Chapter 2. Installing and configuring web console by using RHEL system roles
With the cockpit
RHEL system role, you can automatically deploy and enable the web console on multiple RHEL systems.
2.1. Installing the web console by using the cockpit
RHEL system role
You can use the cockpit
system role to automate installing and enabling the RHEL web console on multiple systems.
In this example, you use the cockpit
system role to:
- Install the RHEL web console.
- Configure the web console to use a custom port number (9050/tcp). By default, the web console uses port 9090.
-
Allow the
firewalld
andselinux
system roles to configure the system for opening new ports. -
Set the web console to use a certificate from the
ipa
trusted certificate authority instead of using a self-signed certificate.
You do not have to call the firewall
or certificate
system roles in the playbook to manage the firewall or create the certificate. The cockpit
system role calls them automatically as needed.
Prerequisites
- You have prepared the control node and the managed nodes
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudo
permissions on them.
Procedure
Create a playbook file, for example,
~/playbook.yml
, with the following content:--- - name: Manage the RHEL web console hosts: managed-node-01.example.com tasks: - name: Install RHEL web console ansible.builtin.include_role: name: rhel-system-roles.cockpit vars: cockpit_packages: default cockpit_port: 9050 cockpit_manage_selinux: true cockpit_manage_firewall: true cockpit_certificates: - name: /etc/cockpit/ws-certs.d/01-certificate dns: ['localhost', 'www.example.com'] ca: ipa
The settings specified in the example playbook include the following:
cockpit_manage_selinux: true
-
Allow using the
selinux
system role to configure SELinux for setting up the correct port permissions on thewebsm_port_t
SELinux type. cockpit_manage_firewall: true
-
Allow the
cockpit
system role to use thefirewalld
system role for adding ports. cockpit_certificates: <YAML_dictionary>
By default, the RHEL web console uses a self-signed certificate. Alternatively, you can add the
cockpit_certificates
variable to the playbook and configure the role to request certificates from an IdM certificate authority (CA) or to use an existing certificate and private key that is available on the managed node.For details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.cockpit/README.md
file on the control node.
Validate the playbook syntax:
$ ansible-playbook --syntax-check ~/playbook.yml
Note that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook ~/playbook.yml
Additional resources
-
/usr/share/ansible/roles/rhel-system-roles.cockpit/README.md
file -
/usr/share/doc/rhel-system-roles/cockpit
directory - Requesting certificates using RHEL system roles