[SOLVED] firewall-cmd fails in cloud-init

General support questions
Post Reply
matobinder
Posts: 9
Joined: 2013/04/16 03:01:12

[SOLVED] firewall-cmd fails in cloud-init

Post by matobinder » 2015/04/19 15:21:31

So I'm trying to build some CentOS7 machines via OpenStack 5. I cannot get firewall-cmd to work from within the cloud-init file. The error seems to be more CentOS related than cloud-init. But here goes. I have a real simple cloud-init file. Basically this

..
runcmd:
- /bin/yum install firewalld -y
- /bin/systemctl enable firewalld
- /bin/systemctl start firewalld
- /bin/firewall-cmd --permanent --zone=public --add-port=12345/tcp

The first 3 commands work fine, but the firewall-cmd errors out with this message

"
cloud-init: ERROR:dbus.proxies:Introspect error on :1.9:/org/fedoraproject/FirewallD1/config: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
"

I did a bit of searching, and it sounds like in some cases this is because its not ran as root? I thought all cloud-init files ran as root. I really want to be able to configure certain ports while spinning up a lot of VMs.

Hellboy
Posts: 116
Joined: 2010/07/18 09:46:18

Re: firewall-cmd fails in cloud-init

Post by Hellboy » 2015/04/19 16:37:02

Do you run it during %post, then firewall-offline-cmd must be used, if you run it during it's firstboot, then i suspect you have 7.0 instead of 7.1, there was a selinux problem with 7.0 when you run firewall-cmd at first boot.

matobinder
Posts: 9
Joined: 2013/04/16 03:01:12

Re: firewall-cmd fails in cloud-init

Post by matobinder » 2015/04/19 16:53:52

Awesome fast reply. Thanks!

Switching the order around a bit, and using firewall-offline-cmd, made it work. Thanks, much, I hadn't noticed the offline command.

So my simple cloud-init now looks like this,

..
runcmd:
- /bin/yum install firewalld -y
- /bin/firewall-offline-cmd --add-port=12345/tcp
- /bin/systemctl enable firewalld
- /bin/systemctl start firewalld

Post Reply

Return to “CentOS 7 - General Support”