Network Profile separate from VM/Container Profile

liszca · March 4, 2025, 3:06pm

Looking at how to access VLANs in VM/Container I found this thread: Incus VLAN profile - #4 by simos

But is it possible to separate Network Configuration into a separate profile?

I have an “easy” picture in front of my inner eye where there is Network configuration in the default profile like how it is now. And other Networks can also be defined as a Network only Profile.
If then selected the profile can add or override the existing Profiles Network.

Student · March 4, 2025, 8:36pm

I always prefer to have separate network profiles and storage profiles. Profiles IMHO is one the most powerful and under rated features in incus. I imagine profiles like a salad bar (each with different configurations). You can spin up a container/vm, passing different profiles on the fly based on your architectural design and you can make then land exactly how and where you want them to be - be it in different projects, different networks, different storage types.

simos · March 4, 2025, 9:12pm

Yes, you can split functionality in different profiles. I am not sure whether you are asking how does this splitting works.

There’s the default profile, that is used when you do not specify any profile at all. If you only specify some other profile, then the default is not used. Typically, you specify first the default profile, and then your new profile so that any new configuration is masking what is found in the default profile.

Some examples. Here is a default profile. It specifies two devices, with names eth0 (type nic, therefore it’s for networking) and root (type disk, therefore it’s for storage).

$ incus profile show default
config: {}
description: Default Incus profile
devices:
  eth0:
    name: eth0
    network: incusbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: default
used_by:

Suppose you have created a new network, incusbr1, and you want to use that on selected containers.

$ incus profile create myincusbr1
Profile myincusbr1 created
$ incus profile show myincusbr1
config: {}
description: ""
devices: {}
name: myincusbr1
used_by: []
project: default
$ incus profile edit myincusbr1
... do your editing here ...
$ incus profile show myincusbr1
config: {}
description: ""
devices:
  eth0:
    name: eth0
    network: incusbr1
    type: nic
name: myincusbr1
used_by: []
project: default
$

Then, you can launch a container that uses incusbr1 as follows. You first specify the default profile because you want to reuse the other configuration. Then, you specify the new profile that has a configuration eth0 that matches a configuration from the default profile. In Incus, the profile configurations are stacked. In the case of eth0 though, Incus will use the eth0 device from the myincusbr1 profile because the two have the same name.

$ incus launch images:debian/12/cloud mycontainer1 --profile default --profile myincusbr1
Launching mycontainer1
$ incus list mycontainer1 -c n4
+--------------+----------------------+
|     NAME     |         IPV4         |
+--------------+----------------------+
| mycontainer1 | 10.123.123.49 (eth0) |
+--------------+----------------------+
$

tregubovav · March 5, 2025, 2:35am

As Simon wrote above - you can attach multiple profiles to the instance. However, there are pros and cons in this approach. Splitting separate devices, storage volumes, network interfaces by separate profiles increases flexibility, but increases infrastructure maintenance cost in case if you need attach more than one device of the same type. For example if any instance needs two or more network interfaces - you need be very caution with network interfaces naming in profiles as interfaces with the same name overrides each other.

liszca · March 5, 2025, 1:53pm

So I managed to add the profile testbr:

incus profile add mikrotiktest testbr

and with incus config show mikrotiktest -e profiles can be viewed:

architecture: x86_64
config:
  volatile.cloud-init.instance-id: 330f0472-e960-433a-babb-007199bda944
  volatile.eth0.hwaddr: 00:16:3e:04:c5:a9
  volatile.eth1.hwaddr: 00:16:3e:54:24:f1
  volatile.last_state.power: STOPPED
  volatile.uuid: 3cc1108a-56e4-48fc-9299-0dc8fba8e485
  volatile.uuid.generation: 3cc1108a-56e4-48fc-9299-0dc8fba8e485
  volatile.vsock_id: "3539256493"
devices:
  eth0:
    name: eth0
    network: incusbr0
    type: nic
  eth1:
    name: eth1
    network: test
    type: nic
  iso-volume:
    boot.priority: "10"
    pool: incus
    source: mikrotik-7.18.1.iso
    type: disk
  root:
    path: /
    pool: incus
    type: disk
ephemeral: false
profiles:
- default
- testbr
stateful: false
description: ""

So its already working on the CLI

I would like to be able to do that on the WebGUI.

simos · March 5, 2025, 2:14pm

First, you create the additional Incus profile. In the following I created a profile just like my example above (eth0 on incusbr1). Then, when you create a new instance, you first need to specify the Base Image. By doing so, you can then specify more than Incus profile (and select the appropriate order).

Finally, we verify that it works.

The two managed networks,

The container got the IP address from the incusbr1 network,

liszca · March 5, 2025, 3:56pm

Thanks a lot after removing the tomatoes from eyes I also noticed the Button “YAML Configuration”