Server configuration¶
The Incus server can be configured through a set of key/value configuration options.
The key/value configuration is namespaced. The following options are available:
See How to configure the Incus server for instructions on how to set the configuration options.
Note
Options marked with a global
scope are immediately applied to all cluster members.
Options with a local
scope must be set on a per-member basis.
Core configuration¶
The following server options control the core daemon configuration:
Key: | core.bgp_address |
Type: | string |
Scope: | local |
Key: | core.bgp_asn |
Type: | string |
Scope: | global |
Key: | core.bgp_routerid |
Type: | string |
Scope: | local |
The identifier must be formatted as an IPv4 address.
Key: | core.debug_address |
Type: | string |
Scope: | local |
Key: | core.dns_address |
Type: | string |
Scope: | local |
Key: | core.https_address |
Type: | string |
Scope: | local |
Key: | core.https_allowed_credentials |
Type: | bool |
Default: |
|
Scope: | global |
If enabled, the Access-Control-Allow-Credentials
HTTP header value is set to true
.
Key: | core.https_allowed_headers |
Type: | string |
Scope: | global |
Key: | core.https_allowed_methods |
Type: | string |
Scope: | global |
Key: | core.https_allowed_origin |
Type: | string |
Scope: | global |
Key: | core.https_trusted_proxy |
Type: | string |
Scope: | global |
Specify a comma-separated list of IP addresses of trusted servers that provide the client’s address through the proxy connection header.
Key: | core.metrics_address |
Type: | string |
Scope: | local |
Key: | core.metrics_authentication |
Type: | bool |
Default: |
|
Scope: | global |
Key: | core.proxy_http |
Type: | string |
Scope: | global |
If this option is not specified, the daemon falls back to the HTTP_PROXY
environment variable (if set).
Key: | core.proxy_https |
Type: | string |
Scope: | global |
If this option is not specified, the daemon falls back to the HTTPS_PROXY
environment variable (if set).
Key: | core.proxy_ignore_hosts |
Type: | string |
Scope: | global |
Specify this option in a similar format to NO_PROXY
(for example, 1.2.3.4,1.2.3.5
)
If this option is not specified, the daemon falls back to the NO_PROXY
environment variable (if set).
Key: | core.remote_token_expiry |
Type: | string |
Default: | no expiry |
Scope: | global |
Key: | core.shutdown_timeout |
Type: | integer |
Default: |
|
Scope: | global |
Specify the number of minutes to wait for running operations to complete before the daemon shuts down.
Key: | core.storage_buckets_address |
Type: | string |
Scope: | local |
Key: | core.syslog_socket |
Type: | bool |
Default: |
|
Scope: | local |
Set this option to true
to enable the syslog unixgram socket to receive log messages from external processes.
ACME configuration¶
The following server options control the ACME configuration:
Key: | acme.agree_tos |
Type: | bool |
Default: |
|
Scope: | global |
Key: | acme.ca_url |
Type: | string |
Default: |
|
Scope: | global |
OpenID Connect configuration¶
The following server options configure external user authentication through OpenID Connect authentication:
Key: | oidc.audience |
Type: | string |
Scope: | global |
This value is required by some providers.
Key: | oidc.issuer |
Type: | string |
Scope: | global |
OpenFGA configuration¶
The following server options configure external user authorization through Open Fine-Grained Authorization (OpenFGA):
Cluster configuration¶
The following server options control Clustering:
Key: | cluster.healing_threshold |
Type: | integer |
Default: |
|
Scope: | global |
Specify the number of seconds after which an offline cluster member is to be evacuated.
To disable evacuating offline members, set this option to 0
.
Key: | cluster.https_address |
Type: | string |
Scope: | local |
Key: | cluster.images_minimal_replica |
Type: | integer |
Default: |
|
Scope: | global |
Specify the minimal number of cluster members that keep a copy of a particular image.
Set this option to 1
for no replication, or to -1
to replicate images on all members.
Key: | cluster.join_token_expiry |
Type: | string |
Default: |
|
Scope: | global |
Key: | cluster.max_standby |
Type: | integer |
Default: |
|
Scope: | global |
Specify the maximum number of cluster members that are assigned the database stand-by role.
