How To Install Incus on Rocky Linux 10
Modern containerization technology has revolutionized the way system administrators deploy and manage applications. Incus, a powerful container and virtual machine manager, stands out as an exceptional solution for Rocky Linux environments. This comprehensive guide walks you through the complete installation process of Incus on Rocky Linux 10, ensuring you can leverage this cutting-edge containerization platform effectively.
Whether you’re a seasoned system administrator or a developer looking to streamline your infrastructure, installing Incus on Rocky Linux 10 provides numerous advantages over traditional virtualization solutions. The combination of Rocky Linux’s enterprise-grade stability and Incus’s advanced container management capabilities creates a robust foundation for your containerized applications.
Understanding Incus and Rocky Linux 10 Compatibility
Incus Project Background and Architecture
Incus emerged as a fork from the LXD project in 2023, maintaining backward compatibility while introducing enhanced features and improved performance. The project focuses on providing a comprehensive container and virtual machine management solution that bridges the gap between traditional virtualization and modern containerization technologies.
The current stable version of Incus offers long-term support (LTS) capabilities, making it ideal for production environments. This containerization platform excels in resource efficiency, providing near-native performance while maintaining strong isolation between containers.
Rocky Linux 10 Integration Benefits
Rocky Linux 10 serves as an excellent foundation for Incus deployment due to its enterprise-grade stability and Red Hat Enterprise Linux compatibility. The operating system’s robust security features, extensive package repositories, and predictable release cycles align perfectly with Incus’s requirements.
Key compatibility advantages include:
- Kernel compatibility with advanced container features
- SELinux integration for enhanced security
- SystemD service management for reliable startup sequences
- Package management through DNF and established repositories
System Requirements and Hardware Specifications
Before proceeding with the installation, ensure your system meets the following requirements:
Minimum Requirements:
- 2 GB RAM (4 GB recommended)
- 2 CPU cores
- 20 GB available disk space
- Network connectivity for package downloads
Recommended Production Specifications:
- 8 GB RAM or more
- 4+ CPU cores
- 100 GB+ SSD storage
- Dedicated network interface for container networking
Pre-Installation System Preparation
System Updates and Security Baseline
Begin by updating your Rocky Linux 10 system to ensure all packages are current. This step prevents potential conflicts during the installation process.
sudo dnf update -y
sudo dnf upgrade -yReboot your system after major kernel updates to ensure all changes take effect:
sudo rebootConfigure basic firewall rules to allow necessary traffic:
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reloadUser Account and Permission Configuration
Create dedicated administrative users for Incus management. This approach enhances security by avoiding direct root access for container operations.
sudo useradd -m -s /bin/bash incusadmin
sudo usermod -aG wheel incusadminConfigure sudo access for seamless administrative tasks:
echo "incusadmin ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/incusadminNetwork Infrastructure Verification
Verify network connectivity and DNS resolution before proceeding with repository installations:
ping -c 4 google.com
nslookup google.comIdentify available network interfaces for container networking:
ip addr show
nmcli device statusDocument your network configuration as this information will be essential during Incus initialization.
Storage Planning and Optimization
Storage backend selection significantly impacts Incus performance. Evaluate your available storage options:
lsblk
df -hFor optimal performance, consider dedicating separate partitions or disks for:
- Container storage pools
- Image storage
- Backup locations
Installing Required Repositories
EPEL Repository Installation
The Extra Packages for Enterprise Linux (EPEL) repository provides essential packages not included in the base Rocky Linux distribution.
