当前位置：首页 > news >正文

incus套件在主力 Linux Distros 上的安装配置与基本使用

news 2025/7/28 8:41:13

甲在 Debian 12 上的安装配置incus

root@incus:~#
root@incus:~# cat -n /etc/apt/sources.list
1 # University of Science and Technology of China
2 deb https://mirrors.ustc.edu.cn/debian/ bookworm main contrib non-free non-free-firmware
3 deb-src https://mirrors.ustc.edu.cn/debian/ bookworm main contrib non-free non-free-firmware
4 deb https://mirrors.ustc.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware
5 deb-src https://mirrors.ustc.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware
6 deb https://mirrors.ustc.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware
7 deb-src https://mirrors.ustc.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware
8 deb https://mirrors.ustc.edu.cn/debian-security/ bookworm-security main contrib non-free non-free-firmware
9 deb-src https://mirrors.ustc.edu.cn/debian-security/ bookworm-security main contrib non-free non-free-firmware
root@incus:~#

root@incus:~#
root@incus:~# curl -fsSL https://pkgs.zabbly.com/key.asc | gpg --show-keys --fingerprint
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
pub rsa3072 2023-08-23 [SC] [expires: 2025-08-22]
4EFC 5906 96CB 15B8 7C73 A3AD 82CC 8797 C838 DCFD
uid Zabbly Kernel Builds <info@zabbly.com>
sub rsa3072 2023-08-23 [E] [expires: 2025-08-22]
root@incus:~#
root@incus:~# mkdir -p /etc/apt/keyrings/ && curl -fsSL https://pkgs.zabbly.com/key.asc -o /etc/apt/keyrings/zabbly.asc
root@incus:~#

root@incus:~#
root@incus:~# sh -c 'cat <<EOF > /etc/apt/sources.list.d/zabbly-incus-stable.sources
Enabled: yes
Types: deb
URIs: https://pkgs.zabbly.com/incus/stable
Suites: $(. /etc/os-release && echo ${VERSION_CODENAME})
Components: main
Architectures: $(dpkg --print-architecture)
Signed-By: [[/etc/apt/keyrings/zabbly.asc]]
EOF'
root@incus:~#
root@incus:~# cat -n /etc/apt/sources.list.d/zabbly-incus-stable.sources
1 Enabled: yes
2 Types: deb
3 URIs: https://pkgs.zabbly.com/incus/stable
4 Suites: bookworm
5 Components: main
6 Architectures: amd64
7 Signed-By: /etc/apt/keyrings/zabbly.asc
8
root@incus:~#
root@incus:~# apt clean all && apt update -y && apt install -y incus incus-base incus-client incus-ui-canonical

root@incus:~# mkdir -vp /home/debian/incusDB/local
mkdir: created directory '/home/debian/incusDB'
mkdir: created directory '/home/debian/incusDB/local'
root@incus:~#
root@incus:~# incus storage create Local dir source=/home/debian/incusDB/local
Storage pool Local created
root@incus:~#
root@incus:~# incus storage list
+-------+--------+-------------+---------+---------+
| NAME | DRIVER | DESCRIPTION | USED BY | STATE |
+-------+--------+-------------+---------+---------+
| Local | dir | | 0 | CREATED |
+-------+--------+-------------+---------+---------+
root@incus:~#
root@incus:~# ls -Fhlart /home/debian/incusDB/local
total 40K
drwxr-xr-x 3 root incus-admin 4.0K Jul 23 00:10 ../
drwx--x--x 2 root root 4.0K Jul 23 00:11 virtual-machines-snapshots/
drwx--x--x 2 root root 4.0K Jul 23 00:11 virtual-machines/
drwx--x--x 2 root root 4.0K Jul 23 00:11 images/
drwx--x--x 2 root root 4.0K Jul 23 00:11 custom-snapshots/
drwx--x--x 2 root root 4.0K Jul 23 00:11 custom/
drwx--x--x 2 root root 4.0K Jul 23 00:11 containers-snapshots/
drwx--x--x 2 root root 4.0K Jul 23 00:11 containers/
drwx--x--x 2 root root 4.0K Jul 23 00:11 buckets/
drwxr-xr-x 10 root incus-admin 4.0K Jul 23 00:11 ./
root@incus:~#

root@incus:~#
root@incus:~# adduser debian incus-admin
Adding user `debian' to group `incus-admin' ...
Done.
root@incus:~#
root@incus:~# newgrp incus-admin
root@incus:~#
root@incus:~# incus admin init
Would you like to use clustering? (yes/no) [default=no]: no
Do you want to configure a new storage pool? (yes/no) [default=yes]: no
Would you like to create a new local network bridge? (yes/no) [default=yes]: yes
What should the new bridge be called? [default=incusbr0]:
What IPv4 address should be used? (CIDR subnet notation, 鈥渁uto鈥?or 鈥渘one鈥? [default=auto]:
What IPv6 address should be used? (CIDR subnet notation, 鈥渁uto鈥?or 鈥渘one鈥? [default=auto]:
Would you like the server to be available over the network? (yes/no) [default=no]: no
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]: yes
Would you like a YAML "init" preseed to be printed? (yes/no) [default=no]: yes

