Prevent lxc.service from being restarted on package update

As of today, each lxc-utils update would lead to restart of all containers. At the same time this might be unwanted behaviour, as if it's run without limit, all cluster members inside containers can go down at the same time. In order to prevent that, we place policy-rc.d file that will simply quit with 101 code `action forbidden by policy` on service restart attempt. Change-Id: I9140b7ab9f9266fcf4fe800e4610497f2324df4e
2022-07-26 18:29:24 +02:00 · 2022-07-26 18:29:24 +02:00 · f8594d335f
parent 783076a508
commit f8594d335f
1 changed files with 16 additions and 0 deletions
--- a/tasks/lxc_install_apt.yml
+++ b/tasks/lxc_install_apt.yml
@ -21,6 +21,16 @@
  tags:
    - lxc-apt-packages

+- name: Prevent lxc from starting on install
+  copy:
+    content: |
+      #!/bin/bash
+      exit 101
+    dest: "/usr/sbin/policy-rc.d"
+    mode: "0755"
+    backup: yes
+  changed_when: false
+
 - name: Install apt packages
  apt:
    pkg: "{{ lxc_hosts_distro_packages }}"
@ -35,6 +45,12 @@
  tags:
    - lxc-apt-packages

+- name: Remove policy-rc now that the package install/upgrade is complete
+  file:
+    path: "/usr/sbin/policy-rc.d"
+    state: absent
+  changed_when: false
+
 - name: Drop irqbalance config
  template:
    src: "irqbalance.j2"