Chapter 26. Installing and configuring web console with the cockpit RHEL System Role


With the cockpit RHEL System Role, you can install and configure the web console in your system.

26.1. The cockpit System Role

You can use the cockpit System Role to automatically deploy and enable the web console and thus be able to manage your RHEL systems from a web browser.

26.2. Variables for the cockpit RHEL System Role

The parameters used for the cockpit RHEL System Roles are:

Role VariableDescription

cockpit_packages: (default: default)

Sets one of the predefined package sets: default, minimal, or full.

* cockpit_packages: (default: default) - most common pages and on-demand install UI

* cockpit_packages: (default: minimal) - just the Overview, Terminal, Logs, Accounts, and Metrics pages; minimal dependencies

* cockpit_packages: (default: full) - all available pages

Optionally, specify your own selection of cockpit packages you want to install.

cockpit_enabled: (default:true)

Configures if the web console web server is enabled to start automatically at boot

cockpit_started: (default:true)

Configures if the web console should be started

cockpit_config: (default: nothing)

You can apply settings in the /etc/cockpit/cockpit.conf file. NOTE: The previous settings file will be lost.

cockpit_port: (default: 9090)

The web console runs on port 9090 by default. You can change the port using this option.

cockpit_manage_firewall: (default: false)

Allows the cockpit role to control the firewall role to add ports. It cannot be used for removing ports. If you want to remove ports, you will need to use the firewall system role directly.

cockpit_manage_selinux: (default: false)

Allows the cockpit role to configure SELinux using the selinux role. The default SELinux policy does not allow Cockpit to listen on anything other than port 9090. If you change the port, set this option to true so that the selinux role can set the correct port permissions (websm_port_t).

cockpit_certificates: (default: nothing)

Allows the cockpit role to generate new certificates using the certificate role. The value of cockpit_certificates is passed on to the certificate_requests variable of the certificate role. This role is called internally by the cockpit role and it generates the private key and certificate.

Additional resources

26.3. Installing the web console by using the cockpit RHEL System Role

You can use the cockpit System Role to install and enable the RHEL web console.

By default, the RHEL web console uses a self-signed certificate. For security reasons, you can specify a certificate that was issued by a trusted certificate authority instead.

In this example, you use the cockpit System Role to:

  • Install the RHEL web console.
  • Allow the web console to manage firewalld.
  • Set the web console to use a certificate from the ipa trusted certificate authority instead of using a self-signed certificate.
  • Set the web console to use a custom port 9050.
Note

You do not have to call the firewall or certificate System Roles in the playbook to manage the Firewall or create the certificate. The cockpit System Role calls them automatically as needed.

Prerequisites

  • Access and permissions to one or more managed nodes.
  • Access and permissions to a control node.

    On the control node:

    • Red Hat Ansible Engine is installed.
    • The rhel-system-roles package is installed.
    • An inventory file exists that lists the managed nodes.

Procedure

  1. Create a new playbook.yml file with the following content:

    ---
    - hosts: all
      tasks:
        - name: Install RHEL web console
          include_role:
            name: rhel-system-roles.cockpit
          vars:
            cockpit_packages: default
            #cockpit_packages: minimal
            #cockpit_packages: full
            cockpit_port:9050
            cockpit_manage_selinux: true
            cockpit_manage_firewall: true
            cockpit_certificates:
              - name: /etc/cockpit/ws-certs.d/01-certificate
                dns: ['localhost', 'www.example.com']
                ca: ipa
                group: cockpit-ws
  2. Optional: Verify the playbook syntax:

    # ansible-playbook --syntax-check -i inventory_file playbook.yml
  3. Run the playbook on your inventory file:

    # ansible-playbook -i inventory_file /path/to/file/playbook.yml
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.