diff --git a/inventory/group_vars/all/lxc.yml b/inventory/group_vars/all/lxc.yml
new file mode 100644
index 0000000000..b368c4b97e
--- /dev/null
+++ b/inventory/group_vars/all/lxc.yml
@@ -0,0 +1,17 @@
+---
+# Copyright 2018, BBC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The apparmor profile lxc config key changes between LXC version 2 and 3
+lxc_config_key_apparmor: "{{ lookup('pipe', 'lxc-info --version 2>/dev/null || echo 2.0.0') is version_compare('3.0.0', 'lt') | ternary('aa_profile', 'apparmor.profile') }}"
diff --git a/inventory/group_vars/all_containers.yml b/inventory/group_vars/all_containers.yml
index c7a3a82e20..6cfb726220 100644
--- a/inventory/group_vars/all_containers.yml
+++ b/inventory/group_vars/all_containers.yml
@@ -16,7 +16,7 @@
 # This is the default LXC AppArmor profile
 # Groups which need the unbound profile have a specific override
 lxc_container_config_list:
-  - "lxc.aa_profile=lxc-openstack"
+  - "lxc.{{ lxc_config_key_apparmor }}=lxc-openstack"
 
 # Needed by playbooks/common-tasks/os-lxc-container-setup.yml
 lxc_container_log_path: "/var/log/lxc"
diff --git a/inventory/group_vars/cinder_volume.yml b/inventory/group_vars/cinder_volume.yml
index 15feb21e0c..d7d84c6865 100644
--- a/inventory/group_vars/cinder_volume.yml
+++ b/inventory/group_vars/cinder_volume.yml
@@ -19,4 +19,4 @@
 cinder_backend_rbd_inuse: '{{ (cinder_backends|default("")|to_json).find("cinder.volume.drivers.rbd.RBDDriver") != -1 }}'
 
 lxc_container_config_list:
-  - "lxc.aa_profile=unconfined"
+  - "lxc.{{ lxc_config_key_apparmor }}=unconfined"
diff --git a/inventory/group_vars/neutron_agent.yml b/inventory/group_vars/neutron_agent.yml
index c58127c98b..f1a26cbf91 100644
--- a/inventory/group_vars/neutron_agent.yml
+++ b/inventory/group_vars/neutron_agent.yml
@@ -22,7 +22,7 @@ neutron_dhcp_config:
   log-facility: "/var/log/neutron/neutron-dnsmasq.log"
 
 lxc_container_config_list:
-  - "lxc.aa_profile=unconfined"
+  - "lxc.{{ lxc_config_key_apparmor }}=unconfined"
 
 # Ensure that all neutron agent containers get a fixed mac address
 lxc_container_fixed_mac: true