Chapter 7. Installing and configuring web console with the cockpit RHEL system role
With the cockpit
RHEL system role, you can install and configure the web console in your system.
7.1. The cockpit
system role
You can use the cockpit
system role to automatically deploy and enable the web console and thus be able to manage your RHEL systems from a web browser.
7.2. Variables of the cockpit
RHEL system role
The parameters used for the cockpit
RHEL system roles are:
Role Variable | Description |
---|---|
cockpit_packages: (default: default) | Sets one of the predefined package sets: default, minimal, or full. * cockpit_packages: (default: default) - most common pages and on-demand install UI * cockpit_packages: (default: minimal) - just the Overview, Terminal, Logs, Accounts, and Metrics pages; minimal dependencies * cockpit_packages: (default: full) - all available pages Optionally, specify your own selection of cockpit packages you want to install. |
cockpit_enabled: (default:true) | Configures if the web console web server is enabled to start automatically at boot |
cockpit_started: (default:true) | Configures if the web console should be started |
cockpit_config: (default: nothing) |
You can apply settings in the |
cockpit_port: (default: 9090) | The web console runs on port 9090 by default. You can change the port using this option. |
cockpit_manage_firewall: (default: false) |
Allows the |
cockpit_manage_selinux: (default: false) |
Allows the |
cockpit_certificates: (default: nothing) |
Allows the |
Additional resources
-
/usr/share/ansible/roles/rhel-system-roles.cockpit/README.md
file -
/usr/share/doc/rhel-system-roles/cockpit/
directory - `cockpit.conf(5) man page
7.3. Installing the web console by using the cockpit
RHEL system role
You can use the cockpit
system role to install and enable the RHEL web console.
By default, the RHEL web console uses a self-signed certificate. For security reasons, you can specify a certificate that was issued by a trusted certificate authority instead.
In this example, you use the cockpit
system role to:
- Install the RHEL web console.
-
Allow the web console to manage
firewalld
. -
Set the web console to use a certificate from the
ipa
trusted certificate authority instead of using a self-signed certificate. - Set the web console to use a custom port 9050.
You do not have to call the firewall
or certificate
system roles in the playbook to manage the Firewall or create the certificate. The cockpit
system role calls them automatically as needed.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudo
permissions on them.
Procedure
Create a playbook file, for example
~/playbook.yml
, with the following content:--- - name: Manage the RHEL web console hosts: managed-node-01.example.com tasks: - name: Install RHEL web console ansible.builtin.include_role: name: rhel-system-roles.cockpit vars: cockpit_packages: default cockpit_port:9050 cockpit_manage_selinux: true cockpit_manage_firewall: true cockpit_certificates: - name: /etc/cockpit/ws-certs.d/01-certificate dns: ['localhost', 'www.example.com'] ca: ipa group: cockpit-ws
Validate the playbook syntax:
$ ansible-playbook --syntax-check ~/playbook.yml
Note that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook ~/playbook.yml
Additional resources
-
/usr/share/ansible/roles/rhel-system-roles.cockpit/README.md
file -
/usr/share/doc/rhel-system-roles/cockpit
directory - Requesting certificates using RHEL system roles.