Merge "Move LXC AppArmor profile setting to the inventory"

playbooks/common-tasks/os-lxc-container-setup.yml

@@ -27,16 +27,6 @@
 #  If extra container configurations are desirable set the
 #  "extra_container_config" list to strings containing the options needed.
 
-- name: Set the LXC app-armor profile
-  lxc_container:
-    name: "{{ inventory_hostname }}"
-    container_config:
-      - "lxc.aa_profile={{ aa_profile | default('lxc-openstack') }}"
-  delegate_to: "{{ physical_host }}"
-  when:
-    - not is_metal | bool
-  register: _cp
-
 - name: Ensure mount directories exists
   file:
     path: "{{ item['mount_path'] }}"
@@ -80,7 +70,6 @@
   delegate_to: "{{ physical_host }}"
   when:
     - >
-      (_cp is defined and _cp | changed) or
       (_bm is defined and _bm | changed) or
       (_ec is defined and _ec | changed)
     - not is_metal | bool

playbooks/inventory/group_vars/all_containers.yml

@@ -0,0 +1,19 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This is the default LXC AppArmor profile
+# Groups which need the unbound profile have a specific override
+lxc_container_config_list:
+  - "lxc.aa_profile=lxc-openstack"

playbooks/inventory/group_vars/cinder_volume.yml

@@ -0,0 +1,17 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+lxc_container_config_list:
+  - "lxc.aa_profile=unconfined"

playbooks/inventory/group_vars/galera_all.yml

@@ -1,2 +1,16 @@
 ---
-galera_client_drop_config_file: true
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+galera_client_drop_config_file: true

playbooks/inventory/group_vars/neutron_agent.yml

@@ -0,0 +1,17 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+lxc_container_config_list:
+  - "lxc.aa_profile=unconfined"