incus 的安装和使用

2026-04-27 • 23 分钟阅读 • docker · incus

Incus 是一个新的容器（LXC）/虚拟机管理器，它的目标是取代 LXD。由于 LXD 实际上已成为 Canonical 公司（Ubuntu 的开发公司）完全掌控的项目，LXC 创始人分叉出了 Incus，并将其纳入为 LXC 社区的一部分。

lxc和docker的区别

维度	LXC	Docker
定位	轻量级虚拟机	打包单个应用
运行方式	启动完整系统（systemd、ssh等）	只运行一个进程
持久化	默认有状态，像真机一样	默认无状态，重启即清空
管理方式	类似虚拟机，lxc-attach 进入	命令行 docker exec
适用场景	跑多个“虚拟服务器”	跑微服务、CI/CD、开发环境

🐧 LXC：像虚拟机一样用

启动后是一个完整的Linux系统，有 init 进程、可以 systemctl 管理服务。
可以在里面 apt install nginx，然后 systemctl start nginx。
关闭再启动，里面的数据都还在。

适合：把一台物理机拆成多个“小服务器”，每个跑一套完整环境。

🐳 Docker：像“单进程”一样跑

一个容器只跑一个应用（比如只跑 nginx、只跑 Redis）。
容器本身是无状态的，重启后内部改动消失（除非挂载外部存储）。
靠 docker-compose 把多个容器串联成服务。

适合：部署微服务、跑一次性任务、开发环境隔离。

通常将一个 Docker 容器视为一个服务，而不是一个操作系统。但 LXC 容器的存在形式就类似于虚拟机，它提供一个轻量级的操作系统环境，不为任何场合定制和剪裁。默认情况下 LXC 取代不了 Docker，而 LXC 容器的泛用性也是 Docker 不适合替代的。

简单来说，想快捷启动一个部署起来很麻烦的软件，就用 Docker 容器。需要一个虚拟机体验各种发行版或创建隔离环境，就用 LXC 容器（即 Incus）。

安装

apt update
apt install incus
systemctl enable incus
systemctl start incus

初始化

incus admin init
进入交互式设置：

Would you like to use clustering? (yes/no) [default=no]:   
###是否使用集群，一般来说不需要。
Do you want to configure a new storage pool? (yes/no) [default=yes]:
###是否配置新的存储池，一般来说需要。
Name of the new storage pool [default=default]:
###新存储池的名称，默认即可。
Name of the storage backend to use (dir, lvm, lvmcluster, zfs, btrfs) [default=zfs]
###要使用的存储后端名称。
Create a new ZFS pool? (yes/no) [default=yes]:
Would you like to use an existing empty block device (e.g. a disk or partition)? (yes/no) [default=no]:
Size in GiB of the new loop device (1GiB minimum) [default=5GiB]:
Would you like to create a new local network bridge? (yes/no) [default=yes]:
###是否创建新的本地网络桥，一般来说需要。
What should the new bridge be called? [default=incusbr0]:
###网桥的接口名称，默认即可。
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]:
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]:
###IPv4 和 IPv6 地址，一般来说都需要。如果服务器没有 IPv6，可以将 IPv6 设置为 none。
Would you like the server to be available over the network? (yes/no) [default=no]:
###是否允许通过网络访问 Incus 服务，随意。
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]:
###是否自动更新缓存的镜像，随意。
Would you like a YAML "init" preseed to be printed? (yes/no) [default=no]:

后续可直接使用 incus admin init –minimal 命令自动化基本设置。

容器

查看 images 远程镜像列表：
incus image list images:
输出会很多，可使用grep过滤特定的镜像。
创建容器：
incus launch images:debian/14 my-app
下面是系列容器操作：

root@fn-j1900:~# incus launch images:debian/14 my-app
Launching my-app
root@fn-j1900:~# incus list
+--------+---------+----------------------+------------------------------------------------+-----------+-----------+
|  NAME  |  STATE  |         IPV4         |                      IPV6                      |   TYPE    | SNAPSHOTS |
+--------+---------+----------------------+------------------------------------------------+-----------+-----------+
| my-app | RUNNING | 10.201.74.116 (eth0) | fd42:3c8d:c3ff:91bb:1266:6aff:fec3:eee4 (eth0) | CONTAINER | 0         |
+--------+---------+----------------------+------------------------------------------------+-----------+-----------+
root@fn-j1900:~# incus exec my-app bash
root@my-app:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host proto kernel_lo
       valid_lft forever preferred_lft forever
25: eth0@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 10:66:6a:c3:ee:e4 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.201.74.116/24 metric 1024 brd 10.201.74.255 scope global dynamic eth0
       valid_lft 3576sec preferred_lft 3576sec
    inet6 fd42:3c8d:c3ff:91bb:1266:6aff:fec3:eee4/64 scope global mngtmpaddr noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::1266:6aff:fec3:eee4/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
root@my-app:~# apt update
Get:1 http://deb.debian.org/debian forky InRelease [148 kB]
Get:2 http://deb.debian.org/debian forky-updates InRelease [45.1 kB]
Get:3 http://deb.debian.org/debian-security forky-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian forky/main amd64 Packages.diff/Index [63.6 kB]
Get:5 http://deb.debian.org/debian forky/main Translation-en.diff/Index [63.6 kB]
Get:6 http://deb.debian.org/debian forky/main amd64 Packages T-2026-04-26-2001.18-F-2026-04-26-0803.51.pdiff [31.4 kB]
Get:6 http://deb.debian.org/debian forky/main amd64 Packages T-2026-04-26-2001.18-F-2026-04-26-0803.51.pdiff [31.4 kB]
Get:7 http://deb.debian.org/debian forky/main Translation-en T-2026-04-26-2001.18-F-2026-04-26-0803.51.pdiff [3306 B]
Get:7 http://deb.debian.org/debian forky/main Translation-en T-2026-04-26-2001.18-F-2026-04-26-0803.51.pdiff [3306 B]
Fetched 403 kB in 9s (47.4 kB/s)
All packages are up to date.
Notice: Some sources can be modernized. Run 'apt modernize-sources' to do so.
root@my-app:~# apt install nginx
Installing:
  nginx

