ansible-roles/lxc/tasks/main.yml

---
- name: Install lxc tools
  apt:
    name:
      - lxc
      - debootstrap
      - xz-utils

- name: python-lxc is installed (Debian <= 10)
  apt:
    name: python-lxc
    state: present
  when: ansible_python_version is version('3', '<')

- name: python3-lxc is installed (Debian >= 10)
  apt:
    name: python3-lxc
    state: present
  when: ansible_python_version is version('3', '>=')

- name: Install additional packages (Debian >= 10)
  apt:
    name:
      - apparmor
      - lxc-templates
  when: ansible_distribution_major_version is version('10', '>=')

- name: Copy LXC default containers configuration
  template:
    src: default.conf
    dest: /etc/lxc/

- name: Check if root has subuids
  command: grep '^root:100000:10000$' /etc/subuid
  failed_when: false
  changed_when: false
  register: root_subuids
  when: lxc_unprivilegied_containers | bool

- name: Add subuid and subgid ranges to root
  command: usermod -v 100000-199999 -w 100000-109999 root
  when:
    - lxc_unprivilegied_containers | bool
    - root_subuids.rc != 0

- name: Get filesystem options
  command: findmnt --noheadings --target /var/lib/lxc --output OPTIONS
  changed_when: false
  check_mode: no
  register: check_fs_options
  when: not ansible_check_mode

- name: Check if options are correct
  assert:
    that:
      - "'nodev'  not in check_fs_options.stdout"
      - "'noexec' not in check_fs_options.stdout"
      - "'nosuid' not in check_fs_options.stdout"
    msg: "LXC directory is in a filesystem with incompatible options"
  when: not ansible_check_mode

- name: Create containers
  include: create-container.yml
  vars:
    name: "{{ item.name }}"
    release: "{{ item.release }}"
  loop: "{{ lxc_containers }}"
Add role for LXC 2017-08-22 17:32:32 +02:00			`---`
			`- name: Install lxc tools`
			`apt:`
lxc: remove useless loop in apt execution 2019-10-01 17:53:08 +02:00			`name:`
			`- lxc`
			`- debootstrap`
			`- xz-utils`
Use python3 packages on Debian 11 and later 2021-05-02 01:14:06 +02:00
lxc: fix dependencies 2021-09-30 12:10:55 +02:00			`- name: python-lxc is installed (Debian <= 10)`
Use python3 packages on Debian 11 and later 2021-05-02 01:14:06 +02:00			`apt:`
			`name: python-lxc`
			`state: present`
Install python 2 or 3 libraries according to running python version 2021-09-30 17:05:10 +02:00			`when: ansible_python_version is version('3', '<')`
Use python3 packages on Debian 11 and later 2021-05-02 01:14:06 +02:00
lxc: fix dependencies 2021-09-30 12:10:55 +02:00			`- name: python3-lxc is installed (Debian >= 10)`
Use python3 packages on Debian 11 and later 2021-05-02 01:14:06 +02:00			`apt:`
			`name: python3-lxc`
			`state: present`
Install python 2 or 3 libraries according to running python version 2021-09-30 17:05:10 +02:00			`when: ansible_python_version is version('3', '>=')`
lxc: rely on lxc_container module instead of command module 2019-10-02 16:32:20 +02:00
lxc: fix dependencies 2021-09-30 12:10:55 +02:00			`- name: Install additional packages (Debian >= 10)`
lxc: rely on lxc_container module instead of command module 2019-10-02 16:32:20 +02:00			`apt:`
lxc: install apparmor on Debian 10 2020-04-17 15:57:22 +02:00			`name:`
			`- apparmor`
			`- lxc-templates`
Replace version_compare() with version() 2020-02-25 10:45:35 +01:00			`when: ansible_distribution_major_version is version('10', '>=')`
Add role for LXC 2017-08-22 17:32:32 +02:00
			`- name: Copy LXC default containers configuration`
			`template:`
			`src: default.conf`
			`dest: /etc/lxc/`

			`- name: Check if root has subuids`
			`command: grep '^root:100000:10000$' /etc/subuid`
Fix multiple bugs in lxc role after testing 2017-08-24 18:07:16 +02:00			`failed_when: false`
			`changed_when: false`
Add role for LXC 2017-08-22 17:32:32 +02:00			`register: root_subuids`
Improve Ansible syntax replace « x \| changed » by « x is changed » add explicit « bool » filter use « length » filter instead of string comparison 2021-05-09 23:06:42 +02:00			`when: lxc_unprivilegied_containers \| bool`
Add role for LXC 2017-08-22 17:32:32 +02:00
			`- name: Add subuid and subgid ranges to root`
			`command: usermod -v 100000-199999 -w 100000-109999 root`
whitespaces and syntax 2019-06-21 10:36:32 +02:00			`when:`
Improve Ansible syntax replace « x \| changed » by « x is changed » add explicit « bool » filter use « length » filter instead of string comparison 2021-05-09 23:06:42 +02:00			`- lxc_unprivilegied_containers \| bool`
			`- root_subuids.rc != 0`
Add role for LXC 2017-08-22 17:32:32 +02:00
lxc-solr: detect the real partition options 2022-09-26 23:46:29 +02:00			`- name: Get filesystem options`
			`command: findmnt --noheadings --target /var/lib/lxc --output OPTIONS`
Fail if /var has nodev or noexec option enabled. 2022-01-11 11:48:57 +01:00			`changed_when: false`
lxc-solr: detect the real partition options 2022-09-26 23:46:29 +02:00			`check_mode: no`
			`register: check_fs_options`
Add “when: not ansible_check_mode” to allow more --check 2022-12-01 18:18:25 +01:00			`when: not ansible_check_mode`
lxc-solr: detect the real partition options 2022-09-26 23:46:29 +02:00
			`- name: Check if options are correct`
			`assert:`
			`that:`
			`- "'nodev' not in check_fs_options.stdout"`
			`- "'noexec' not in check_fs_options.stdout"`
			`- "'nosuid' not in check_fs_options.stdout"`
			`msg: "LXC directory is in a filesystem with incompatible options"`
Add “when: not ansible_check_mode” to allow more --check 2022-12-01 18:18:25 +01:00			`when: not ansible_check_mode`
Ensure that /var is mounted with dev and exec options prior to LXC container creation. 2022-01-11 11:02:03 +01:00
Add role for LXC 2017-08-22 17:32:32 +02:00			`- name: Create containers`
whitespaces and syntax 2019-06-21 10:36:32 +02:00			`include: create-container.yml`
			`vars:`
			`name: "{{ item.name }}"`
whitespaces and syntax 2020-04-17 15:56:54 +02:00			`release: "{{ item.release }}"`
			`loop: "{{ lxc_containers }}"`