sudo dnf install epel-release -y
sudo dnf update -yVerify EPEL repository activation:
dnf repolist | grep epelOpenZFS Repository Configuration
OpenZFS provides advanced storage features including snapshots, compression, and data integrity verification. Install the official OpenZFS repository:
sudo dnf install https://zfsonlinux.org/epel/zfs-release-2-3$(rpm --eval "%{dist}").noarch.rpm -yConfigure ZFS repository preferences:
sudo dnf config-manager --disable zfs
sudo dnf config-manager --enable zfs-kmodCodeReady Builder Repository Activation
Enable the CodeReady Builder (CRB) repository for additional development packages:
sudo dnf config-manager --set-enabled crbVerify repository activation:
dnf repolist | grep -i crbIncus COPR Repository Setup
Add Neil Hanlon’s COPR repository which provides pre-built Incus packages for Rocky Linux:
sudo dnf copr enable neil/incus -yVerify repository GPG keys and configuration:
dnf repolist | grep incusRepository Priority Management
Configure repository priorities to prevent package conflicts:
sudo dnf install dnf-plugins-core -y
echo "priority=1" | sudo tee -a /etc/yum.repos.d/rocky.repo
echo "priority=10" | sudo tee -a /etc/yum.repos.d/epel.repoCore Package Installation
Essential System Packages
Install fundamental packages required for Incus operation:
sudo dnf install dkms vim kernel-devel bash-completion -yThese packages provide:
- DKMS: Dynamic kernel module compilation
- Kernel-devel: Kernel headers for module building
- Bash-completion: Enhanced command-line experience
Verify kernel-devel version matches your running kernel:
uname -r
rpm -qa | grep kernel-develIncus Package Installation
Install the core Incus packages and tools:
sudo dnf install incus incus-tools -yVerify successful installation:
rpm -qa | grep incus
incus versionOpenZFS Installation and Module Loading
Install ZFS packages for advanced storage capabilities:
sudo dnf install zfs -yLoad ZFS kernel modules:
sudo modprobe zfs
echo zfs | sudo tee -a /etc/modules-load.d/zfs.confVerify ZFS functionality:
sudo zpool status
sudo zfs versionService Configuration and Activation
Enable and start the Incus service:
sudo systemctl enable incus
sudo systemctl start incusCheck service status and logs:
sudo systemctl status incus
sudo journalctl -u incus -fSystem Reboot and Verification
Reboot the system to ensure all kernel modules and services start correctly:
sudo rebootAfter reboot, verify all services are operational:
sudo systemctl status incus
lsmod | grep zfsSystem Environment Configuration
File Descriptor Limits Configuration
Containers require increased file descriptor limits for optimal operation. Configure system limits in /etc/security/limits.conf:
sudo tee -a /etc/security/limits.conf << EOF
* soft nofile 1048576
* hard nofile 1048576
root soft nofile 1048576
root hard nofile 1048576
EOFVerify limit changes take effect:
ulimit -nKernel Parameter Optimization
Create custom kernel parameter configuration for Incus:
sudo tee /etc/sysctl.d/90-incus-override.conf << EOF
fs.inotify.max_queued_events=1048576
fs.inotify.max_user_instances=1048576
fs.inotify.max_user_watches=1048576
vm.max_map_count=262144
kernel.dmesg_restrict=1
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv6.neigh.default.gc_thresh3=8192
net.core.bpf_jit_limit=3000000000
kernel.keys.maxkeys=2000000
kernel.keys.maxbytes=25000000
fs.aio-max-nr=524288
EOFApply kernel parameter changes:
sudo sysctl --systemVerify parameter application:
sysctl fs.inotify.max_user_instances
sysctl vm.max_map_countUser Group Management
Add users to the incus-admin group for management access:
sudo usermod -aG incus-admin $USER
sudo usermod -aG incus-admin incusadminVerify group membership:
groups $USER
id incusadminLog out and back in to activate group changes, or use:
newgrp incus-adminIncus Initialization and Basic Configuration
Initial Incus Setup Process
Initialize Incus with the interactive setup wizard:
sudo incus admin initConfiguration Options:
- Clustering: Choose “no” for single-node setup
- Storage backend: Select “zfs” for optimal performance
- Storage pool creation: Accept default or specify custom pool
- Network configuration: Create new bridge or use existing
- Address binding: Configure for local or remote access
- Certificate management: Generate new certificates
For automated setup, use minimal initialization:
sudo incus admin init --minimalStorage Pool Configuration
Create additional storage pools for specific workloads:
incus storage create default zfs
incus storage create fast-pool zfsConfigure storage quotas:
incus storage set default volume.size 50GiB
incus storage set fast-pool volume.size 100GiBList and verify storage pools:
incus storage list
incus storage show defaultNetwork Bridge Configuration
Configure network bridges for container connectivity:
incus network create incusbr0
incus network set incusbr0 ipv4.address 10.0.100.1/24