Installing dependencies:
  nginx-common

Suggested packages:
  fcgiwrap  nginx-doc  ssl-cert

Summary:
  Upgrading: 0, Installing: 2, Removing: 0, Not Upgrading: 0
  Download size: 754 kB
  Space needed: 1987 kB / 4380 MB available

Continue? [Y/n] y
Get:1 http://deb.debian.org/debian forky/main amd64 nginx-common all 1.30.0-2 [108 kB]
Get:2 http://deb.debian.org/debian forky/main amd64 nginx amd64 1.30.0-2 [646 kB]
Fetched 754 kB in 1s (856 kB/s)
Preconfiguring packages ...
Selecting previously unselected package nginx-common.
(Reading database ... 13329 files and directories currently installed.)
Preparing to unpack .../nginx-common_1.30.0-2_all.deb ...
Unpacking nginx-common (1.30.0-2) ...
Selecting previously unselected package nginx.
Preparing to unpack .../nginx_1.30.0-2_amd64.deb ...
Unpacking nginx (1.30.0-2) ...
Setting up nginx-common (1.30.0-2) ...
Created symlink '/etc/systemd/system/multi-user.target.wants/nginx.service' → '/usr/lib/systemd/system/nginx.service'.
Setting up nginx (1.30.0-2) ...
Upgrading binary: nginx.
root@my-app:~# systemctl start nginx
root@my-app:~# curl http://127.0.0.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, nginx is successfully installed and working.
Further configuration is required for the web server, reverse proxy,
API gateway, load balancer, content cache, or other features.</p>

<p>For online documentation and support please refer to
<a href="https://nginx.org/">nginx.org</a>.<br/>
To engage with the community please visit
<a href="https://community.nginx.org/">community.nginx.org</a>.<br/>
For enterprise grade support, professional services, additional
security features and capabilities please refer to
<a href="https://f5.com/nginx">f5.com/nginx</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@my-app:~# exit
exit

资源限制：
以下命令限制了 CPU 为 1 个核心，内存为 256MB：
incus launch images:debian/14 my-app --config limits.cpu=1 --config limits.memory=256MiB
使用incus config show my-app 查看详细。

给容器创建代理设备，将容器内服务暴露到外部。
incus config device add my-app http-proxy proxy listen=tcp:0.0.0.0:8080 connect=tcp:127.0.0.1:80
向容器添加了名为 http-proxy 的类型为 proxy 的设备，将宿主机的 8080 端口的 TCP 流量转发到容器的 80 端口。
现在，从外部访问宿主机 IP 以及 8080 端口的 HTTP 服务，应该会看到 Nginx 的响应。

root@fn-j1900:~# incus config device add my-app proxy80 proxy listen=tcp:0.0.0.0:8080 connect=tcp:10.201.74.116:80
Device proxy80 added to my-app
root@fn-j1900:~# curl 127.0.0.1:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, nginx is successfully installed and working.
Further configuration is required for the web server, reverse proxy,
API gateway, load balancer, content cache, or other features.</p>

<p>For online documentation and support please refer to
<a href="https://nginx.org/">nginx.org</a>.<br/>
To engage with the community please visit
<a href="https://community.nginx.org/">community.nginx.org</a>.<br/>
For enterprise grade support, professional services, additional
security features and capabilities please refer to
<a href="https://f5.com/nginx">f5.com/nginx</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@fn-j1900:~# incus info my-app
Name: my-app
Description:
Status: RUNNING
Type: container
Architecture: x86_64
PID: 7616
Created: 2026/04/27 10:43 CST
Last Used: 2026/04/27 10:43 CST
Started: 2026/04/27 10:43 CST

