offline.

cluster.rebalance.batch

integer

Number of instances to move per rebalance batch.

cluster.rebalance.cooldown

string

Cooldown period between rebalance batches.

cluster.rebalance.interval

integer

Interval in seconds between rebalance checks.

cluster.rebalance.threshold

integer

Percentage threshold to trigger instance rebalancing.

core.bgp_address

string

Address to bind the BGP server to.

core.bgp_asn

string

BGP Autonomous System Number for the local server.

core.bgp_routerid

string

BGP router ID for the local server.

core.debug_address

string

Address to bind the pprof debug server to.

core.dns_address

string

Address to bind the authoritative DNS server to.

core.https_address

string

Address to bind the remote API to.

core.https_allowed_credentials

boolean

Whether to set Access-Control-Allow-Credentials.

Choices:

  • false

  • true

core.https_allowed_headers

string

Access-Control-Allow-Headers header value.

core.https_allowed_methods

string

Access-Control-Allow-Methods header value.

core.https_allowed_origin

string

Access-Control-Allow-Origin header value.

core.https_trusted_proxy

string

Comma-separated list of trusted proxy IP addresses.

core.metrics_address

string

Address to bind the metrics server to.

core.metrics_authentication

boolean

Whether to enforce authentication on the metrics endpoint.

Choices:

  • false

  • true

core.proxy_http

string

HTTP proxy to use.

core.proxy_https

string

HTTPS proxy to use.

core.proxy_ignore_hosts

string

Hosts that do not need the proxy.

core.remote_token_expiry

string

Expiry time for remote add join tokens.

core.shutdown_timeout

integer

Number of minutes to wait for running operations to complete before shutdown.

core.storage_buckets_address

string

Address to bind the storage buckets API to.

core.syslog_socket

boolean

Whether to enable the syslog socket listener.

Choices:

  • false

  • true

core.trust_ca_certificates

boolean

Whether to trust CA-signed client certificates.

Choices:

  • false

  • true

images.auto_update_cached

boolean

Whether to auto-update cached images.

Choices:

  • false

  • true

images.auto_update_interval

integer

Interval in hours between image auto-update checks.

images.compression_algorithm

string

Compression algorithm to use for images.

images.default_architecture

string

Default architecture to use in mixed-architecture clusters.

images.remote_cache_expiry

integer

Number of days after which an unused cached remote image is removed.

instances.lxcfs.per_instance

boolean

Whether to use a per-instance LXCFS process.

Choices:

  • false

  • true

instances.nic.host_name

string

How to set the host name for a NIC.

instances.placement.scriptlet

string

Starlark scriptlet for custom instance placement.

network.ovn.ca_cert

string

CA certificate for the OVN northbound connection.

network.ovn.client_cert

string

Client certificate for the OVN northbound connection.

network.ovn.client_key

string

Client key for the OVN northbound connection.

network.ovn.integration_bridge

string

Name of the OVS integration bridge to use.

network.ovn.northbound_connection

string

OVN northbound database connection string.

network.ovs.connection

string

OVS database connection string.

oidc.audience

string

Expected audience value for the OIDC provider.

oidc.claim

string

OIDC claim to use as the username.

oidc.client.id

string

OIDC client ID for the Incus server.

oidc.issuer

string

Issuer URL for the OIDC provider.

oidc.scopes

string

Comma-separated list of OIDC scopes to request.

openfga.api.token

string

API token for the OpenFGA server.

openfga.api.url

string

URL of the OpenFGA server.

openfga.store.id

string

OpenFGA store ID.

storage.backups_volume

string

Volume to use for storing backup tarballs.

storage.images_volume

string

Volume to use for storing image tarballs.

storage.linstor.ca_cert

string

CA certificate for the LINSTOR controller connection.

storage.linstor.client_cert

string

Client certificate for the LINSTOR controller connection.

storage.linstor.client_key

string

Client key for the LINSTOR controller connection.

storage.linstor.controller_connection

string

LINSTOR controller connection string.

storage.linstor.satellite.name

string

LINSTOR satellite node name for this server.

storage.logs_volume

string

Volume to use for storing log files.

Examples

- name: Ensure incus server
  hosts: incus
  tasks:
    - name: Ensure incus server
      ansible.builtin.import_role:
        name: damex.incus.incus_server
      vars:
        incus_server_preseed:
          config:
            core.https_address: :8443