root@incus:~#

root@incus:~# incus config set core.https_address 0.0.0.0:8443
root@incus:~#
root@incus:~# incus storage list
+-------+--------+-------------+---------+---------+
| NAME | DRIVER | DESCRIPTION | USED BY | STATE |
+-------+--------+-------------+---------+---------+
| Local | dir | | 0 | CREATED |
+-------+--------+-------------+---------+---------+
root@incus:~#
root@incus:~# incus network list
+----------+----------+---------+-----------------+---------------------------+-------------+---------+---------+
| NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | STATE |
+----------+----------+---------+-----------------+---------------------------+-------------+---------+---------+
| ens33 | physical | NO | | | | 0 | |
+----------+----------+---------+-----------------+---------------------------+-------------+---------+---------+
| incusbr0 | bridge | YES | 10.138.155.1/24 | fd42:5d5f:d3d8:c15c::1/64 | | 1 | CREATED |
+----------+----------+---------+-----------------+---------------------------+-------------+---------+---------+
| lo | loopback | NO | | | | 0 | |
+----------+----------+---------+-----------------+---------------------------+-------------+---------+---------+
root@incus:~#

乙在Fedora 42 上安装配置 incus

root@Fedora:~#
root@Fedora:~# dnf search incus
Updating and loading repositories:
Repositories loaded.
Matched fields: name (exact)
incus.x86_64: Powerful system container and virtual machine manager
Matched fields: name, summary
incus-agent.x86_64: Incus guest agent
Matched fields: name
incus-client.x86_64: Container hypervisor based on LXC - Client
incus-selinux.noarch: Container hypervisor based on LXC - SELinux policy
incus-tools.x86_64: Container hypervisor based on LXC - Extra Tools
root@Fedora:~#
root@Fedora:~# dnf install -y incus incus-tools incus-agent incus-client incus-selinux
Updating and loading repositories:
Repositories loaded.
Package "incus-6.12-1.fc42.x86_64" is already installed.
Package "incus-tools-6.12-1.fc42.x86_64" is already installed.
Package "incus-agent-6.12-1.fc42.x86_64" is already installed.
Package "incus-client-6.12-1.fc42.x86_64" is already installed.
Package "incus-selinux-6.12-1.fc42.noarch" is already installed.
Nothing to do.
root@Fedora:~#
root@Fedora:~# systemctl enable --now incus-startup.service
Created symlink '/etc/systemd/system/multi-user.target.wants/incus-startup.service' 鈫?'/usr/lib/systemd/system/incus-startup.service'.
root@Fedora:~#
root@Fedora:~# systemctl enable --now incus-user.service
Created symlink '/etc/systemd/system/sockets.target.wants/incus-user.socket' 鈫?'/usr/lib/systemd/system/incus-user.socket'.
root@Fedora:~#
root@Fedora:~# systemctl enable --now incus.service
Created symlink '/etc/systemd/system/sockets.target.wants/incus.socket' 鈫?'/usr/lib/systemd/system/incus.socket'.
root@Fedora:~#
root@Fedora:~# systemctl enable --now incus-user.socket
root@Fedora:~#
root@Fedora:~# systemctl enable --now incus.socket
root@Fedora:~#
root@Fedora:~# echo "root:1000000:1000000000" | tee -a /etc/subuid [[/etc/subgid]]
root@Fedora:~#
root@Fedora:~# tail -n 1 /etc/subuid /etc/subgid
==> /etc/subuid <==
root:1000000:1000000000
==> /etc/subgid <==
root:1000000:1000000000
root@Fedora:~#
root@Fedora:~# reboot
root@Fedora:~#
root@Fedora:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:1f:1e:37 brd ff:ff:ff:ff:ff:ff
altname enp3s0
altname enx000c291f1e37
inet 192.168.81.129/24 brd 192.168.81.255 scope global dynamic noprefixroute ens160
valid_lft 1139sec preferred_lft 1139sec
inet6 fe80::a299:f21e:d8de:ee3e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: incusbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 10:66:6a:f4:7f:91 brd ff:ff:ff:ff:ff:ff
inet 10.27.151.1/24 scope global incusbr0
valid_lft forever preferred_lft forever
inet6 fd42:4c84:427:42b8::1/64 scope global
valid_lft forever preferred_lft forever
root@Fedora:~#
root@Fedora:~# incus admin init
Would you like to use clustering? (yes/no) [default=no]: yes
What IP address or DNS name should be used to reach this server? [default=192.168.81.129]:
Are you joining an existing cluster? (yes/no) [default=no]:
What member name should be used to identify this server in the cluster? [default=Fedora]:
Do you want to configure a new local storage pool? (yes/no) [default=yes]: no
Do you want to configure a new remote storage pool? (yes/no) [default=no]: no
Would you like to use an existing bridge or host interface? (yes/no) [default=no]:
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]:
Would you like a YAML "init" preseed to be printed? (yes/no) [default=no]:
root@Fedora:~#

