33 lines
922 B
YAML
33 lines
922 B
YAML
---
|
|
- name: Set apparmor profile unconfined
|
|
ansible.builtin.lineinfile:
|
|
dest: "/etc/pve/lxc/{{ item }}.conf"
|
|
regexp: ^lxc.apparmor.profile
|
|
line: "lxc.apparmor.profile: unconfined"
|
|
loop: "{{ kube_ids }}"
|
|
notify: reboot containers
|
|
|
|
- name: Allow cgroup devices
|
|
ansible.builtin.lineinfile:
|
|
dest: "/etc/pve/lxc/{{ item }}.conf"
|
|
regexp: ^lxc.cgroup.devices.allow
|
|
line: "lxc.cgroup.devices.allow: a"
|
|
loop: "{{ kube_ids }}"
|
|
notify: reboot containers
|
|
|
|
- name: Blank out lxc.cap.drop
|
|
ansible.builtin.lineinfile:
|
|
dest: "/etc/pve/lxc/{{ item }}.conf"
|
|
regexp: ^lxc.cap.drop
|
|
line: "lxc.cap.drop: "
|
|
loop: "{{ kube_ids }}"
|
|
notify: reboot containers
|
|
|
|
- name: LXC auto mount proc and sys
|
|
ansible.builtin.lineinfile:
|
|
dest: "/etc/pve/lxc/{{ item }}.conf"
|
|
regexp: ^lxc.mount.auto
|
|
line: 'lxc.mount.auto: "proc:rw sys:rw"'
|
|
loop: "{{ kube_ids }}"
|
|
notify: reboot containers
|