Resources:
  Processes: 21
  Disk usage:
    root: 88.44MiB
  CPU usage:
    CPU usage (in seconds): 25
  Memory usage:
    Memory (current): 113.82MiB
  Network usage:
    eth0:
      Type: broadcast
      State: UP
      Host interface: veth13638545
      MAC address: 10:66:6a:c3:ee:e4
      MTU: 1500
      Bytes received: 1.21MB
      Bytes sent: 38.50kB
      Packets received: 447
      Packets sent: 420
      IP addresses:
        inet:  10.201.74.116/24 (global)
        inet6: fd42:3c8d:c3ff:91bb:1266:6aff:fec3:eee4/64 (global)
        inet6: fe80::1266:6aff:fec3:eee4/64 (link)
    lo:
      Type: loopback
      State: UP
      MTU: 65536
      Bytes received: 9.75kB
      Bytes sent: 9.75kB
      Packets received: 92
      Packets sent: 92
      IP addresses:
        inet:  127.0.0.1/8 (local)
        inet6: ::1/128 (local)

虚拟机

incus launch images:debian/14 my-os --vm

root@fn-j1900:~# incus launch images:debian/14 my-os --vm
Launching my-os
root@fn-j1900:~# du -hs /var/lib/incus/
1.6G	/var/lib/incus/
root@fn-j1900:~# incus list
+--------+---------+---------------------+------------------------------------------------+-----------------+-----------+
|  NAME  |  STATE  |        IPV4         |                      IPV6                      |      TYPE       | SNAPSHOTS |
+--------+---------+---------------------+------------------------------------------------+-----------------+-----------+
| my-app | RUNNING | 10.201.74.32 (eth0) | fd42:3c8d:c3ff:91bb:1266:6aff:fec1:e7e4 (eth0) | CONTAINER       | 0         |
+--------+---------+---------------------+------------------------------------------------+-----------------+-----------+
| my-os  | RUNNING |                     | fd42:3c8d:c3ff:91bb:1266:6aff:fec2:3a79 (eth0) | VIRTUAL-MACHINE | 0         |
+--------+---------+---------------------+------------------------------------------------+-----------------+-----------+
root@fn-j1900:~# incus exec my-os -- bash
root@my-os:~# uname -a
Linux my-os 6.19.13+deb14-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.19.13-1 (2026-04-18) x86_64 GNU/Linux
root@my-os:~# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda2       9.6G  785M  8.8G   9% /
devtmpfs        433M     0  433M   0% /dev
tmpfs           472M     0  472M   0% /dev/shm
efivarfs        256K   29K  223K  12% /sys/firmware/efi/efivars
tmpfs           189M  580K  188M   1% /run
tmpfs           472M     0  472M   0% /tmp
none            1.0M     0  1.0M   0% /run/credentials/systemd-journald.service
none            1.0M     0  1.0M   0% /run/credentials/systemd-resolved.service
none            1.0M     0  1.0M   0% /run/credentials/systemd-networkd.service
tmpfs            50M   14M   37M  27% /run/incus_agent
/dev/sda1        99M  9.2M   90M  10% /boot/efi
none            1.0M     0  1.0M   0% /run/credentials/serial-getty@ttyS0.service
none            1.0M     0  1.0M   0% /run/credentials/getty@tty1.service
root@my-os:~# apt update
Get:1 http://deb.debian.org/debian forky InRelease [148 kB]
Get:2 http://deb.debian.org/debian forky-updates InRelease [45.1 kB]
Get:3 http://deb.debian.org/debian-security forky-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian forky/main amd64 Packages.diff/Index [63.6 kB]
Get:5 http://deb.debian.org/debian forky/main Translation-en.diff/Index [63.6 kB]
Get:6 http://deb.debian.org/debian forky/main amd64 Packages T-2026-04-27-0216.44-F-2026-04-26-0803.51.pdiff [138 kB]
Get:6 http://deb.debian.org/debian forky/main amd64 Packages T-2026-04-27-0216.44-F-2026-04-26-0803.51.pdiff [138 kB]
Get:7 http://deb.debian.org/debian forky/main Translation-en T-2026-04-27-0216.44-F-2026-04-26-0803.51.pdiff [6800 B]
Get:7 http://deb.debian.org/debian forky/main Translation-en T-2026-04-27-0216.44-F-2026-04-26-0803.51.pdiff [6800 B]
Fetched 513 kB in 13s (39.9 kB/s)                                                                                                                                         
3 packages can be upgraded. Run 'apt list --upgradable' to see them.
Notice: Some sources can be modernized. Run 'apt modernize-sources' to do so.
root@my-os:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 10:66:6a:c2:3a:79 brd ff:ff:ff:ff:ff:ff
    altname enx10666ac23a79
    inet 10.201.74.162/24 metric 1024 brd 10.201.74.255 scope global dynamic enp5s0
       valid_lft 3504sec preferred_lft 3504sec
    inet6 fd42:3c8d:c3ff:91bb:1266:6aff:fec2:3a79/64 scope global mngtmpaddr noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::1266:6aff:fec2:3a79/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
root@my-os:~# exit
exit