root@Fedora:~# incus storage list
+---------+--------+-------------+---------+---------+
| NAME | DRIVER | DESCRIPTION | USED BY | STATE |
+---------+--------+-------------+---------+---------+
| default | dir | | 1 | CREATED |
+---------+--------+-------------+---------+---------+
root@Fedora:~#
root@Fedora:~# incus network list
+----------+----------+---------+----------------+--------------------------+-------------+---------+---------+
| NAME | TYPE | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | STATE |
+----------+----------+---------+----------------+--------------------------+-------------+---------+---------+
| ens160 | physical | NO | | | | 0 | |
+----------+----------+---------+----------------+--------------------------+-------------+---------+---------+
| incusbr0 | bridge | YES | 10.27.151.1/24 | fd42:4c84:427:42b8::1/64 | | 1 | CREATED |
+----------+----------+---------+----------------+--------------------------+-------------+---------+---------+
| lo | loopback | NO | | | | 0 | |
+----------+----------+---------+----------------+--------------------------+-------------+---------+---------+
root@Fedora:~#

丙在 openSUSE Leap 15.6 上安装配置 incus

openSUSE-MF:~ #
openSUSE-MF:~ # usermod -a -G incus,incus-admin opensuse
openSUSE-MF:~ #
openSUSE-MF:~ # newgrp incus-admin
openSUSE-MF:~ #
openSUSE-MF:~ # groups opensuse
opensuse : users incus-admin incus

openSUSE-MF:~ #
openSUSE-MF:~ # systemctl list-unit-files | grep "incus"
incus-startup.service disabled disabled
incus-user.service indirect disabled
incus.service disabled disabled
incus-user.socket disabled disabled
incus.socket disabled disabled
openSUSE-MF:~ #
openSUSE-MF:~ # for var in `systemctl list-unit-files | grep "incus" | awk '{print $1}'`;do systemctl enable --now $var;done
Created symlink /etc/systemd/system/multi-user.target.wants/incus-startup.service 鈫?/usr/lib/systemd/system/incus-startup.service.
Created symlink /etc/systemd/system/sockets.target.wants/incus-user.socket 鈫?/usr/lib/systemd/system/incus-user.socket.
Created symlink /etc/systemd/system/multi-user.target.wants/incus.service 鈫?/usr/lib/systemd/system/incus.service.
Created symlink /etc/systemd/system/sockets.target.wants/incus.socket 鈫?/usr/lib/systemd/system/incus.socket.
openSUSE-MF:~ #

丁在 Rocky Linux 9 上安装配置 incus

[rocky@Rocky ~]$
[rocky@Rocky ~]$ sudo su
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for rocky:
[root@Rocky rocky]#
[root@Rocky ~]# cat /etc/*release*
NAME="Rocky Linux"
VERSION="9.6 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.6"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.6 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
VENDOR_NAME="RESF"
VENDOR_URL="https://resf.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.6"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.6"
Rocky Linux release 9.6 (Blue Onyx)
Rocky Linux release 9.6 (Blue Onyx)
Derived from Red Hat Enterprise Linux 9.6
Rocky Linux release 9.6 (Blue Onyx)
cpe:/o:rocky:rocky:9::baseos
[root@Rocky ~]#
[root@Rocky rocky]# dnf repolist
repo id repo name
appstream Rocky Linux 9 - AppStream
baseos Rocky Linux 9 - BaseOS
extras Rocky Linux 9 - Extras
[root@Rocky rocky]#
[root@Rocky rocky]# dnf install epel-release -y && dnf upgrade -y
Rocky Linux 9 - BaseOS 762 kB/s | 2.5 MB 00:03
Rocky Linux 9 - AppStream 2.3 MB/s | 9.5 MB 00:04
Rocky Linux 9 - Extras 881 B/s | 17 kB 00:20
Dependencies resolved.
==============================================================================================================================================================
Package Architecture Version Repository Size
==============================================================================================================================================================
Installing:
epel-release
..................................................................................................................................................................................................................................................
Installed:
kernel-5.14.0-570.28.1.el9_6.x86_64 kernel-core-5.14.0-570.28.1.el9_6.x86_64 kernel-devel-5.14.0-570.28.1.el9_6.x86_64
kernel-modules-5.14.0-570.28.1.el9_6.x86_64 kernel-modules-core-5.14.0-570.28.1.el9_6.x86_64
Complete!
[root@Rocky rocky]#
[root@Rocky rocky]# reboot

[root@Rocky ~]#
[root@Rocky ~]# dnf config-manager --enable crb
[root@Rocky ~]#
[root@Rocky ~]# dnf copr enable neil/incus -y
Enabling a Copr repository. Please note that this repository is not part
of the main distribution, and quality may vary.
The Fedora Project does not exercise any power over the contents of
this repository beyond the rules outlined in the Copr FAQ at
<https://docs.pagure.org/copr.copr/user_documentation.html#what-i-can-build-in-copr>,
and packages are not held to any quality or security level.
Please do not file bug reports about these packages in Fedora
Bugzilla. In case of problems, contact the owner of this repository.
Repository successfully enabled.
[root@Rocky ~]#
[root@Rocky ~]# dnf repolist
repo id repo name
appstream Rocky Linux 9 - AppStream
baseos Rocky Linux 9 - BaseOS
copr:copr.fedorainfracloud.org:neil:incus Copr repo for incus owned by neil
crb Rocky Linux 9 - CRB
epel Extra Packages for Enterprise Linux 9 - x86_64
epel-cisco-openh264 Extra Packages for Enterprise Linux 9 openh264 (From Cisco) - x86_64
extras Rocky Linux 9 - Extras
zfs ZFS on Linux for EL9 - dkms
[root@Rocky ~]#
[root@Rocky ~]# dnf update -y
Copr repo for incus owned by neil 26 kB/s | 41 kB 00:01
Rocky Linux 9 - BaseOS 3.3 kB/s | 4.1 kB 00:01
Rocky Linux 9 - AppStream 4.0 kB/s | 4.5 kB 00:01
Rocky Linux 9 - CRB 1.8 MB/s | 2.8 MB 00:01
Dependencies resolved.
Nothing to do.
Complete!
[root@Rocky ~]#
[root@Rocky ~]#
[root@Rocky ~]# dnf install -y incus incus-tools

[root@Rocky ~]#
[root@Rocky ~]# systemctl list-unit-files | grep "incus"
incus-startup.service disabled disabled
incus-user.service indirect disabled
incus.service indirect disabled
incus-user.socket disabled disabled
incus.socket disabled disabled
[root@Rocky ~]#
[root@Rocky ~]# for var in `systemctl list-unit-files | grep "incus" | awk '{print $1}'`;do systemctl enable --now $var;done
Created symlink /etc/systemd/system/multi-user.target.wants/incus-startup.service 鈫?/usr/lib/systemd/system/incus-startup.service.
Created symlink /etc/systemd/system/sockets.target.wants/incus-user.socket 鈫?/usr/lib/systemd/system/incus-user.socket.
Created symlink /etc/systemd/system/sockets.target.wants/incus.socket 鈫?/usr/lib/systemd/system/incus.socket.
[root@Rocky ~]#
[root@Rocky ~]# systemctl status incus.service
鈼?incus.service - Incus - Daemon
Loaded: loaded (/usr/lib/systemd/system/incus.service; indirect; preset: disabled)
Active: active (running) since Sat 2025-07-26 16:45:07 CST; 25s ago
TriggeredBy: 鈼?incus.socket
Docs: man:incusd(1)
Main PID: 10709 (incusd)
Tasks: 18
Memory: 48.3M
CPU: 323ms
CGroup: /system.slice/incus.service
鈹溾攢10709 /usr/libexec/incus/incusd --group incus-admin
鈹斺攢10881 dnsmasq --keep-in-foreground --strict-order --bind-interfaces --except-interface=lo --pid-file= --no-ping --interface=incusbr0 --dhcp-ra>
Jul 26 16:45:07 Rocky dnsmasq-dhcp[10881]: DHCPv6 stateless on fd42:cfa:b761:4379::, constructed for incusbr0
Jul 26 16:45:07 Rocky dnsmasq-dhcp[10881]: DHCPv4-derived IPv6 names on fd42:cfa:b761:4379::, constructed for incusbr0
Jul 26 16:45:07 Rocky dnsmasq-dhcp[10881]: router advertisement on fd42:cfa:b761:4379::, constructed for incusbr0
Jul 26 16:45:07 Rocky dnsmasq-dhcp[10881]: IPv6 router advertisement enabled
Jul 26 16:45:07 Rocky dnsmasq-dhcp[10881]: DHCP, sockets bound exclusively to interface incusbr0
Jul 26 16:45:07 Rocky dnsmasq[10881]: using only locally-known addresses for domain incus
Jul 26 16:45:07 Rocky dnsmasq[10881]: reading /etc/resolv.conf
Jul 26 16:45:07 Rocky dnsmasq[10881]: using only locally-known addresses for domain incus
Jul 26 16:45:07 Rocky dnsmasq[10881]: using nameserver 192.168.81.2#53
Jul 26 16:45:07 Rocky dnsmasq[10881]: read /etc/hosts - 2 addresses
[root@Rocky ~]#
[root@Rocky ~]# incus version
To start your first container, try: incus launch images:ubuntu/22.04
Or for a virtual machine: incus launch images:ubuntu/22.04 --vm
Client version: 6.8
Server version: 6.8
[root@Rocky ~]#

