First, thank you to everyone who’s contributed to Incus so far… it’s a fantastic piece of software.
Now the post - stupid award goes to me with this one. I was trying to change the host IP address from DHCP to a static IP, and must’ve made a typo somewhere because now it wont’t connect to the network and is inaccessible.
It’s in my dev environment, so not concerned about data loss/can nuke and reboot my way out of this however. It got me thinking enough to mention, because this isn’t the first time I’ve messed up a network config and certainly won’t be the last… is there any way (other than reinstall & restore) to recover the system if you misconfigure the network?
Just thinking of other immutable OS’s - with Talos you can press F3 to configure the network menu in the console, and not sure if this counts but back when ESXi was the rage I think I remember it having a similar option as well.
If it’s a typo, there’s a pretty good chance that you can look at the screen to check what address it’s applied and then get yourself an address in the same subnet to get back to it.
Otherwise, recovery basically requires you to have a copy of the encryption recovery key, at which point you can follow steps similar to Emergency Procedure for a Lost Client Certificate - IncusOS documentation to get access to the partition storing the configuration and make changes that way.
That said, network configuration is tricky enough that a better way to handle this would be good. So far we’ve not implemented a single spot where we read/interpret keyboard input in the system and we’d prefer to keep it that way as that removes a good chunk of attack surface.
But what I think we could do is have a revert option in the configuration.
Basically a config key in the network configuration telling IncusOS to revert to the previous network configuration after x seconds. If you set that key, you’ll need to effectively immediately run a second edit deleting the key or the configuration will get reverted.
If you’re unable to do that second edit, then you’ve lost connectivity and your config probably was bad, so the revert would then save you.
Thank you for the thoughtful response. The emergency recovery method should work.
My follow up to this is a documentation question… let me know if I am missing something but the syntax for network configuration via the seed on install is explained here:
and the yaml shown with “incus admin os system network edit” is shown here:
But I cannot find the actual yaml syntax documented anywhere. Such as: I want to set a static IP, gateway, dns etc on a machine configured by seed with DHCP, but cannot find the proper syntax. Am I missing a page?
If not maybe this is my push to finally learn Go so I can contribute. Again, thank you for both your work on the project and willingness to give support in the forums!
The difference between the JSON (or YAML) input for the seed vs for incus admin os network edit is that the seed doesn’t need the configuration inside of a config block`.
So this config you’d apply with incus admin system network edit:
So I have a similar problem - I made mess of editing a yaml over “incus os network …” but reverted, twice. In other words exiting the editor triggered an error/warning and gave me the option to revert, which I did. I was trying it again and had to break off so went through the same process (i.e. revert). Whilst the network attachment and IP address have remained constant and functional I cannot load the network config yaml via “incus os network …”. as I get an error derived from one of those two faulty edits.