incus network set incusbr0 ipv4.nat true
incus network set incusbr0 ipv6.address noneVerify network configuration:
incus network list
incus network show incusbr0Profile Configuration and Customization
Create custom profiles for different use cases:
incus profile create production
incus profile create developmentConfigure resource limits for production profile:
incus profile set production limits.cpu 4
incus profile set production limits.memory 8GiB
incus profile device add production root disk path=/ pool=default
incus profile device add production eth0 nic network=incusbr0Security and Certificate Setup
Configure TLS certificates for secure access:
incus config set core.https_address :8443
incus config set core.trust_password SecurePassword123Generate client certificates for remote access:
incus config trust add client.crtPost-Installation Testing and Verification
Creating Your First Container
Download and launch a test container to verify installation:
incus launch ubuntu:22.04 test-containerMonitor container creation process:
incus list
incus info test-containerNetwork Connectivity Testing
Test container network functionality:
incus exec test-container -- ping -c 4 google.com
incus exec test-container -- curl -I https://www.google.comVerify container-to-host communication:
incus exec test-container -- ping -c 4 $(hostname -I | awk '{print $1}')Storage Functionality Verification
Create and test container snapshots:
incus snapshot test-container snap1
incus info test-containerTest storage pool utilization:
incus storage info defaultPerformance Baseline Testing
Measure container startup performance:
time incus launch ubuntu:22.04 perf-test
incus delete perf-test --forceMonitor resource utilization:
incus monitor test-containerWeb Interface Access
Access the Incus web interface through your browser:
- Navigate to
https://your-server-ip:8443 - Accept the security certificate
- Enter your trust password
- Explore the web management interface
Troubleshooting Common Issues
Installation and Repository Problems
Package dependency conflicts:
sudo dnf clean all
sudo dnf makecache
sudo dnf install incus --allowerasingRepository access issues:
sudo dnf repolist
sudo dnf config-manager --disable problematic-repo
sudo dnf config-manager --enable problematic-repoService and Configuration Issues
Incus service fails to start:
sudo systemctl status incus -l
sudo journalctl -u incus --no-pagerZFS module loading problems:
sudo modprobe -r zfs
sudo modprobe zfs
sudo dmesg | grep zfsContainer Creation and Network Issues
Container fails to start:
incus info container-name --show-log
incus config show container-nameNetwork connectivity problems:
sudo iptables -L
sudo firewall-cmd --list-all
incus network list-leases incusbr0Permission and Access Problems
User permission issues:
sudo usermod -aG incus-admin $USER
newgrp incus-admin
incus listSecurity Considerations and Best Practices
System Security Hardening
Configure firewall rules specifically for Incus:
sudo firewall-cmd --permanent --add-port=8443/tcp
sudo firewall-cmd --permanent --add-masquerade
sudo firewall-cmd --reloadSELinux considerations:
sudo setsebool -P container_manage_cgroup on
sudo semanage fcontext -a -t container_file_t "/var/lib/incus(/.*)?"
sudo restorecon -R /var/lib/incusContainer Security Best Practices
Implement resource quotas and limits:
incus profile set default limits.cpu 2
incus profile set default limits.memory 2GiB
incus profile set default limits.processes 1000Configure security policies:
incus config set security.privileged false
incus config set security.nesting falseBackup and Disaster Recovery
Create automated backup scripts:
#!/bin/bash
BACKUP_DIR="/backup/incus"
DATE=$(date +%Y%m%d_%H%M%S)
incus export container-name $BACKUP_DIR/container-name_$DATE.tar.gz
incus config show > $BACKUP_DIR/config_$DATE.yamlRegular system maintenance:
incus image list
incus image delete unused-image-fingerprint
incus storage listNext Steps and Advanced Configuration
Advanced Storage Features
Explore ZFS advanced capabilities:
incus storage create encrypted zfs encryption=on
incus storage set pool volume.zfs.compression onClustering and High Availability
Prepare for multi-node clusters:
incus admin init --cluster
incus cluster listIntegration and Automation
Integrate with automation tools:
# Ansible playbook integration
# Terraform provider usage
# CI/CD pipeline integrationCommunity Resources
- Official Documentation: Comprehensive guides and references
- Community Forums: Active support communities
- GitHub Repository: Source code and issue tracking
- IRC Channels: Real-time community support
Congratulations! You have successfully installed Incus. Thanks for using this tutorial for installing Incus container and virtual machine manager on Rocky Linux 10 system. For additional help or useful information, we recommend you check the official Incus website.
