Set Openstack LXC apparmor profile on haproxy containers

When haproxy is running inside a container, deploy the normal Openstack LXC apparmor profile. Change-Id: I440b931f9308a5395bb426a069f33f5f74ec6953
2016-02-01 13:08:53 -06:00 · 2016-02-01 13:08:53 -06:00 · d182100c0a
commit d182100c0a
parent ad233ca9e9
1 changed files with 35 additions and 0 deletions
--- a/playbooks/haproxy-install.yml
+++ b/playbooks/haproxy-install.yml
@ -13,6 +13,41 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+- name: haproxy container config
+  hosts: haproxy_all
+  max_fail_percentage: 0
+  user: root
+  tasks:
+    - name: Use the lxc-openstack aa profile
+      lxc_container:
+        name: "{{ container_name }}"
+        container_config:
+          - "lxc.aa_profile=lxc-openstack"
+      delegate_to: "{{ physical_host }}"
+      when: not is_metal | bool
+      register: container_config
+      tags:
+        - lxc-aa-profile
+    - name: Wait for container ssh
+      wait_for:
+        port: "22"
+        delay: "{{ ssh_delay }}"
+        search_regex: "OpenSSH"
+        host: "{{ ansible_ssh_host }}"
+      delegate_to: "{{ physical_host }}"
+      when:
+        - container_config is defined
+        - container_config | changed
+      register: ssh_wait_check
+      until: ssh_wait_check | success
+      retries: 3
+      tags:
+        - ssh-wait
+  vars:
+    is_metal: "{{ properties.is_metal|default(false) }}"
+  tags:
+    - haproxy-lxc-container-setup
+
 - hosts: haproxy
  user: root
  vars_files: