commit 7ec0a966ab491e7349ebcdaae04fabeb7b8aaafd Author: Jonathan Rosser Date: Tue Oct 6 11:33:27 2020 +0100 Convert lxc2 config keys to lxc3 format Depends-On: https://review.opendev.org/756587 Change-Id: If3217b0020fb515641731a7301fb96066c669a8c diff --git a/inventory/group_vars/all_containers.yml b/inventory/group_vars/all_containers.yml index 0cabae3..c2ff6cc 100644 --- a/inventory/group_vars/all_containers.yml +++ b/inventory/group_vars/all_containers.yml @@ -16,7 +16,7 @@ # This is the default LXC AppArmor profile # Groups which need the unbound profile have a specific override lxc_container_config_list: - - "{{ (hostvars[physical_host]['ansible_distribution'] == 'Debian' and hostvars[physical_host]['ansible_distribution_major_version'] == '10' ) | ternary('lxc.aa_profile=unconfined', 'lxc.aa_profile=lxc-openstack') }}" + - "lxc.apparmor.profile={{ (hostvars[physical_host]['ansible_distribution'] == 'Debian' and hostvars[physical_host]['ansible_distribution_major_version'] == '10' ) | ternary('unconfined', 'lxc-openstack') }}" # Needed by playbooks/common-tasks/os-lxc-container-setup.yml lxc_container_log_path: "/var/log/lxc" diff --git a/inventory/group_vars/cinder_volume.yml b/inventory/group_vars/cinder_volume.yml index 15feb21..bdd9f47 100644 --- a/inventory/group_vars/cinder_volume.yml +++ b/inventory/group_vars/cinder_volume.yml @@ -19,4 +19,4 @@ cinder_backend_rbd_inuse: '{{ (cinder_backends|default("")|to_json).find("cinder.volume.drivers.rbd.RBDDriver") != -1 }}' lxc_container_config_list: - - "lxc.aa_profile=unconfined" + - "lxc.apparmor.profile=unconfined" diff --git a/inventory/group_vars/neutron_agent.yml b/inventory/group_vars/neutron_agent.yml index 99ec675..1f26eb3 100644 --- a/inventory/group_vars/neutron_agent.yml +++ b/inventory/group_vars/neutron_agent.yml @@ -21,7 +21,7 @@ neutron_dhcp_config: dhcp-ignore: "tag:!known" lxc_container_config_list: - - "lxc.aa_profile=unconfined" + - "lxc.apparmor.profile=unconfined" # Ensure that all neutron agent containers get a fixed mac address lxc_container_fixed_mac: true