[root@Rocky ~]#
[root@Rocky ~]# incus storage list
+---------+--------+-------------+---------+---------+
| NAME | DRIVER | DESCRIPTION | USED BY | STATE |
+---------+--------+-------------+---------+---------+
| default | dir | | 1 | CREATED |
+---------+--------+-------------+---------+---------+
[root@Rocky ~]#
[root@Rocky ~]# incus storage show default
config:
source: /var/lib/incus/storage-pools/default
description: ""
name: default
driver: dir
used_by:
- /1.0/profiles/default
status: Created
locations:
- none
[root@Rocky ~]#

[root@Rocky ~]#
[root@Rocky ~]# mkdir -vp /home/rocky/Datas/incus/localStorage
mkdir: created directory '/home/rocky/Datas'
mkdir: created directory '/home/rocky/Datas/incus'
mkdir: created directory '/home/rocky/Datas/incus/localStorage'
[root@Rocky ~]#
[root@Rocky ~]# incus admin init
Would you like to use clustering? (yes/no) [default=no]: no
Do you want to configure a new storage pool? (yes/no) [default=yes]: yes
Name of the new storage pool [default=default]: LocalSTR
Name of the storage backend to use (dir, lvm) [default=dir]: dir
Where should this storage pool store its data? [default=/var/lib/incus/storage-pools/LocalSTR]: /home/rocky/Datas/incus/localStorage
Would you like to create a new local network bridge? (yes/no) [default=yes]: no
Would you like to use an existing bridge or host interface? (yes/no) [default=no]: no
Would you like the server to be available over the network? (yes/no) [default=no]: no
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]: yes
Would you like a YAML "init" preseed to be printed? (yes/no) [default=no]: yes

[root@Rocky ~]#
[root@Rocky ~]# usermod -a -G wheel,incus,incus-admin rocky
[root@Rocky ~]#
[root@Rocky ~]# id rocky
uid=1000(rocky) gid=1000(rocky) groups=1000(rocky),10(wheel),981(incus-admin),980(incus)
[root@Rocky ~]#
[root@Rocky ~]# newgrp incus-admin
[root@Rocky ~]#
[root@Rocky ~]# groups rocky
rocky : rocky wheel incus-admin incus
[root@Rocky ~]#

[root@Rocky ~]#
[root@Rocky ~]# echo "root:1000000:1000000000" | tee -a /etc/subuid /etc/subgid
root:1000000:1000000000
[root@Rocky ~]#
[root@Rocky ~]# cat -n /etc/subuid
1 rocky:100000:65536
2 root:1000000:1000000000
[root@Rocky ~]#
[root@Rocky ~]# cat -n /etc/subgid
1 rocky:100000:65536
2 root:1000000:1000000000
[root@Rocky ~]#
[root@Rocky ~]# reboot
[root@Rocky ~]#

incus-server 上的防火墙设定：

[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —new-zone=incus_bridge —permanent
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —reload
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —get-zones
block dmz drop external home incus_bridge internal nm-shared public trusted work
[root@Rocky ~]#
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —zone=incus_bridge —add-interface=incusbr0 —permanent
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —zone=incus_bridge —set-target=ACCEPT —permanent
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —reload
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —zone=incus_bridge —list-all
incus_bridge (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: incusbr0
sources:
services:
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@Rocky ~]#
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —new-zone=local —permanent
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —reload
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —get-zones
block dmz drop external home incus_bridge internal local nm-shared public trusted work
[root@Rocky ~]#
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —zone=local —add-source=127.0.0.1/8 —permanent
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —zone=local —set-target=ACCEPT —permanent
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —reload
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —zone=local —list-all
local (active)
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources: 127.0.0.1/8
services:
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@Rocky ~]#
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —zone=trusted —add-source=192.168.81.0/24
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —zone=trusted —add-service=ssh
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —runtime-to-permanent
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —reload
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —zone=trusted —list-all
trusted (active)
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources: 192.168.81.0/24
services: ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@Rocky ~]#
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —zone=public —remove-service=ssh
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —runtime-to-permanent
success
[root@Rocky ~]#
[root@Rocky ~]# firewall-cmd —reload
success
[root@Rocky ~]#
[root@Rocky ~]#
[root@Rocky ~]# ip addr
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:7d:3a:12 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.81.145/24 brd 192.168.81.255 scope global dynamic noprefixroute ens160
valid_lft 1530sec preferred_lft 1530sec
inet6 fe80::20c:29ff:fe7d:3a12/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: incusbr0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 00:16:3e:99:d9:15 brd ff:ff:ff:ff:ff:ff
inet 10.121.27.1/24 scope global incusbr0
valid_lft forever preferred_lft forever
inet6 fd42:cfa:b761:4379::1/64 scope global
valid_lft forever preferred_lft forever
[root@Rocky ~]#

搜索目标镜像：

[root@Rocky ~]#
[root@Rocky ~]# incus image list images:opensuse architecture=amd64 type=container
+——————————————————+———————+————+——————————————————————+———————+—————-+—————+———————————+
| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | TYPE | SIZE | UPLOAD DATE |
+——————————————————+———————+————+——————————————————————+———————+—————-+—————+———————————+
| opensuse/15.5 (3 more) | 2c7456e05e7b | yes | Opensuse 15.5 amd64 (20250726_04:20) | x86_64 | CONTAINER | 47.91MiB | 2025/07/26 08:00 CST |
+——————————————————+———————+————+——————————————————————+———————+—————-+—————+———————————+
| opensuse/15.6 (3 more) | 57bacbca2608 | yes | Opensuse 15.6 amd64 (20250726_04:20) | x86_64 | CONTAINER | 44.21MiB | 2025/07/26 08:00 CST |
+——————————————————+———————+————+——————————————————————+———————+—————-+—————+———————————+
| opensuse/15.6/cloud (1 more) | ded195b7ad56 | yes | Opensuse 15.6 amd64 (20250726_04:20) | x86_64 | CONTAINER | 74.47MiB | 2025/07/26 08:00 CST |
+——————————————————+———————+————+——————————————————————+———————+—————-+—————+———————————+
| opensuse/tumbleweed (3 more) | e21baadabfc2 | yes | Opensuse tumbleweed amd64 (20250726_04:20) | x86_64 | CONTAINER | 44.52MiB | 2025/07/26 08:00 CST |
+——————————————————+———————+————+——————————————————————+———————+—————-+—————+———————————+
| opensuse/tumbleweed/cloud (1 more) | 7cf9160f154d | yes | Opensuse tumbleweed amd64 (20250726_04:20) | x86_64 | CONTAINER | 72.61MiB | 2025/07/26 08:00 CST |
+——————————————————+———————+————+——————————————————————+———————+—————-+—————+———————————+
[root@Rocky ~]#

给 incus-instance 配置指定的 DHCP-IP
[root@Rocky ~]#
[root@Rocky ~]# incus profile create macvlan
Profile macvlan created
[root@Rocky ~]#
[root@Rocky ~]# incus profile list
+————-+———————————-+————-+
| NAME | DESCRIPTION | USED BY |
+————-+———————————-+————-+
| default | Default Incus profile | 1 |
+————-+———————————-+————-+
| macvlan | | 0 |
+————-+———————————-+————-+
[root@Rocky ~]#
[root@Rocky ~]# incus profile show macvlan
config: {}
description: “”
devices: {}
name: macvlan
used_by: []
project: default
[root@Rocky ~]#
[root@Rocky ~]# incus profile device add macvlan eth0 nic nictype=macvlan parent=ens160
Device eth0 added to macvlan
[root@Rocky ~]#
[root@Rocky ~]# incus profile show macvlan
config: {}
description: “”
devices:
eth0:
nictype: macvlan
parent: ens160
type: nic
name: macvlan
used_by: []
project: default
[root@Rocky ~]#
[root@Rocky ~]# ip addr
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:7d:3a:12 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.81.145/24 brd 192.168.81.255 scope global dynamic noprefixroute ens160
valid_lft 1203sec preferred_lft 1203sec
inet6 fe80::20c:29ff:fe7d:3a12/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: incusbr0: mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:99:d9:15 brd ff:ff:ff:ff:ff:ff
inet 10.121.27.1/24 scope global incusbr0
valid_lft forever preferred_lft forever
inet6 fd42:cfa:b761:4379::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe99:d915/64 scope link
valid_lft forever preferred_lft forever
5: veth1fc477e1@if4: mtu 1500 qdisc noqueue master incusbr0 state UP group default qlen 1000
link/ether 3a:e8:9c:99:b8:d0 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@Rocky ~]#
[root@Rocky ~]# incus launch images:almalinux/9 Almalinux-9-LXC —config limits.cpu=1 —config limits.memory=192MiB
Launching Almalinux-9-LXC
[root@Rocky ~]#
[root@Rocky ~]# incus profile assign Almalinux-9-LXC default,macvlan
Profiles default,macvlan applied to Almalinux-9-LXC
[root@Rocky ~]#
[root@Rocky ~]# incus list
+————————-+————-+———————————-+———+—————-+—————-+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+————————-+————-+———————————-+———+—————-+—————-+
| Almalinux-9-LXC | RUNNING | | | CONTAINER | 0 |
+————————-+————-+———————————-+———+—————-+—————-+
[root@Rocky ~]# incus shell Almalinux-9-LXC
Last login: Sat Jul 26 11:49:35 UTC 2025 on pts/1
[root@Almalinux-9-LXC ~]#
[root@Almalinux-9-LXC ~]# whereis dhclient
dhclient: /usr/sbin/dhclient /usr/share/man/man8/dhclient.8.gz
[root@Almalinux-9-LXC ~]#
[root@Almalinux-9-LXC ~]# dhclient —help
Usage: dhclient [-4|-6] [-SNTPRI1dvrxi] [-nw] [-p ] [-D LL|LLT]
[—dad-wait-time ] [—prefix-len-hint ]
[—decline-wait-time ]
[—address-prefix-len ]
[-s server-addr] [-cf config-file]
[-df duid-file] [-lf lease-file]
[-pf pid-file] [—no-pid] [-e VAR=val]
[-sf script-file] [interface]*
[-C ] [-B]
[-H | -F ] [—timeout ]
[-V ]
[—request-options ]
dhclient {—version|—help|-h}
[root@Almalinux-9-LXC ~]#
[root@Almalinux-9-LXC ~]# crontab -e
no crontab for root - using an empty one
[root@Almalinux-9-LXC ~]#
[root@Almalinux-9-LXC ~]# crontab -l
@reboot /usr/sbin/dhclient
[root@Almalinux-9-LXC ~]#
[root@Almalinux-9-LXC ~]# exit
logout
[root@Rocky ~]#
[root@Rocky ~]# incus restart Almalinux-9-LXC
[root@Rocky ~]# incus list
+————————-+————-+———————————-+———+—————-+—————-+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+————————-+————-+———————————-+———+—————-+—————-+
| Almalinux-9-LXC | RUNNING | 192.168.81.147 (eth0) | | CONTAINER | 0 |
+————————-+————-+———————————-+———+—————-+—————-+
[root@Rocky ~]#

