Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 26. Installing and configuring web console with the cockpit RHEL System Role

With the cockpit RHEL System Role, you can install and configure the web console in your system.

26.1. The cockpit System Role
Link kopieren

You can use the cockpit System Role to automatically deploy and enable the web console and thus be able to manage your RHEL systems from a web browser.

26.2. Variables for the cockpit RHEL System Role
Link kopieren

The parameters used for the cockpit RHEL System Roles are:

Expand
Role VariableDescription

cockpit_packages: (default: default)

Sets one of the predefined package sets: default, minimal, or full.

* cockpit_packages: (default: default) - most common pages and on-demand install UI

* cockpit_packages: (default: minimal) - just the Overview, Terminal, Logs, Accounts, and Metrics pages; minimal dependencies

* cockpit_packages: (default: full) - all available pages

Optionally, specify your own selection of cockpit packages you want to install.

cockpit_enabled: (default:true)

Configures if the web console web server is enabled to start automatically at boot

cockpit_started: (default:true)

Configures if the web console should be started

cockpit_config: (default: nothing)

You can apply settings in the /etc/cockpit/cockpit.conf file. NOTE: The previous settings file will be lost.

cockpit_port: (default: 9090)

The web console runs on port 9090 by default. You can change the port using this option.

cockpit_manage_firewall: (default: false)

Allows the cockpit role to control the firewall role to add ports. It cannot be used for removing ports. If you want to remove ports, you will need to use the firewall system role directly.

cockpit_manage_selinux: (default: false)

Allows the cockpit role to configure SELinux using the selinux role. The default SELinux policy does not allow Cockpit to listen on anything other than port 9090. If you change the port, set this option to true so that the selinux role can set the correct port permissions (websm_port_t).

cockpit_certificates: (default: nothing)

Allows the cockpit role to generate new certificates using the certificate role. The value of cockpit_certificates is passed on to the certificate_requests variable of the certificate role. This role is called internally by the cockpit role and it generates the private key and certificate.

26.3. Installing the web console by using the cockpit RHEL System Role
Link kopieren

You can use the cockpit System Role to install and enable the RHEL web console.

By default, the RHEL web console uses a self-signed certificate. For security reasons, you can specify a certificate that was issued by a trusted certificate authority instead.

In this example, you use the cockpit System Role to:

  • Install the RHEL web console.
  • Allow the web console to manage firewalld.
  • Set the web console to use a certificate from the ipa trusted certificate authority instead of using a self-signed certificate.
  • Set the web console to use a custom port 9050.
Note

You do not have to call the firewall or certificate System Roles in the playbook to manage the Firewall or create the certificate. The cockpit System Role calls them automatically as needed.

Prerequisites

  • Access and permissions to one or more managed nodes.

  • Access and permissions to a control node.

    On the control node:

    • Red Hat Ansible Engine is installed.
    • The rhel-system-roles package is installed.
    • An inventory file exists that lists the managed nodes.

Procedure

  1. Create a new playbook.yml file with the following content: 

    ---
- hosts: all
  tasks:
    - name: Install RHEL web console
      include_role:
        name: rhel-system-roles.cockpit
      vars:
        cockpit_packages: default
        #cockpit_packages: minimal
        #cockpit_packages: full
        cockpit_port:9050
        cockpit_manage_selinux: true
        cockpit_manage_firewall: true
        cockpit_certificates:
          - name: /etc/cockpit/ws-certs.d/01-certificate
            dns: ['localhost', 'www.example.com']
            ca: ipa
            group: cockpit-ws
    Copy to Clipboard Toggle word wrap

  2. Optional: Verify the playbook syntax: 

    # ansible-playbook --syntax-check -i inventory_file playbook.yml
    Copy to Clipboard Toggle word wrap

  3. Run the playbook on your inventory file: 

    # ansible-playbook -i inventory_file /path/to/file/playbook.yml
    Copy to Clipboard Toggle word wrap
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat