From 8ed1aaf160dcf6c878c0a718253e1550564d8e7a Mon Sep 17 00:00:00 2001
From: Romain Dessort <rdessort@evolix.fr>
Date: Thu, 24 Aug 2017 12:07:16 -0400
Subject: [PATCH] Fix multiple bugs in lxc role after testing

---
 lxc/README.md                  | 2 +-
 lxc/defaults/main.yml          | 2 +-
 lxc/tasks/create-container.yml | 7 ++++---
 lxc/tasks/main.yml             | 7 +++++--
 lxc/templates/default.conf     | 3 +++
 5 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/lxc/README.md b/lxc/README.md
index 4da64f3c..c267d6b9 100644
--- a/lxc/README.md
+++ b/lxc/README.md
@@ -10,7 +10,7 @@ Everything is in the `tasks/main.yml` file.
 
 Here is the list of available variables:
 
-* `lxc_unprivilegied_containers`: should LXC containers run in unprivilegied (non root) mode? Default: `true`
+* `lxc_unprivilegied_containers`: should LXC containers run in unprivilegied (non root) mode? Currently `lxc_unprivilegied_containers: true` does not work. Default: `false`
 * `lxc_network_type`: network type to use. See lxc.container.conf(5). Default: `"none"`
 * `lxc_mount_part`: partition to bind mount into containers. Default: `"/home"`
 * `lxc_containers`: list of LXC containers to create. Default: `[]` (empty).
diff --git a/lxc/defaults/main.yml b/lxc/defaults/main.yml
index 86636da2..e7e1c1ff 100644
--- a/lxc/defaults/main.yml
+++ b/lxc/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 # Should LXC containers run in unprivilegied (non root) mode?
-lxc_unprivilegied_containers: true
+lxc_unprivilegied_containers: false
 
 # Network type to use. See lxc.container.conf(5).
 lxc_network_type: "none"
diff --git a/lxc/tasks/create-container.yml b/lxc/tasks/create-container.yml
index fc4b5a72..8b35d66b 100644
--- a/lxc/tasks/create-container.yml
+++ b/lxc/tasks/create-container.yml
@@ -1,6 +1,7 @@
 ---
 - name: Check if container exists
   command: "lxc-ls {{name}}"
+  changed_when: false
   register: container_exists
 
 - name: Create container
@@ -18,7 +19,7 @@
   lineinfile:
     name: "/var/lib/lxc/{{name}}/rootfs/etc/default/halt"
     line: "NETDOWN=no"
-  when: lxc_network_type == "none"
+  when: lxc_network_type == "none" and release != "stretch"
 
 - name: Make the container poweroff on SIGPWR (sent by lxc-stop) on jessie
   file:
@@ -35,18 +36,18 @@
     name: "/var/lib/lxc/{{name}}/rootfs/etc/hosts"
     line: "127.0.0.1 {{name}}"
 
-# Still needed?
 - name: Fix permission on /dev
   lineinfile:
     name: "/var/lib/lxc/{{name}}/rootfs/etc/rc.local"
     line: "chmod 755 /dev"
     insertbefore: "^exit 0$"
+  when: release != 'stretch'
 
 - name: Check if container is running
   command: "lxc-ls --running {{name}}"
+  changed_when: false
   register: container_running
 
 - name: "Start {{name}} container"
   command: "lxc-start -dn {{name}}"
   when: container_running.stdout_lines == []
-
diff --git a/lxc/tasks/main.yml b/lxc/tasks/main.yml
index e92e7d39..48ecf51b 100644
--- a/lxc/tasks/main.yml
+++ b/lxc/tasks/main.yml
@@ -10,12 +10,15 @@
 
 - name: Check if root has subuids
   command: grep '^root:100000:10000$' /etc/subuid
+  failed_when: false
+  changed_when: false
   register: root_subuids
+  when: lxc_unprivilegied_containers
 
 - name: Add subuid and subgid ranges to root
   command: usermod -v 100000-199999 -w 100000-109999 root
-  when: not root_subuids.rc
+  when: lxc_unprivilegied_containers and root_subuids.rc
 
 - name: Create containers
   include: "create-container.yml name={{item.name}} release={{item.release}}"
-  with_items: lxc_containers
+  with_items: "{{lxc_containers}}"
diff --git a/lxc/templates/default.conf b/lxc/templates/default.conf
index 5aaf824e..bf3501d3 100644
--- a/lxc/templates/default.conf
+++ b/lxc/templates/default.conf
@@ -20,3 +20,6 @@ lxc.tty = 1
 
 # Run 64bits containers
 lxc.arch = x86_64
+
+# Start containers on boot by default
+lxc.start.auto = 1