Configurando alternativas

Devido a um problema atualmente em tratamento em como as configurações alternativas são armazenadas no sistema, os sistemas Fedora CoreOS não podem usar os comandos alternatives usuais para configurá-los.

Em vez disso, até que esse problema seja resolvido, você pode definir os links simbólicos diretamente em /etc/alternatives. Por exemplo, para usar as variantes legadas dos comandos iptables:

variant: fcos
version: 1.5.0
storage:
  links:
    - path: /etc/alternatives/iptables
      target: /usr/sbin/iptables-legacy
      overwrite: true
      hard: false
    - path: /etc/alternatives/iptables-restore
      target: /usr/sbin/iptables-legacy-restore
      overwrite: true
      hard: false
    - path: /etc/alternatives/iptables-save
      target: /usr/sbin/iptables-legacy-save
      overwrite: true
      hard: false
    - path: /etc/alternatives/ip6tables
      target: /usr/sbin/ip6tables-legacy
      overwrite: true
      hard: false
    - path: /etc/alternatives/ip6tables-restore
      target: /usr/sbin/ip6tables-legacy-restore
      overwrite: true
      hard: false
    - path: /etc/alternatives/ip6tables-save
      target: /usr/sbin/ip6tables-legacy-save
      overwrite: true
      hard: false

Using alternatives commands

Starting with Fedora CoreOS based on Fedora 41, you can use alternatives commands to configure the default command.

Example Butane config using a systemd unit to configure the default iptables backend
variant: fcos
version: 1.5.0
systemd:
  units:
    - name: custom-iptables-default.service
      enabled: true
      contents: |
        [Unit]
        Description=Set the default backend for iptables
        [Service]
        ExecStart=/usr/sbin/alternatives --set iptables /usr/sbin/iptables-legacy
        RemainAfterExit=yes
        [Install]
        WantedBy=multi-user.target
We don’t recommend configuring the default iptables backend to iptables-legacy. This is just an example.

You can also manually run the alternatives commands to configure the default command runtime.

Example to manually configure the default iptables backend
# Check the link info
alternatives --display iptables
iptables --version

# Configure iptables to point to iptables-nft
sudo alternatives --set iptables /usr/sbin/iptables-nft

# Verify iptables version is iptables-nft
alternatives --display iptables
iptables --version

Want to help? Learn how to contribute to Fedora Docs