Merge "Neutron: add support to use legacy iptables"

This commit is contained in:
Zuul 2019-10-16 12:22:13 +00:00 committed by Gerrit Code Review
commit ec57047f9e
2 changed files with 15 additions and 0 deletions

View File

@ -7,4 +7,15 @@ if [[ $(stat -c %a /var/log/kolla/neutron) != "755" ]]; then
chmod 755 /var/log/kolla/neutron
fi
# set legacy iptables to allow kernels not supporting iptables-nft
if /usr/bin/update-alternatives --query iptables; then
if [[ $KOLLA_LEGACY_IPTABLES == "true" ]]; then
sudo /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
else
sudo /usr/bin/update-alternatives --auto iptables
sudo /usr/bin/update-alternatives --auto ip6tables
fi
fi
. /usr/local/bin/kolla_neutron_extend_start

View File

@ -1,2 +1,6 @@
neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto iptables
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto ip6tables