cloud-init の runcmd で firewalld インストール&設定するために user-data を次のように指定したところ、
#cloud-config
runcmd:
- yum -y install firewalld
- systemctl enable firewalld
- systemctl start firewalld
- firewall-cmd --set-default-zone=trusted
- firewall-cmd --zone=trusted --change-interface=eth0
- firewall-cmd --zone=trusted --add-masquerade
- firewall-cmd --runtime-to-permanent
firewall-cmd で次のようなエラーになりました。
ERROR:dbus.proxies:Introspect error on :1.7:/org/fedoraproject/FirewallD1: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
firewall-offline-cmd で設定を変更した後に firewalld を開始すれば大丈夫です。
#cloud-config
runcmd:
- yum -y install firewalld
- firewall-offline-cmd --set-default-zone=trusted
- firewall-offline-cmd --zone=trusted --change-interface=eth0
- firewall-offline-cmd --zone=trusted --add-masquerade
- systemctl enable firewalld
- systemctl start firewalld
参考