My Incus playground.
This will:
- Install Incus.
- Set up projects:
foo.bar.
- Set up projects:
- Install Keycloak as the Incus authentication provider (a OpenID Connect (OIDC) provider).
- Set up users:
alice.bob.
- Set up users:
- Install OpenFGA as the Incus authorization provider.
- Set up user authorizations:
- For
alice:- Grant the
adminrole on theincusserver.
- Grant the
- For
bob:- Grant the
operatorrole on thefooproject.
- Grant the
- For
- Set up user authorizations:
Install the Base Debian 12 Box.
Add the following entries to your hosts file:
10.0.0.10 pandora.incus.test
10.0.0.20 incus.test
Launch the environment:
vagrant up --provider=libvirt --no-destroy-on-error --no-ttyTry executing some workloads:
# ssh into into the vagrant created VM.
vagrant ssh incus
# switch to root.
sudo -i
# run a system container.
incus launch images:debian/12 debian-ct
incus info debian-ct
incus config show debian-ct
incus exec debian-ct -- cat /etc/os-release
incus exec debian-ct -- ip addr
incus exec debian-ct -- mount
incus exec debian-ct -- df -h
incus exec debian-ct -- ps axw
# run a application container.
incus remote add docker https://docker.io --protocol oci
incus launch docker:debian:12-slim debian-app-ct
incus info debian-app-ct
incus config show debian-app-ct
incus exec debian-app-ct -- bash -c 'apt-get update && apt-get install -y iproute2 procps'
incus exec debian-app-ct -- cat /etc/os-release
incus exec debian-app-ct -- ip addr
incus exec debian-app-ct -- mount
incus exec debian-app-ct -- df -h
incus exec debian-app-ct -- ps axw
# run a virtual machine.
incus launch images:debian/12 debian-vm --vm
incus info debian-vm
incus config show debian-vm
incus exec debian-vm -- cat /etc/os-release
incus exec debian-vm -- ip addr
incus exec debian-vm -- mount
incus exec debian-vm -- df -h
incus exec debian-vm -- ps axw
# show information.
incus info
incus list
incus image list
if [ -n "$(incus storage info default | grep 'driver: btrfs')" ]; then
btrfs filesystem show
btrfs filesystem df -h /var/lib/incus/storage-pools/default
btrfs subvolume list -t /var/lib/incus/storage-pools/default
fi
if [ -n "$(incus storage info default | grep 'driver: zfs')" ]; then
zfs list
zfs get all incus/containers/debian-ct
zfs get all incus/virtual-machines/debian-vm
fi
nft list ruleset
# stop and delete.
incus stop debian-ct
incus stop debian-app-ct
incus stop debian-vm
incus delete debian-ct
incus delete debian-app-ct
incus delete debian-vmAccess Keycloak at:
Access Incus at:
Test the OIDC authentication:
vagrant ssh pandora
# login as alice:alice (as defined in keycloak/main.tf).
# then, repeat this whole section as bob:bob.
# NB you can manage your authentication at:
# https://pandora.incus.test:8443/realms/pandora/account
incus remote add incus.test --auth-type oidc
incus remote list
incus info incus.test:
incus info incus.test: | grep auth_ # check your user information.
incus project list incus.test:
incus launch images:debian/12 incus.test:debian-ct
incus list incus.test:
incus list incus.test: --all-projects
incus config show incus.test:debian-ct
incus exec incus.test:debian-ct -- cat /etc/os-release
incus stop incus.test:debian-ct
incus delete incus.test:debian-ct
incus remote remove incus.test
exitPlay with OpenFGA:
vagrant ssh pandora
sudo -i
export FGA_STORE_ID="$(jq -r .store.id /vagrant/shared/openfga-incus.json)"
fga store list
fga tuple read
exit
exitList this repository dependencies (and which have newer versions):
export GITHUB_COM_TOKEN='YOUR_GITHUB_PERSONAL_TOKEN'
./renovate.sh- Incus documentation
- Incus Authentication (OpenID Connect (OIDC))
- Incus Authorization (OpenFGA)
- Incus repository
- Incus package repository
- distrobuilder: System container and VM image builder for Incus and LXC
- Images for containers and virtual machines
- BTRFS documentation
- BTRFS Incus storage driver
- BTRFS Debian wiki
- ZFS Debian wiki
- ZFS Incus storage driver
- ZFS repository