This is just a short post but something I was struggling to figure out.
I wanted to open port 80 while starting up OCI Linux 7.8 instance and was using cloud-init portion what you have in the advanced section when creating a compute instance.
Initially I had this in the bootstrap configuration:
#!/bin/bash
sudo yum install httpd wget php php-mcrypt php-cli php-gd php-curl php-mysql php-ldap php-zip php-fileinfo -y
sudo systemctl enable httpd
sudo systemctl restart httpd
sudo firewall-cmd --add-service=http
sudo firewall-cmd --add-service=https
sudo firewall-cmd --reload
But no matter what I did, nothing after yum command was executed! I noticed following line in /var/log/messages for cloud-init, after it was done with installing packages:
Oct 23 16:54:07 instance-20201023-1246 cloud-init: ERROR:dbus.proxies:Introspect error on :1.4:/org/fedoraproject/FirewallD1: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
After searching I found following note, which mentions that in some cases SELinux might prevent automatic firewall configuration! I was then looking on two different options, either disable SELinux or if you don’t want to disable it, then you can follow the steps in the above note.
I changed my bootstrap script to be as:
#!/bin/bash
yum install httpd wget php php-mcrypt php-cli php-gd php-curl php-mysql php-ldap php-zip php-fileinfo -y
systemctl stop firewalld
firewall-offline-cmd --add-service=https
firewall-offline-cmd --add-service=http
systemctl start firewalld
systemctl enable httpd.service
systemctl restart httpd.service
And there you go! I could access my web server without issues after this modification.
* Initially I used sudo firewall-cmd –permanent –add-service=http in my first command but was highlighted the actual command should be without permanent option as that comes into play only after reboot!