Add lxc3 compatibility
lxc3 deprecates many legacy config keys [1]. This change ensures that containers created on systems with lxc3 use the appropriate apparmor config keys. At this point we do not need to address lxc2->lxc3 upgrades as these would only occur during a Xenial->Bionic in-place OS upgrade, which is an unsupported upgrade path. [1] https://discuss.linuxcontainers.org/t/lxc-2-1-has-been-released/487 Change-Id: I9f30339210827f90818ea6993d90ca68c17fd3b2
This commit is contained in:
parent
72261894f1
commit
440c87a808
17
inventory/group_vars/all/lxc.yml
Normal file
17
inventory/group_vars/all/lxc.yml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2018, BBC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# The apparmor profile lxc config key changes between LXC version 2 and 3
|
||||||
|
lxc_config_key_apparmor: "{{ lookup('pipe', 'lxc-info --version 2>/dev/null || echo 2.0.0') is version_compare('3.0.0', 'lt') | ternary('aa_profile', 'apparmor.profile') }}"
|
@ -16,7 +16,7 @@
|
|||||||
# This is the default LXC AppArmor profile
|
# This is the default LXC AppArmor profile
|
||||||
# Groups which need the unbound profile have a specific override
|
# Groups which need the unbound profile have a specific override
|
||||||
lxc_container_config_list:
|
lxc_container_config_list:
|
||||||
- "lxc.aa_profile=lxc-openstack"
|
- "lxc.{{ lxc_config_key_apparmor }}=lxc-openstack"
|
||||||
|
|
||||||
# Needed by playbooks/common-tasks/os-lxc-container-setup.yml
|
# Needed by playbooks/common-tasks/os-lxc-container-setup.yml
|
||||||
lxc_container_log_path: "/var/log/lxc"
|
lxc_container_log_path: "/var/log/lxc"
|
||||||
|
@ -19,4 +19,4 @@
|
|||||||
cinder_backend_rbd_inuse: '{{ (cinder_backends|default("")|to_json).find("cinder.volume.drivers.rbd.RBDDriver") != -1 }}'
|
cinder_backend_rbd_inuse: '{{ (cinder_backends|default("")|to_json).find("cinder.volume.drivers.rbd.RBDDriver") != -1 }}'
|
||||||
|
|
||||||
lxc_container_config_list:
|
lxc_container_config_list:
|
||||||
- "lxc.aa_profile=unconfined"
|
- "lxc.{{ lxc_config_key_apparmor }}=unconfined"
|
||||||
|
@ -22,7 +22,7 @@ neutron_dhcp_config:
|
|||||||
log-facility: "/var/log/neutron/neutron-dnsmasq.log"
|
log-facility: "/var/log/neutron/neutron-dnsmasq.log"
|
||||||
|
|
||||||
lxc_container_config_list:
|
lxc_container_config_list:
|
||||||
- "lxc.aa_profile=unconfined"
|
- "lxc.{{ lxc_config_key_apparmor }}=unconfined"
|
||||||
|
|
||||||
# Ensure that all neutron agent containers get a fixed mac address
|
# Ensure that all neutron agent containers get a fixed mac address
|
||||||
lxc_container_fixed_mac: true
|
lxc_container_fixed_mac: true
|
||||||
|
Loading…
Reference in New Issue
Block a user