This must be a number between 0
and 5
.
Key: | cluster.max_voters |
Type: | integer |
Default: |
|
Scope: | global |
Specify the maximum number of cluster members that are assigned the database voter role.
This must be an odd number >= 3
.
Key: | cluster.offline_threshold |
Type: | integer |
Default: |
|
Scope: | global |
Specify the number of seconds after which an unresponsive member is considered offline.
Key: | cluster.rebalance.batch |
Type: | integer |
Default: |
|
Scope: | global |
Key: | cluster.rebalance.cooldown |
Type: | string |
Default: |
|
Scope: | global |
Images configuration¶
The following server options configure how to handle Images:
Key: | images.auto_update_cached |
Type: | bool |
Default: |
|
Scope: | global |
Key: | images.auto_update_interval |
Type: | integer |
Default: |
|
Scope: | global |
Specify the interval in hours.
To disable looking for updates to cached images, set this option to 0
.
Key: | images.compression_algorithm |
Type: | string |
Default: |
|
Scope: | global |
Possible values are bzip2
, gzip
, lzma
, xz
, or none
.
Key: | images.default_architecture |
Type: | string |
Loki configuration¶
The following server options configure the external log aggregation system:
Key: | loki.api.url |
Type: | string |
Scope: | global |
Specify the protocol, name or IP and port. For example https://loki.example.com:3100
. Incus will automatically add the /loki/api/v1/push
suffix so there’s no need to add it here.
Key: | loki.auth.password |
Type: | string |
Scope: | global |
Key: | loki.auth.username |
Type: | string |
Scope: | global |
Key: | loki.instance |
Type: | string |
Default: | Local server host name or cluster member name |
Scope: | global |
This allows replacing the default instance value (server host name) by a more relevant value like a cluster identifier.
Key: | loki.labels |
Type: | string |
Scope: | global |
Specify a comma-separated list of values that should be used as labels for a Loki log entry.
Key: | loki.loglevel |
Type: | string |
Default: |
|
Scope: | global |
Miscellaneous options¶
The following server options configure server-specific settings for Instances, OVN integration, Backups and Storage:
Key: | authorization.scriptlet |
Type: | string |
Scope: | global |
When using scriptlet-based authorization, this option stores the scriptlet.
Key: | backups.compression_algorithm |
Type: | string |
Default: |
|
Scope: | global |
Possible values are bzip2
, gzip
, lzma
, xz
, or none
.
Key: | instances.lxcfs.per_instance |
Type: | bool |
Default: |
|
Scope: | global |
LXCFS is used to provide overlays for common /proc
and /sys
files which reflect the resource limits applied to the container.
It normally operates through a single file system mount on the host which is then shared by all containers. This is very efficient but comes with the downside that a crash of LXCFS will break all containers.
With this option, it’s now possible to run a LXCFS instance per container instead, using more system resources but reducing the impact of a crash.
Key: | instances.nic.host_name |
Type: | string |
Default: |
|
Scope: | global |
Possible values are random
and mac
.
If set to random
, use the random host interface name as the host name.
If set to mac
, generate a host name in the form inc<mac_address>
(MAC without leading two digits).
Key: | instances.placement.scriptlet |
Type: | string |
Scope: | global |
When using custom automatic instance placement logic, this option stores the scriptlet. See Instance placement scriptlet for more information.
Key: | network.ovn.ca_cert |
Type: | string |
Default: | Content of |
Scope: | global |
Key: | network.ovn.client_cert |
Type: | string |
Default: | Content of |
Scope: | global |
Key: | network.ovn.client_key |
Type: | string |
Default: | Content of |
Scope: | global |
Key: | network.ovn.integration_bridge |
Type: | string |
Default: |
|
Scope: | global |
Key: | network.ovn.northbound_connection |
Type: | string |
Default: |
|
Scope: | global |
Key: | network.ovs.connection |
Type: | string |
Default: |
|
Scope: | global |
Key: | storage.backups_volume |
Type: | string |
Scope: | local |
Specify the volume using the syntax POOL/VOLUME
.
User options¶
Additional user defined configuration keys are available within the user.
namespace.
Note that keys starting with user.ui.
are used for web UI configuration options and are visible even to unauthenticated users.