diff --git a/handlers/main.yml b/handlers/main.yml index c37716cc..3c1337ac 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -88,3 +88,8 @@ - "venv changed" - "cert installed" - "systemd service changed" + +- name: Reload apparmor profile + ansible.builtin.service: + name: apparmor.service + state: reloaded diff --git a/tasks/drivers/kvm/nova_compute_kvm.yml b/tasks/drivers/kvm/nova_compute_kvm.yml index 6139cece..008da85b 100644 --- a/tasks/drivers/kvm/nova_compute_kvm.yml +++ b/tasks/drivers/kvm/nova_compute_kvm.yml @@ -135,6 +135,23 @@ - nova-kvm - nova-libvirt +- name: Set apparmor config (Ubuntu/Debian) + lineinfile: + dest: "/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper" + line: " {{ nova_system_home_folder }}/instances/_base/* r," + backup: true + create: true + owner: "root" + group: "root" + mode: "0644" + when: + - ansible_facts['distribution'] == 'Ubuntu' or ansible_facts['distribution'] == 'Debian' + notify: Reload apparmor profile + tags: + - nova-config + - nova-kvm + - nova-libvirt + - name: Including nova_disable_smt tasks include_tasks: nova_disable_smt.yml when: