From a75babb0005d98239959af88f0fc40389b5a35ef Mon Sep 17 00:00:00 2001
From: Baptiste DE RENZO <baptiste.derenzo@ubicast.eu>
Date: Thu, 6 Apr 2023 09:27:09 +0000
Subject: [PATCH] Disable masquerade bridge when host bridge configured, Fix
 #37651

---
 roles/lxc/files/lxc-net.host_bridge           |  1 +
 .../lxc-net.masquerade_bridge}                |  0
 roles/lxc/tasks/main.yml                      | 52 +++++++++++--------
 3 files changed, 30 insertions(+), 23 deletions(-)
 create mode 100644 roles/lxc/files/lxc-net.host_bridge
 rename roles/lxc/{templates/lxc-net.j2 => files/lxc-net.masquerade_bridge} (100%)

diff --git a/roles/lxc/files/lxc-net.host_bridge b/roles/lxc/files/lxc-net.host_bridge
new file mode 100644
index 00000000..3e6807be
--- /dev/null
+++ b/roles/lxc/files/lxc-net.host_bridge
@@ -0,0 +1 @@
+USE_LXC_BRIDGE="false"
diff --git a/roles/lxc/templates/lxc-net.j2 b/roles/lxc/files/lxc-net.masquerade_bridge
similarity index 100%
rename from roles/lxc/templates/lxc-net.j2
rename to roles/lxc/files/lxc-net.masquerade_bridge
diff --git a/roles/lxc/tasks/main.yml b/roles/lxc/tasks/main.yml
index 948cfa7d..406bc194 100644
--- a/roles/lxc/tasks/main.yml
+++ b/roles/lxc/tasks/main.yml
@@ -1,8 +1,27 @@
 ---
 
-- name: Masquerade bridge configuration
+- name: LXC packages installation
+  ansible.builtin.apt:
+    force_apt_get: true
+    name:
+      - lxc
+      - lxcfs
+      - bridge-utils
+    state: present
+  register: apt_status
+  retries: 60
+  until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+
+- name: Host bridge configuration
   when: lxc_network_type == 'host_bridge'
   block:
+    - name: Masquerade bridge configuration disabling
+      notify: restart lxc-net
+      ansible.builtin.copy:
+        src: lxc-net.host_bridge
+        dest: /etc/default/lxc-net
+        mode: "644"
+ 
     - name: Ask confirmation
       ansible.builtin.pause:
         prompt: |
@@ -12,7 +31,6 @@
           Documentation (section host device as bridge): https://wiki.debian.org/LXC/SimpleBridge
           Continue (yes/no)
           -------------------------------------------------------------------------------------------
-      when: lxc_network_type == 'host_bridge'
       register: confirm_continue
       no_log: true
 
@@ -21,33 +39,21 @@
         msg: 'Installation aborted'
       when: not ((confirm_continue.user_input | bool) or (confirm_continue.user_input | length == 0))
 
-- name: LXC packages installation
-  ansible.builtin.apt:
-    force_apt_get: true
-    name:
-      - lxc
-      - lxcfs
-      - bridge-utils
-    state: present
-  register: apt_status
-  retries: 60
-  until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
-
-- name: Default container configuration
-  notify: restart lxc
-  ansible.builtin.template:
-    src: lxc-default.j2
-    dest: /etc/lxc/default.conf
-    mode: "644"
-
 - name: Masquerade bridge configuration
   when: lxc_network_type == 'masquerade_bridge'
   block:
     - name: Container network configuration
       notify: restart lxc-net
-      ansible.builtin.template:
-        src: lxc-net.j2
+      ansible.builtin.copy:
+        src: lxc-net.masquerade_bridge
         dest: /etc/default/lxc-net
         mode: "644"
 
+- name: Default container configuration
+  notify: restart lxc
+  ansible.builtin.template:
+    src: lxc-default.j2
+    dest: /etc/lxc/default.conf
+    mode: "644"
+
 ...
-- 
GitLab