added support for lxc container by kipping sysctl tasks when in a container

common.yml

@@ -157,6 +157,10 @@
         group: root
         mode: '0644'
 
+    - name: "Register if we are running baremetal (none), virtualized (kvm) or container (lxc)"
+      command: systemd-detect-virt
+      register: systemd_detect_virt
+
     # Set vm.swappiness to 1 in /etc/sysctl.conf
     - name: "Set swappiness to zero in sysctl.conf"
       sysctl:
@@ -165,7 +169,8 @@
         state: present
         reload: yes
         sysctl_file: /etc/sysctl.conf
-        
+      when: systemd_detect_virt.stdout != "lxc"
+
     - name: "Set nf_conntrack_max to 131072 in sysctl.conf, suitable for max 4gb of ram, conntrack_max = RAMSIZE (in bytes)/16384/2 = 4*1024*1024*1024/16384/2 = 4*32768 = 131072"
       sysctl:
         name: net.netfilter.nf_conntrack_max
@@ -174,6 +179,7 @@
         reload: yes
         sysctl_file: /etc/sysctl.conf
         #source: https://support.huaweicloud.com/intl/en-us/trouble-ecs/ecs_trouble_0324.html
+      when: systemd_detect_virt.stdout != "lxc"
 
     - name: Disable IPv6 with sysctl
       sysctl: name={{ item }} value=1 state=present reload=yes
@@ -181,6 +187,7 @@
         - net.ipv6.conf.all.disable_ipv6
         - net.ipv6.conf.default.disable_ipv6
         - net.ipv6.conf.lo.disable_ipv6
+      when: systemd_detect_virt.stdout != "lxc"
 
     - ansible.builtin.include_role:
         name: ssh_hardening