替代设置
由于在系统中存储替代配置的方式有 持续存在的问题,Fedora CoreOS 系统无法使用通常的 `alternatives`命令进行配置。
相反,在这个问题解决之前,可以直接在 /etc/alternatives`中设置符号链接。例如,使用基于传统的 `iptables 命令变体:
variant: fcos
version: 1.6.0
storage:
links:
- path: /etc/alternatives/iptables
target: /usr/sbin/iptables-legacy
overwrite: true
hard: false
- path: /etc/alternatives/iptables-restore
target: /usr/sbin/iptables-legacy-restore
overwrite: true
hard: false
- path: /etc/alternatives/iptables-save
target: /usr/sbin/iptables-legacy-save
overwrite: true
hard: false
- path: /etc/alternatives/ip6tables
target: /usr/sbin/ip6tables-legacy
overwrite: true
hard: false
- path: /etc/alternatives/ip6tables-restore
target: /usr/sbin/ip6tables-legacy-restore
overwrite: true
hard: false
- path: /etc/alternatives/ip6tables-save
target: /usr/sbin/ip6tables-legacy-save
overwrite: true
hard: falseUsing alternatives commands
Starting with Fedora CoreOS based on Fedora 41, you can use alternatives commands to configure the default command.
Example Butane config using a systemd unit to configure the default iptables backend
variant: fcos
version: 1.6.0
systemd:
units:
- name: custom-iptables-default.service
enabled: true
contents: |
[Unit]
Description=Set the default backend for iptables
[Service]
ExecStart=/usr/sbin/alternatives --set iptables /usr/sbin/iptables-legacy
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
We don’t recommend configuring the default iptables backend to iptables-legacy. This is just an example.
|
You can also manually run the alternatives commands to configure the default command runtime.
Example to manually configure the default iptables backend
# Check the link info
alternatives --display iptables
iptables --version
# Configure iptables to point to iptables-nft
sudo alternatives --set iptables /usr/sbin/iptables-nft
# Verify iptables version is iptables-nft
alternatives --display iptables
iptables --versionWant to help? Learn how to contribute to Fedora Docs ›