Neutron: add support to use legacy iptables

Setting legacy iptables for host system kernels not supporting iptables-nft. Change-Id: I3b17bfdbc68a9a227bb22dc05a02ed6da607a114
2019-09-20 18:45:52 +02:00 · 2019-09-20 18:45:52 +02:00 · e8289ff6df
parent cf525a9900
commit e8289ff6df
2 changed files with 15 additions and 0 deletions
--- a/docker/neutron/neutron-base/extend_start.sh
+++ b/docker/neutron/neutron-base/extend_start.sh
@ -7,4 +7,15 @@ if [[ $(stat -c %a /var/log/kolla/neutron) != "755" ]]; then
    chmod 755 /var/log/kolla/neutron
 fi

+# set legacy iptables to allow kernels not supporting iptables-nft
+if /usr/bin/update-alternatives --query iptables; then
+    if [[ $KOLLA_LEGACY_IPTABLES == "true" ]]; then
+        sudo /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy
+        sudo /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
+    else
+        sudo /usr/bin/update-alternatives --auto iptables
+        sudo /usr/bin/update-alternatives --auto ip6tables
+    fi
+fi
+
 . /usr/local/bin/kolla_neutron_extend_start
--- a/docker/neutron/neutron-base/neutron_sudoers
+++ b/docker/neutron/neutron-base/neutron_sudoers
@ -1,2 +1,6 @@
 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
 neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
+neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy
+neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
+neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto iptables
+neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto ip6tables