--- - hosts: - lxc_hosts tasks: - assert: that: - ansible_pkg_mgr == "apt" fail_msg: "Sorry, Debian-like hosts only!" - name: Just to be sure python3-apt is installed command: apt install -y python3-apt args: creates: /usr/lib/python3/dist-packages/apt - name: Install packages package: name: "{{ packages }}" state: latest vars: packages: - bridge-utils - dnsmasq - iptables - lxc - python3-lxc - name: Copy config files copy: src: "{{ item }}" dest: "/{{ item }}" owner: root group: root mode: 0644 loop: - etc/dnsmasq.d/br-lxc - etc/lxc/ansible.conf - etc/network/interfaces.d/br-lxc notify: - Restart dnsmasq - name: Fix evil Debian default /etc/network/interfaces lineinfile: dest: /etc/network/interfaces regexp: 'source.*interfaces.d' line: 'source-directory /etc/network/interfaces.d' backup: yes - name: dnsmasq should use /etc/resolv.conf lineinfile: path: /etc/default/dnsmasq line: 'IGNORE_RESOLVCONF=yes' regexp: '^\s*#*\s*IGNORE_RESOLVCONF=yes' backup: yes notify: - Restart dnsmasq - name: IPv4-Forwarding sysctl: name: net.ipv4.ip_forward value: '1' sysctl_file: /etc/sysctl.d/lxc.conf sysctl_set: yes state: present reload: yes - name: Raise inotify limit sysctl: name: fs.inotify.max_user_instances value: '1024' sysctl_file: 30-lxc-inotify.conf sysctl_set: yes state: present reload: yes - name: Enable CAP_SYS_TIME in Container lineinfile: dest: /usr/share/lxc/config/common.conf backrefs: yes regexp: '(^\s*[^#].*)sys_time ?(.*)$' line: '\1\2' backup: yes - name: Disable lxc-net service: name: lxc-net enabled: no state: stopped ignore_errors: yes - name: Bring up br-lxc command: ifup br-lxc args: creates: /sys/devices/virtual/net/br-lxc handlers: - name: Restart dnsmasq service: name: dnsmasq state: restarted ignore_errors: yes