neutron: Fix update-alternatives on CentOS

mnasiadka · yoctozepto · commit 4dfdde42cd42 · 2020-11-08T20:44:36.000Z
Change-Id: I151420d3036410dd5ce6d90907d72dd3c20643b5 Closes-Bug: #1884778 (cherry picked from commit 7a4ba91)
diff --git a/docker/neutron/neutron-base/extend_start.sh b/docker/neutron/neutron-base/extend_start.sh
@@ -6,20 +6,25 @@ fi
 if [[ $(stat -c %a /var/log/kolla/neutron) != "755" ]]; then
     chmod 755 /var/log/kolla/neutron
 fi
+if [[ ${KOLLA_BASE_DISTRO} == "centos" ]]; then
+    export UPDATE_ALTERNATIVES="/usr/sbin/update-alternatives"
+else
+    export UPDATE_ALTERNATIVES="/usr/bin/update-alternatives"
+fi
 
 # set legacy iptables to allow kernels not supporting iptables-nft
-if /usr/bin/update-alternatives --query iptables; then
+if $UPDATE_ALTERNATIVES --query iptables; then
     # NOTE(yoctozepto): Kolla-Ansible does not always set KOLLA_LEGACY_IPTABLES;
     # the workaround below ensures it gets set to `false` in such cases to fix
     # this code under `set -o nounset`.
     KOLLA_LEGACY_IPTABLES=${KOLLA_LEGACY_IPTABLES-false}
 
     if [[ $KOLLA_LEGACY_IPTABLES == "true" ]]; then
-        sudo /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy
-        sudo /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
+        sudo $UPDATE_ALTERNATIVES --set iptables /usr/sbin/iptables-legacy
+        sudo $UPDATE_ALTERNATIVES --set ip6tables /usr/sbin/ip6tables-legacy
     else
-        sudo /usr/bin/update-alternatives --auto iptables
-        sudo /usr/bin/update-alternatives --auto ip6tables
+        sudo $UPDATE_ALTERNATIVES --auto iptables
+        sudo $UPDATE_ALTERNATIVES --auto ip6tables
     fi
 fi
 
diff --git a/docker/neutron/neutron-base/neutron_sudoers b/docker/neutron/neutron-base/neutron_sudoers
@@ -4,3 +4,7 @@ neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set iptables /usr/
 neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
 neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto iptables
 neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto ip6tables
+neutron ALL = (root) NOPASSWD: /usr/sbin/update-alternatives --set iptables /usr/sbin/iptables-legacy
+neutron ALL = (root) NOPASSWD: /usr/sbin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
+neutron ALL = (root) NOPASSWD: /usr/sbin/update-alternatives --auto iptables
+neutron ALL = (root) NOPASSWD: /usr/sbin/update-alternatives --auto ip6tables