为 incus-instance 指定一个 static-IP

[root@Rocky ~]#
[root@Rocky ~]# incus launch images:rockylinux/9 Rockylinux-9-LXC —config limits.cpu=1 —config limits.memory=192MiB
Launching Rockylinux-9-LXC
[root@Rocky ~]#
[root@Rocky ~]# incus profile assign Rockylinux-9-LXC default,macvlan
Profiles default,macvlan applied to Rockylinux-9-LXC
[root@Rocky ~]#
[root@Rocky ~]# incus list
+—————————+————-+———————————-+———+—————-+—————-+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+—————————+————-+———————————-+———+—————-+—————-+
| Almalinux-9-LXC | RUNNING | 192.168.81.147 (eth0) | | CONTAINER | 0 |
+—————————+————-+———————————-+———+—————-+—————-+
| Rockylinux-9-LXC | RUNNING | | | CONTAINER | 0 |
+—————————+————-+———————————-+———+—————-+—————-+
[root@Rocky ~]#
[root@Rocky ~]# incus shell Rockylinux-9-LXC
[root@Rockylinux-9-LXC ~]#
[root@Rockylinux-9-LXC ~]# nano —help
-bash: nano: command not found
[root@Rockylinux-9-LXC ~]#
[root@Rockylinux-9-LXC ~]# vim —help
-bash: vim: command not found
[root@Rockylinux-9-LXC ~]#
[root@Rockylinux-9-LXC ~]# vi —help
VIM - Vi IMproved 8.2 (2019 Dec 12, compiled Feb 25 2025 00:00:00)
Usage: vim [arguments] [file ..] edit specified file(s)
or: vim [arguments] - read text from stdin
or: vim [arguments] -t tag edit file where tag is defined
Arguments:
— Only file names after this
-v Vi mode (like “vi”)
-e Ex mode (like “ex”)
-E Improved Ex mode
-s Silent (batch) mode (only for “ex”)
-y Easy mode (like “evim”, modeless)
-R Readonly mode (like “view”)
-Z Restricted mode (like “rvim”)
-m Modifications (writing files) not allowed
-M Modifications in text not allowed
-b Binary mode
-C Compatible with Vi: ‘compatible’
-N Not fully Vi compatible: ‘nocompatible’
-V[N][fname] Be verbose [level N] [log messages to fname]
-n No swap file, use memory only
-r List swap files and exit
-r (with file name) Recover crashed session
-L Same as -r
-T Set terminal type to
—not-a-term Skip warning for input/output not being a terminal
—ttyfail Exit if input or output is not a terminal
-u Use instead of any .vimrc
—noplugin Don’t load plugin scripts
-p[N] Open N tab pages (default: one for each file)
-o[N] Open N windows (default: one for each file)
-O[N] Like -o but split vertically

