zranx
January 25, 2025, 11:38pm
1
Hi, new to incus (and system containers in general). I wanted to ask if it would be possible or if it is planned to add Fedora CoreOS images to incus default registry to run as containers? I wanted to try an immutable OS to run my application containers with easy future OS upgrades…
stgraber
January 26, 2025, 7:21pm
2
We’ve tried providing Ubuntu Core images in the past, but found that immutable Linux distros really don’t play well with running inside of containers as they generally require the ability to set up pretty complex filesystem layering right at boot time as well as the ability to swap between versions at boot (and rollback).
That kind of logic is usually handled by the bootloader and/or initrd, neither of which exist in a container world.
So in general, I’d recommend using a VM for such cases.
1 Like
rugk
June 20, 2026, 4:50pm
3
For the record here a backlink to the Fedora CoreOS project/issue on that issue:
opened 04:48PM - 20 Jun 26 UTC
kind/enhancement
area/platforms
### Why is the platform important? Who uses it?
[Incus](https://linuxcontainer… s.org/incus/) is a great fork of [LXD](https://canonical.com/lxd), which advertises itself as "Lightweight open source virtualization with LXD".
I personally see it as a main competitioner to [Proxmox](https://docs.fedoraproject.org/de/fedora-coreos/provisioning-proxmoxve/) aka small (home) users for home labs. In contrast to proxmox, it is, however, [much more secure](https://linuxcontainers.org/incus/docs/main/security/).
Specifically, [Incus-OS](https://github.com/lxc/incus-os) seems relevant here, which is a "distro"/hypervisor/virtualisation platform based on Incus by the same maintainers. [It e.g. features forced disk encryption using TPM and secure boot](https://linuxcontainers.org/incus-os/) and other [security features](https://linuxcontainers.org/incus-os/docs/main/reference/security/) like [A/B upgrades](https://linuxcontainers.org/incus-os/docs/main/reference/partitioning-scheme/) (similarly atomic as CoreOS).
[It's featured as a good modern alternative](https://www.xda-developers.com/who-needs-proxmox-im-finally-trying-out-incus/) especially [for home labs](https://homelabstarter.com/proxmox-vs-incus-comparison/) [to replace Proxmox](https://tadeubento.com/2024/replace-proxmox-with-incus-lxd/).
Also note while it can run LXC containers, it [can also run VMs](https://linuxcontainers.org/incus/docs/main/explanation/containers_and_vms/), which this issue talks about. After all, this would be the use case for Fedora CoreOS, would not it?
### What is the official name of the platform? Is there a short name that's commonly used in client API implementations?
short name: `incus`
Official name depends (whether it's GUI or the whole OS), but probably: Incus
Also, if interoperability with LXD is there (which may be likely): LXD
### How can the OS retrieve instance userdata? What happens if no userdata is provided?
I don't understand the question.
Do you mean metadata of the image by this? https://linuxcontainers.org/incus/docs/main/reference/image_format/ explains that basic format.
Note it can inject files, which would be useful for ignition files for Fedora CoreOS.
### Does the platform provide a way to configure SSH keys for the instance? How can the OS retrieve them? What happens if none are provided?
AFAIK no
### How can the OS retrieve network configuration? Is DHCP sufficient, or is there some other network-accessible metadata service?
DHCP should be enough, otherwise [much can be configured](https://linuxcontainers.org/incus/docs/main/networks/), whcih should not be relevant for the guest OS however
### In particular, how can the OS retrieve the system hostname?
I don't know, but by efault it uses bridge networking, so I guess it may get the hostname from there
### Does the platform require the OS to have a specific console configuration?
AFAIK no, just qemu qcow2 images
### Is there a mechanism for the OS to report to the platform that it has successfully booted? Is the mechanism required?
AFAIK no?
### Does the platform have an agent that runs inside the instance? Is it required? What does it do? What language is it implemented in, and where is the source code repository?
Apparently `incus-agent` would be useful and is already packaged: https://packages.fedoraproject.org/pkgs/incus/incus-agent/
### How are VM images uploaded to the platform and published to other users? Is there an API? What disk image format is expected?
See https://linuxcontainers.org/incus/docs/main/image-handling/
available on https://images.linuxcontainers.org/
But, IMHO, a manual configuration/setup doc in [the provision docs](https://docs.fedoraproject.org/de/fedora-coreos/) would already be useful. [They do not want to package it themselve](https://discuss.linuxcontainers.org/t/fedora-coreos-container-images/22695/2?u=rugk) as they had difficulties:
> We’ve tried providing Ubuntu Core images in the past, but found that immutable Linux distros really don’t play well with running inside of containers as they generally require the ability to set up pretty complex filesystem layering right at boot time as well as the ability to swap between versions at boot (and rollback).
> […]
> So in general, I’d recommend using a VM for such cases.
(But we want a VM image, don't we?)
### Are there any other platform quirks we should know about?
Here are resources where people already set-up Fedora CoreOS in Incus: https://agnomi.net/posts/incus/fedora-coreos/
There is also the distrobuilder that aims to simplify this: https://github.com/lxc/distrobuilder
Aka so they could provide an ready-to-use (VM) image that can be used. I assume yes VM images are meant, not container ones. There are also links inside where people already used it , so it is definitively possible to setup.
Feel free to upvote the issue, of course.
