51 lines
1.4 KiB
YAML
51 lines
1.4 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Set the options that we want for the container, these are config options.
|
|
# The option is set as a YAML list which translates into "key = value" in config
|
|
container_config_options:
|
|
- "lxc.aa_profile=unconfined"
|
|
- "lxc.cgroup.devices.allow=a *:* rmw"
|
|
- "lxc.mount.entry=/lib/modules lib/modules none bind 0 0"
|
|
|
|
required_inner_dirs:
|
|
- "/lib/modules"
|
|
|
|
required_outer_dirs:
|
|
- "/lib/modules"
|
|
|
|
kernel_modules:
|
|
- 8021q
|
|
- ip6table_filter
|
|
- ip6_tables
|
|
- ipt_REJECT
|
|
- iptable_mangle
|
|
- ipt_MASQUERADE
|
|
- iptable_nat
|
|
- nf_conntrack_ipv4
|
|
- nf_defrag_ipv4
|
|
- nf_nat_ipv4
|
|
- nf_nat
|
|
- nf_conntrack
|
|
- iptable_filter
|
|
- ip_tables
|
|
- x_tables
|
|
|
|
sysctl_options:
|
|
- { key: 'net.ipv4.conf.all.rp_filter', value: 0 }
|
|
- { key: 'net.ipv4.conf.default.rp_filter', value: 0 }
|
|
- { key: 'net.ipv4.ip_forward', value: 1 }
|
|
- { key: 'net.netfilter.nf_conntrack_max', value: 262144 }
|