Start at end of file
Start at line
—cmd Execute before loading any vimrc file
-c Execute after loading the first file
-S Source file after loading the first file
-s Read Normal mode commands from file
-w Append all typed commands to file
-W Write all typed commands to file
—clean ‘nocompatible’, Vim defaults, no plugins, no viminfo
-h or —help Print Help (this message) and exit
—version Print version information and exit
[root@Rockylinux-9-LXC ~]#
[root@Rockylinux-9-LXC ~]# vi /usr/local/sbin/getStaticIP.sh
[root@Rockylinux-9-LXC ~]#
[root@Rockylinux-9-LXC ~]# cat -n /usr/local/sbin/getStaticIP.sh
1 #!/usr/bin/env bash
2
3 /usr/sbin/ip link set dev eth0 name net0
4 /usr/sbin/ip addr add 192.168.81.155/24 dev net0
5 /usr/sbin/ip link set dev net0 up
6 sleep 2
7 /usr/sbin/ip route add default via 192.168.81.1
[root@Rockylinux-9-LXC ~]#
[root@Rockylinux-9-LXC ~]# chmod 755 /usr/local/sbin/getStaticIP.sh
[root@Rockylinux-9-LXC ~]#
[root@Rockylinux-9-LXC ~]# crontab -l
no crontab for root
[root@Rockylinux-9-LXC ~]#
[root@Rockylinux-9-LXC ~]# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
[root@Rockylinux-9-LXC ~]#
[root@Rockylinux-9-LXC ~]# crontab -l
@reboot /usr/local/sbin/getStaticIP.sh
[root@Rockylinux-9-LXC ~]#
[root@Rockylinux-9-LXC ~]# exit
logout
[root@Rocky ~]#
[root@Rocky ~]# incus restart Rockylinux-9-LXC
[root@Rocky ~]#
[root@Rocky ~]# incus list
+—————————+————-+———————————-+———+—————-+—————-+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+—————————+————-+———————————-+———+—————-+—————-+
| Almalinux-9-LXC | RUNNING | 192.168.81.147 (eth0) | | CONTAINER | 0 |
+—————————+————-+———————————-+———+—————-+—————-+
| Rockylinux-9-LXC | RUNNING | 192.168.81.155 (net0) | | CONTAINER | 0 |
+—————————+————-+———————————-+———+—————-+—————-+
[root@Rocky ~]#
关于一个incus-server及其对应的 snapshot server
假定incus-server和snapshot-server 对应的 IP和hostname如下：
192.168.1.106 incus-primary
192.168.1.141 incus-snapshot
1）将此对应关系分别写入到 incus-server和snapshot-server 的 /etc/hosts 中。
2）在 incus-server（192.168.1.106）上设定防火墙策略：
firewall-cmd zone=trusted add-source=192.168.1.141 —permanent
firewall-cmd reload
3）在 snapshot-server（192.168.1.141）上设定防火墙策略：
firewall-cmd zone=trusted add-source=192.168.1.106 —permanent
firewall-cmd reload
4）从 incus-server 上添加对 snapshot-server 的访问链接关系：
incus remote add 快照服务器的hostname
【此时你需要输入一个密码，这个密码就是初始化 incus-server 时设定的密码】
5）使用网路配置文件 macvlan 给 snapshot-server 添加同一网段IP地址：
incus profile copy macvlan 快照服务器的hostname
6）为某个实例创建一个快照
incus snapshot Almalinux-9-LXC Almalinux-9-LXC-snap20250725
7）把新建的实例快照发送到 snapshot-server
incus copy Almalinux-9-LXC/Almalinux-9-LXC-snap20250725 快照服务器的hostname:Almalinux-9-LXC
8）在 snapshot-server 上执行：
incus list
incus config set Almalinux-9-LXC boot.autostart 0
9）此时可以先在 incus-server（192.168.1.106）上停止正在运行的 Almalinux-9-LXC 、并在 snapshot-server（192.168.1.141）上启动备份过来的 Almalinux-9-LXC
一个自动创建实例快照的shell程序
tee -a /usr/local/sbin/refreshcontainers.sh <<-‘eof’

!/bin/bash
This script is for doing an lxc copy —refresh against each container, copying
and updating them to the snapshot server.
for x in $(/var/lib/snapd/snap/bin/lxc ls -c n —format csv)
do echo “Refreshing $x”
/var/lib/snapd/snap/bin/lxc copy —refresh $x incus-snapshot:$x
done
eof
chmod +x /usr/local/sbin/refreshcontainers.sh
chown incusadmin:incusadmin /usr/local/sbin/refreshcontainers.sh
编辑 crontab 排程任务（crontab -e）：00 22 * /usr/local/sbin/refreshcontainers.sh > /home/incusadmin/refreshlog 2>&1

查看全文

http://www.dtcms.com/a/301254.html