forked from coreos/fedora-coreos-docs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
alternatives: update doc to use the usual
alternatives commands
- Loading branch information
1 parent
27968e3
commit ea7020f
Showing
1 changed file
with
19 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,37 +1,25 @@ | ||
| = Setting alternatives | ||
|
|
||
| Due to an https://github.com/fedora-sysv/chkconfig/issues/9[ongoing issue] in how alternatives configurations are stored on the system, Fedora CoreOS systems can not use the usual `alternatives` commands to configure them. | ||
| Now Fedora CoreOS systems can use the usual `alternatives` commands to configure the default command, as https://github.com/fedora-sysv/chkconfig/issues/9[issue] is fixed. | ||
|
|
||
| Instead, until this issue is resolved, you can set the symlinks directly in `/etc/alternatives`. For example, to use the legacy-based variants of the `iptables` commands: | ||
| For example, to use the iptables-nft variants of the `iptables` commands: | ||
|
|
||
| [source,yaml,subs="attributes"] | ||
| [source,bash,subs="attributes"] | ||
| ---- | ||
| variant: fcos | ||
| version: {butane-latest-stable-spec} | ||
| storage: | ||
| links: | ||
| - path: /etc/alternatives/iptables | ||
| target: /usr/sbin/iptables-legacy | ||
| overwrite: true | ||
| hard: false | ||
| - path: /etc/alternatives/iptables-restore | ||
| target: /usr/sbin/iptables-legacy-restore | ||
| overwrite: true | ||
| hard: false | ||
| - path: /etc/alternatives/iptables-save | ||
| target: /usr/sbin/iptables-legacy-save | ||
| overwrite: true | ||
| hard: false | ||
| - path: /etc/alternatives/ip6tables | ||
| target: /usr/sbin/ip6tables-legacy | ||
| overwrite: true | ||
| hard: false | ||
| - path: /etc/alternatives/ip6tables-restore | ||
| target: /usr/sbin/ip6tables-legacy-restore | ||
| overwrite: true | ||
| hard: false | ||
| - path: /etc/alternatives/ip6tables-save | ||
| target: /usr/sbin/ip6tables-legacy-save | ||
| overwrite: true | ||
| hard: false | ||
| # Check iptables points to iptables-legacy | ||
| sudo alternatives --display iptables | ||
| # Update iptables to use the nft implementation | ||
| pfx=/usr/sbin/iptables | ||
| pfx6=/usr/sbin/ip6tables | ||
| sudo alternatives --install ${pfx} iptables ${pfx}-nft 15 \ | ||
| --slave ${pfx6} ip6tables ${pfx6}-nft \ | ||
| --slave ${pfx}-restore iptables-restore ${pfx}-nft-restore \ | ||
| --slave ${pfx}-save iptables-save ${pfx}-nft-save \ | ||
| --slave ${pfx6}-restore ip6tables-restore ${pfx6}-nft-restore \ | ||
| --slave ${pfx6}-save ip6tables-save ${pfx6}-nft-save | ||
| sudo alternatives --auto iptables | ||
| # Check iptables points to iptables-nft | ||
| sudo alternatives --display iptables | ||
| ---- |