Created
March 6, 2025 08:44
-
-
Save vancanhuit/c9de95f3f03e33a98c4e78a21cdb9b00 to your computer and use it in GitHub Desktop.
Incus RHEL profile with Macvlan network
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -e | |
| name=${1} | |
| [[ -z ${name} ]] && { | |
| echo "Name must be provided." | |
| exit 1 | |
| } | |
| opts=() | |
| target=${2} | |
| [[ -n ${target} ]] && opts+=("--target ${target}") | |
| incus create images:almalinux/9/cloud ${name} --profile rhel ${opts[@]} | |
| # Remember to change IP address and default gateway corresponding to your network | |
| # Change the IP address for each newly created instance with `incus config edit <instance_name>` | |
| cat <<EOF | incus config set ${name} cloud-init.user-data - | |
| #cloud-config | |
| bootcmd: | |
| - echo '[main]' > /etc/NetworkManager/conf.d/90-dns-none.conf | |
| - echo 'dns=none' >> /etc/NetworkManager/conf.d/90-dns-none.conf | |
| - /usr/sbin/ip link set dev eth0 name net0 | |
| - /usr/sbin/ip addr add 10.3.120.10/26 dev net0 | |
| - /usr/sbin/ip link set dev net0 up | |
| - /usr/sbin/ip route add default via 10.3.120.1 | |
| - echo 'search onelab.internal' > /etc/resolv.conf | |
| - echo 'nameserver 10.3.120.10' >> /etc/resolv.conf | |
| - echo 'nameserver 10.3.120.11' >> /etc/resolv.conf | |
| EOF |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -e | |
| name=${1} | |
| [[ -z ${name} ]] && { | |
| echo "Name must be provided." | |
| exit 1 | |
| } | |
| opts=() | |
| target=${2} | |
| [[ -n ${target} ]] && opts+=("--target ${target}") | |
| incus create images:almalinux/9/cloud ${name} --vm --profile rhel --profile vm-config ${opts[@]} | |
| # Remember to change IP address and default gateway corresponding to your network | |
| # Change the IP address for each newly created instance with `incus config edit <instance_name>` | |
| cat <<EOF | incus config set ${name} cloud-init.network-config - | |
| network: | |
| version: 2 | |
| renderer: NetworkManager | |
| ethernets: | |
| enp5s0: | |
| dhcp4: false | |
| routes: | |
| - to: 0.0.0.0/0 | |
| via: 10.3.120.1 | |
| addresses: | |
| - 10.3.120.10/26 | |
| nameservers: | |
| search: | |
| - onelab.internal | |
| addresses: | |
| - 10.3.120.10 | |
| - 10.3.120.11 | |
| EOF |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| onfig: | |
| cloud-init.vendor-data: | | |
| ## template: jinja | |
| #cloud-config | |
| write_files: | |
| - content: | | |
| install_weak_deps=False | |
| path: /etc/dnf/dnf.conf | |
| append: true | |
| - content: | |
| Subsystem sftp /usr/libexec/openssh/sftp-server | |
| path: /etc/ssh/sshd_config | |
| append: true | |
| defer: true | |
| package_upgrade: true | |
| yum_repos: | |
| epel-release: | |
| name: Extra Packages for Enterprise Linux $releasever - $basearch | |
| baseurl: https://dl.fedoraproject.org/pub/epel/$releasever/Everything/$basearch/ | |
| metalink: https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir | |
| countme: 1 | |
| gpgcheck: true | |
| gpgkey: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-$releasever | |
| packages: | |
| - bash-completion | |
| - openssh-server | |
| - curl | |
| - wget | |
| - htop | |
| - vim | |
| - tar | |
| - man | |
| - firewalld | |
| - certbot | |
| hostname: "{{ ds.meta_data.instance_id }}.onelab.internal" | |
| disable_root: false | |
| ssh_authorized_keys: | |
| - ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAEKHgPKQYqcSzNDIoYzwbAQoDGk7/mDYXidB1ND+7ycYrKk8lqWpdpZiWkstnGuhHEH77sZM02UgtJDS8k6lGpuxQGBO3yhOPU+rLIoNcxqyZfYAwCR4GZa4UpjN4SYNGkFZnXOGWBIhlU0QZHPpGnoRZGtun7+KpS2fHnXCWLyPxO8KA== endava\cvdinh@ENDAUTOCYLDJzBn | |
| - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRupaZq0iZCnFI7634CNY2ba4HwUq3eBqnhQhE2kFQW cvdinh@ENDAUTOCYLDJzBn | |
| timezone: Asia/Ho_Chi_Minh | |
| runcmd: | |
| - systemctl set-default multi-user.target | |
| - systemctl enable --now sshd.service | |
| - systemctl enable --now firewalld.service | |
| - firewall-cmd --remove-service=cockpit --permanent | |
| - firewall-cmd --remove-service=dhcpv6-client --permanent | |
| - firewall-cmd --add-service=http --permanent | |
| - firewall-cmd --add-service=ssh --permanent | |
| - firewall-cmd --reload | |
| - mandb | |
| - curl -Lk https://ca.onelab.internal/roots.pem -o /etc/pki/ca-trust/source/anchors/ca.crt | |
| - update-ca-trust extract | |
| limits.cpu: "1" | |
| limits.memory: 2GiB | |
| snapshots.expiry: 3H | |
| snapshots.pattern: '{{ creation_date|date:''2006-01-02_15-04-05'' }}' | |
| snapshots.schedule: '@hourly' | |
| description: RHEL Incus profile | |
| devices: | |
| eth0: | |
| name: eth0 | |
| network: onelab | |
| type: nic | |
| root: | |
| path: / | |
| pool: local | |
| type: disk | |
| name: rhel | |
| used_by: [] | |
| project: default |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config: | |
| cloud-init.user-data: | | |
| #cloud-config | |
| bootcmd: | |
| - setenforce 0 | |
| packages: | |
| - bash-completion | |
| - openssh-server | |
| - curl | |
| - wget | |
| - htop | |
| - vim | |
| - tar | |
| - man | |
| - firewalld | |
| - certbot | |
| - chrony | |
| runcmd: | |
| - systemctl set-default multi-user.target | |
| - systemctl enable --now sshd.service | |
| - systemctl enable --now chronyd.service | |
| - systemctl enable --now firewalld.service | |
| - firewall-cmd --remove-service=cockpit --permanent | |
| - firewall-cmd --remove-service=dhcpv6-client --permanent | |
| - firewall-cmd --add-service=http --permanent | |
| - firewall-cmd --add-service=ssh --permanent | |
| - firewall-cmd --reload | |
| - mandb | |
| - grub2-mkconfig -o /boot/grub2/grub.cfg | |
| - grubby --update-kernel ALL --args selinux=0 | |
| - sed -i 's/^\(SELINUX\)=enforcing/\1=permissive/' /etc/selinux/config | |
| - curl -Lk https://ca.onelab.internal/roots.pem -o /etc/pki/ca-trust/source/anchors/ca.crt | |
| - update-ca-trust extract | |
| limits.cpu: "1" | |
| limits.memory: 2GiB | |
| description: Profile for VM | |
| devices: | |
| agent: | |
| source: agent:config | |
| type: disk | |
| name: vm-config | |
| used_by: [] | |
| project: default |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment