diff --git a/roles/apparmor_libvirt/defaults/main.yml b/roles/apparmor_libvirt/defaults/main.yml
new file mode 100644
index 0000000..6a794d1
--- /dev/null
+++ b/roles/apparmor_libvirt/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+# Whether the nova_libvirt container is enabled.
+enable_nova_libvirt_container: false
+
+# Whether to remove the AppArmor libvirt profile on Ubuntu hosts.
+apparmor_remove_libvirt_profile: "{{ enable_nova_libvirt_container | bool }}"
diff --git a/roles/apparmor_libvirt/tasks/main.yml b/roles/apparmor_libvirt/tasks/main.yml
new file mode 100644
index 0000000..c44e0dd
--- /dev/null
+++ b/roles/apparmor_libvirt/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- include_tasks: remove-profile.yml
+  when:
+    - ansible_facts.distribution == "Ubuntu"
+    - apparmor_remove_libvirt_profile | bool
diff --git a/roles/apparmor_libvirt/tasks/remove-profile.yml b/roles/apparmor_libvirt/tasks/remove-profile.yml
new file mode 100644
index 0000000..8f62c03
--- /dev/null
+++ b/roles/apparmor_libvirt/tasks/remove-profile.yml
@@ -0,0 +1,21 @@
+---
+- name: Get stat of libvirtd apparmor profile
+  stat:
+    path: /etc/apparmor.d/usr.sbin.libvirtd
+  register: apparmor_libvirtd_profile
+
+- name: Get stat of libvirtd apparmor disable profile
+  stat:
+    path: /etc/apparmor.d/disable/usr.sbin.libvirtd
+  register: apparmor_libvirtd_disable_profile
+
+- name: Remove apparmor profile for libvirt
+  shell: |
+    apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd && \
+    ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable
+  args:
+    executable: /bin/bash
+  become: True
+  when:
+    - apparmor_libvirtd_profile.stat.exists
+    - not apparmor_libvirtd_disable_profile.stat.exists
diff --git a/roles/baremetal/defaults/main.yml b/roles/baremetal/defaults/main.yml
index 30f47b2..9877541 100644
--- a/roles/baremetal/defaults/main.yml
+++ b/roles/baremetal/defaults/main.yml
@@ -36,9 +36,3 @@ git_http_proxy: ""
 git_https_proxy: ""
 
 node_config_directory: "/etc/kolla"
-
-# Whether the nova_libvirt container is enabled.
-enable_nova_libvirt_container: false
-
-# Whether to remove the AppArmor libvirt profile on Ubuntu hosts.
-apparmor_remove_libvirt_profile: "{{ enable_nova_libvirt_container | bool }}"
diff --git a/roles/baremetal/tasks/post-install.yml b/roles/baremetal/tasks/post-install.yml
index e98b25c..4899c7f 100644
--- a/roles/baremetal/tasks/post-install.yml
+++ b/roles/baremetal/tasks/post-install.yml
@@ -15,30 +15,8 @@
     mode: 0755
   become: True
 
-- block:
-    - name: Get stat of libvirtd apparmor profile
-      stat:
-        path: /etc/apparmor.d/usr.sbin.libvirtd
-      register: apparmor_libvirtd_profile
-
-    - name: Get stat of libvirtd apparmor disable profile
-      stat:
-        path: /etc/apparmor.d/disable/usr.sbin.libvirtd
-      register: apparmor_libvirtd_disable_profile
-
-    - name: Remove apparmor profile for libvirt
-      shell: |
-        apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd && \
-        ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable
-      args:
-        executable: /bin/bash
-      become: True
-      when:
-        - apparmor_libvirtd_profile.stat.exists
-        - not apparmor_libvirtd_disable_profile.stat.exists
-  when:
-    - ansible_facts.distribution == "Ubuntu"
-    - apparmor_remove_libvirt_profile | bool
+- import_role:
+    name: openstack.kolla.apparmor_libvirt
 
 - name: Change state of selinux
   selinux: