Incus-Automation
Incus and OpenTofu Setup
What Am I Using?
Server Specs:
- Dell Optiplex 3050
- 16 Gigs of RAM
- 512 GB Hard Drive
- Ubuntu Server 24.04
What is the Plan?
- I plan on installing Incus and using ansible playbooks to easily create and destroy Incus containers.
- This document will contain how I set up Incus and how to use OpenTofu to automate the deployment of Incus containers.
Part 1 (Installing Incus):
Installing Incus:
- Run the command “sudo apt update && sudo apt install wget curl git openssh-server openvswitch-switch –y"
- Run the command “sudo apt install incus”
Assigning a static IP to Server:
Go to root user by running “sudo su -”
CD into netplan by running “cd /etc/netplan”
When you run “ls” you should get a file similar to the name of “50-cloud-init.yaml”
Make a backup of this file by running “cp 50-cloud-init.yaml 50-cloud-init.yaml.bak”
Make note of your network interfaces by running “ip –br –c a”
Nano into the 50-cloud-init.yaml file and add the following configuration:
Important:
Things you need to change include:
Adapter name (Example: enp2s0)
IP and Subnet (Example: 10.0.0.191/24)
Default gateway (Example: 10.0.0.1)
Name Servers (Examples: 10.0.0.1, 75.75.75.75, 75.75.76.76)
Save the file by doing CTRL + O, enter, and CTRL + X.
Test the configuration by running “netplan try” and you should get something like this:
If you got an error, check the configuration that we just made.
If you got no error, use “netplan apply” to apply the configuration.
Add your user to the Incus Admin group:
- Leave root user by running “exit”
- Run the command “sudo usermod –aG incus-admin connor” (connor being the username of your account)
- Log out and log back in for the changes to take effect.
Install ZFS and BTRFS for Storage Pools:
- Run the command “sudo apt install zfsutils-linux btrfs-progs –y"
Initialize Incus Installation:
Run “incus admin init”
You will get asked a series of questions. You can answer these based on your requirements. Here is what I used:
Listing Incus Containers:
Run “incus list” to view any active containers running. It is blank since we haven’t made one yet.
Run “incus image list images:”
- The output is a crazy long list of different images you can use.
Create a Bridge for our Containers:
- This bridge will allow our containers to get an IP address assigned to them.
- Run the command “incus profile create bridgeprofile”
- Next add a device connection to be used by your containers by running “incus profile device add bridgeprofile eth0 nic nictype=bridged parent=bridge0”
Launch your first Container:
Run the command “incus launch images:ubuntu/24.04 my-first-container --profile default --profile bridgeprofile”
Run the command “incus config device add my-first-container eth0 nic nictype=bridged parent=incusbr0 name=eth0”
Check your new container by running “incus list”
Part 2: Using OpenTofu to Deploy and Destroy Containers
Installing OpenTofu:
- Run the command “curl -sSL https://get.opentofu.org/install.sh | sudo bash”
Install the Incus Terraform Provider
- Run the following two commands:
- mkdir -p ~/.opentofu.d/plugins/github.com/lxc/incus/0.2.0/linux_amd64
- curl -L https://github.com/lxc/terraform-provider-incus/releases/download/v0.2.0/terraform-provider-incus_0.2.0_linux_amd64.tar.gz | tar -xz -C ~/.opentofu.d/plugins/github.com/lxc/incus/0.2.0/linux_amd64
Preparing the Configuration Files:
Make the directory using the command:
- mkdir incus-tofu && cd incus-tofu
Make a cloud-init.yaml file. Here is my configuration I used to create a user with passwordless sudo, importing my ssh keys, and connecting to my tailscale network.
Make a main.tf file. This is the OpenTofu part of the deployment. It holds all the variables for when you run the initialization.
Incoporating my Tailscale Auth Key:
- To get your Tailscale authentication key, navigate to your tailscale administrative panel.
- Click on settings
- Under “Personal Settings” click “Keys”
- Click “Generate auth key...”
- This provides you with a key to copy. Important: This key will not be able to be copied after you close the pop up. Make sure to store it somewhere safe.
- Now that you have the auth key, go back to your Linux Machine in your incus-tofu directory and make a new file.
- nano secrets.auto.tfvars
- Type “tailscale_auth_key = “Paste your key here”
Initialize and Apply the Tofu Configuration:
Type “tofu init”
- If you get errors, there is something wrong with your configuration and you will want to troubleshoot that.
After it is initialized, run the command:
- tofu apply
- It will ask you if you want to perform the actions. Simply type “yes”
- tofu apply
Check your New Container:
Run the command:
- Incus list
As you can see, it has two IPv4 addresses, one being the LAN and the other being the tailscale network. This shows that tailscale has connected.
Ssh into the container with “ssh connor@10.163.116.52”
We have successfully deployed an incus container with cloud-init and opentofu!