f059f97ce2
Due to the bug in liblxc-common packaging [1], there is a conflict in apparmor profiles which prevents any management of existing profiles. In order to allow apparmor configuration we need to bushfix the usr.bin.lxc-copy profile until fixed one won't be released. [1] https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2110635 Change-Id: I3de2c45fc1b24424ccbb8035cc7e7603dc5d0976
86 lines
2.3 KiB
YAML
86 lines
2.3 KiB
YAML
---
|
|
# Copyright 2016, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Remove conflicting packages
|
|
ansible.builtin.apt:
|
|
pkg: "{{ lxc_hosts_remove_distro_packages }}"
|
|
state: absent
|
|
purge: true
|
|
tags:
|
|
- lxc-apt-packages
|
|
|
|
- name: Install apt packages
|
|
ansible.builtin.apt:
|
|
pkg: "{{ lxc_hosts_distro_packages }}"
|
|
state: "{{ lxc_hosts_package_state }}"
|
|
default_release: "{{ lxc_default_release | default(omit) }}"
|
|
update_cache: true
|
|
policy_rc_d: 101
|
|
cache_valid_time: "{{ cache_timeout }}"
|
|
register: install_packages
|
|
until: install_packages is success
|
|
retries: 5
|
|
delay: 2
|
|
tags:
|
|
- lxc-apt-packages
|
|
|
|
- name: Drop irqbalance config
|
|
ansible.builtin.template:
|
|
src: "irqbalance.j2"
|
|
dest: "{{ system_config_dir }}/irqbalance"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
notify:
|
|
- Restart irqbalance
|
|
tags:
|
|
- lxc-files
|
|
- lxc-irqbalance
|
|
- lxc_hosts-config
|
|
|
|
- name: Drop lxc-openstack apparmor profile
|
|
ansible.builtin.template:
|
|
src: "lxc-openstack.apparmor.j2"
|
|
dest: "/etc/apparmor.d/lxc/lxc-openstack"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
notify:
|
|
- Start apparmor
|
|
- Reload apparmor
|
|
tags:
|
|
- lxc-files
|
|
- lxc-apparmor
|
|
- lxc_hosts-config
|
|
|
|
# NOTE: Addresses packaging bug https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2110635
|
|
- name: Fix liblxc-common apparmor profiles
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/apparmor.d/usr.bin.lxc-copy
|
|
regexp: "^/usr/bin/lxc-start flags="
|
|
line: "/usr/bin/lxc-copy flags=(attach_disconnected) {"
|
|
state: present
|
|
when:
|
|
- ansible_facts['distribution'] | lower == 'ubuntu'
|
|
- ansible_facts['distribution_release'] == 'noble'
|
|
notify:
|
|
- Reload apparmor
|
|
tags:
|
|
- lxc-files
|
|
- lxc-apparmor
|
|
|
|
- name: Flush handler to reload apparmor profiles
|
|
ansible.builtin.meta: flush_handlers
|