Incus VLAN profile

Hi:

I am trying to create a profile so I can launch containers/vms and they attach to an isolated vlan (an overdue network upgrade for me - put my exposed services on an isolated network). I can half do it, if I use the --network option during creation/launch, but I’d ideal like to configure that in a profile and all my configuration guesses fail (I have tried the docs, and even you-tubed some but I cannot get the configuration right). I need to do this as I have containers that I wish to “convert” to using a vlan instead of incusbr0 and/or my existing network br0. I hope that makes sense?

This works:

But anything I do to try to add a vlan network and then delete the regular incusbr0 network always fails and google is sending me on a wild goose chase.

I want to remove a default profile from an instance and replace it with a ‘vlan’ profile so the incusbr0 disappears and the instance gets it’s ip from pfsense-vlan I created and is thus completely isolated.

I’m hoping it’s embarrassingly easy…

Here’s my vlan config in /etc/network/interfaces (in case it’s useful), and it seems to work fine:

auto eno1.50
iface eno1.50 inet dhcp
broadcast 172.16.50.255
netmask 255.255.255.0
vlan-raw-device eno1

I have tried editing copied versions of the default profile but I am doing something dumb as it won’t take. Can someone point me please?

BTW, my host networks look like this (in case it’s helpful in figuring out how a profile should look). I assume I try to attach to my eno1.50 vlan network, but I even tried my br0 and used a ‘vlan’ tag.

THANK YOU in advance.

Andrew

When you do not specify a profile with --profile at the launch an instance, it is implied that you are using the default profile.

As a first step, create a separate profile that is based on the default profile.

incus profile copy default isolated

Then, edit the isolated profile and replace the networking with what you want. Do not keep incusbr0 in that new profile.
You can edit with incus profile edit isolated or with incus profile set commands.

Then, launch the instance with

incus launch images:debian/12 myisolated --profile isolated

Thank you. Apologies for not being clear. I know how to create new profiles, but I can’t quite figure out how to create a profile that uses my vlan50 instead of incusbr0. I tried copying the default profile to ‘vlan50’ profile, but my editing fails. What does a ‘default’ profile look like when the incusbr0 is removed an a ‘eno1.50’ network is in its its place?

This is a very default profile.

$ incus profile show default
config: {}
description: Default Incus profile
devices:
  eth0:
    name: eth0
    network: incusbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: default
used_by:

Let’s create a VLAN (partial) profile. Initially the profile is empty. We are playing with the same eth0 name for the network interface. Which means that we do not need to carry the default profile settings in the vlan profile.

$ incus profile create myvlan
$ incus profile device add macvlan eth0 nic nictype=macvlan parent=eno1 vlan=50

Finally,

$ incus launch images:debian/12 mycontainer --profile default --profile myvlan

(I have not tested these).
(macvlan documentation)

THANK YOU! With your help, I got there. I created this profile:

config: {}
description: Default LXD profile with VLAN50 network
devices:
eth0:
nictype: macvlan
parent: eno1
type: nic
vlan: “50”
root:
path: /
pool: default
type: disk
name: vlan50
used_by:

And I assign this to my existing and/or new instances and bingo - it’s connected to the vlan. Again, THANK YOU!!

Andrew

@simos would it be possible to set a static ip with vlan? Like you can do with a bridge?

No, Incus applies static IPs by controlling records in its DHCP server.

If your DHCP server is external as is the case when connecting to an external network/vlan, Incus doesn’t have any control on IP allocation.

Ah ok. That makes sense. Thx.