Terraform Import Incomplete

toni · August 18, 2025, 10:59am

I’m trying to import existing incus instances into Tofu (Terraform), but there is no “image” specification generated. When I add the image to the resource specification, tofu wants to repave everything. The same thing goes at least for IP addresses. What’s the way around here, manually mucking around with the terraform.tfstate file, or are there alternatives? Does an incus instance, or the system, “know” which image the instance was created from?

I’m not sure this is the right forum to ask, but could not think of a better one. Feel free to redirect as appropriate.

I’m using the 0.3.1 version of the Terraform provider together with OpenTofu v1.10.5.

toni · January 23, 2026, 11:38am

I just tried again. This time around, I tried with a new version of everything:

terraform {
  required_providers {
    incus = {
      source  = "lxc/incus"
      version = "1.0.2"
    }
  }
}

and tofu 1.11.2. If I want to import virtual machines, I always get:

~ type         = "virtual-machine" -> "container" # forces replacement

Ie. the fact that this instance is a virtual machine, is being ignored. I have to specify

type = "virtual-machine"

in every corresponding resource definition to avoid this. Also, memory, root disk and CPU specs seem to be generally ignored, eg.

~ config       = {
          - "limits.memory"       = "4096MiB" -> null
          - "security.secureboot" = "false" -> null
        }

suggesting to me that I’ll need to polish the resource definitions by hand to avoid the loss of existing configuration - correct?

stgraber · January 23, 2026, 7:46pm

Can you show your incus_instance resource?

toni · January 23, 2026, 9:12pm

Sure. As per the tofu docs, I have eg.

import {
  to = incus_instance.i-debian
  id = "i-debian"
}

resource "incus_instance" "i-debian" {
  name = "i-debian"
}

import {
  to = incus_instance.i-test-vm
  id = "i-test-vm"
}

resource "incus_instance" "i-test-vm" {
  name = "i-test-vm"
  type = "virtual-machine"
}

where i-debian is a container, and i-test-vm is a VM. Initially, I didn’t have the ‘type=”virtual-machine” parameter set in the resource, and then it said that it needed to destroy and re-create this to make the VM into a container. My original expectation was that the resource would be populated with all the attributes of the object in incus.

stgraber · January 24, 2026, 1:20am

That’s not really what an import does, tofu import allows you to link an existing object to its definition. It won’t modify the .tf for you.

Basically it lets you fill in your entire infrastructure through .tf files, then lets you import what you already have so tofu plan doesn’t fail due to a bunch of stuff already existing in the target environment.

So normally you’d create a full populated incus_instance resource, then run tofu import and finally tofu plan to confirm that your local definition in .tf matches up with what’s on the target and that you’re all good.