Procedure

1. If the web console is not installed by default on your installation variant, manually install the cockpit package:

   # yum install cockpit

2. Enable and start the cockpit.socket service, which runs a web server:

   # systemctl enable --now cockpit.socket

3. If the web console was not installed by default on your installation variant and you are using a custom firewall profile, add the cockpit service to firewalld to open port 9090 in the firewall:

   # firewall-cmd --add-service=cockpit --permanent
   # firewall-cmd --reload

Verification steps

1. To verify the previous installation and configuration, open the web console.

Procedure

1. Open the web console in your web browser:

   • Locally: https://localhost:9090
   • Remotely with the server’s hostname: https://example.com:9090

   • Remotely with the server’s IP address: https://192.0.2.2:9090

     If you use a self-signed certificate, the browser issues a warning. Check the certificate and accept the security exception to proceed with the login.

     The console loads a certificate from the /etc/cockpit/ws-certs.d directory and uses the last file with a .cert extension in alphabetical order. To avoid having to grant security exceptions, install a certificate signed by a certificate authority (CA).

2. In the login screen, enter your system user name and password.

   

3. Optionally, click the Reuse my password for privileged tasks option.

   If the user account you are using to log in has sudo privileges, this makes it possible to perform privileged tasks in the web console, such as installing software or configuring SELinux.

4. Click Log In.

Procedure

1. Open your web browser.

2. Type the remote server’s address in one of the following formats:

   1. With the server’s host name: server.hostname.example.com:port_number
   2. With the server’s IP address: server.IP_address:port_number
3. After the login interface opens, log in with your RHEL machine credentials.

Procedure

1. Open the RHEL web console in your browser:

   • Locally: https://localhost:PORT_NUMBER
   • Remotely with the server hostname: https://example.com:PORT_NUMBER

   • Remotely with the server IP address: https://EXAMPLE.SERVER.IP.ADDR:PORT_NUMBER

     If you use a self-signed certificate, the browser issues a warning. Check the certificate and accept the security exception to proceed with the login.

     The console loads a certificate from the /etc/cockpit/ws-certs.d directory and uses the last file with a .cert extension in alphabetical order. To avoid having to grant security exceptions, install a certificate signed by a certificate authority (CA).

2. The Login window opens. In the Login window, enter your system user name and password.
3. Generate a one-time password on your device.
4. Enter the one-time password into a new field that appears in the web console interface after you confirm your password.
5. Click Log in.
6. Successful login takes you to the Overview page of the web console interface.

Procedure

1. Log into the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Overview.

3. Click the Restart restart button.

   

4. If any users are logged into the system, write a reason for the restart in the Restart dialog box.

5. Optional: In the Delay drop down list, select a time interval.

   

6. Click Restart.

Procedure

1. Log into the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Overview.

3. In the Restart drop down list, select Shut Down.

   

4. If any users are logged in to the system, write a reason for the shutdown in the Shut Down dialog box.
5. Optional: In the Delay drop down list, select a time interval.
6. Click Shut Down.

Procedure

1. Log in to the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click the current system time in Overview.

   

3. In the Change System Time dialog box, change the time zone if necessary.

4. In the Set Time drop down menu, select one of the following:

   Manually

   Use this option if you need to set the time manually, without an NTP server.

   Automatically using NTP server

   This is a default option, which synchronizes time automatically with the preset NTP servers.

   Automatically using specific NTP servers

   Use this option only if you need to synchronize the system with a specific NTP server. Specify the DNS name or the IP address of the server.

5. Click Change.

   

Procedure

1. Log into the RHEL web console.

   For details, see Logging in to the web console.

2. Open the System tab.

3. Click Join Domain.

   

4. In the Join a Domain dialog box, enter the host name of the IdM server in the Domain Address field.

5. In the Authentication drop down list, select if you want to use a password or a one-time password for authentication.

   

6. In the Domain Administrator Name field, enter the user name of the IdM administration account.
7. In the password field, add the password or one-time password according to what you selected in the Authentication drop down list earlier.

8. Click Join.

   

Verification steps

1. If the RHEL 8 web console did not display an error, the system has been joined to the IdM domain and you can see the domain name in the System screen.

2. To verify that the user is a member of the domain, click the Terminal page and type the id command:

   $ id
   euid=548800004(example_user) gid=548800004(example_user) groups=548800004(example_user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Procedure

1. Log in to the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click System.

3. In the Hardware item, click the hardware information.

   

4. In the CPU Security item, click Mitigations.

   If this link is not present, it means that your system does not support SMT, and therefore is not vulnerable.

5. In the CPU Security Toggles, switch on the Disable simultaneous multithreading (nosmt) option.

   

6. Click on the Save and reboot button.

Procedure

1. Create the /etc/issue.cockpit file in a text editor of your preference if you do not have it yet. Add the content you want to display as the banner to the file.

   Do not include any macros in the file as there is no re-formatting done between the file content and the displayed content. Use intended line breaks. It is possible to use ASCII art.

2. Save the file.

3. Open or create the cockpit.conf file in the /etc/cockpit/ directory in a text editor of your preference.

   $ sudo vi cockpit.conf

4. Add the following text to the file:

   [Session]
   Banner=/etc/issue.cockpit

5. Save the file.

6. Restart the web console for changes to take effect.

   # systemctl try-restart cockpit

Procedure

1. Open or create the cockpit.conf file in the /etc/cockpit/ directory in a text editor of your preference.

   $ sudo vi cockpit.conf

2. Add the following text to the file:

   [Session]
   IdleTimeout=X

   Substitute X with a number for a time period of your choice in minutes.

3. Save the file.

4. Restart the web console for changes to take effect.

   # systemctl try-restart cockpit

Procedure

1. Log into the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Overview.

3. Click edit next to the current host name.

   

4. In the Change Host Name dialog box, enter the host name in the Pretty Host Name field.

5. The Real Host Name field attaches a domain name to the pretty name.

   You can change the real host name manually if it does not correspond with the pretty host name.

6. Click Change.

   

Verification steps

1. Log out from the web console.

2. Reopen the web console by entering an address with the new host name in the address bar of your browser.

   

Procedure

1. Log into the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Overview.

3. In the Performance Profile field, click the current performance profile.

   

4. In the Change Performance Profile dialog box, change the profile if necessary.

5. Click Change Profile.

   

Procedure

1. Log in to the RHEL web console.

   For details, see Logging in to the web console.

2. Click Logs.

   

3. Open log entry details by clicking on your selected log entry in the list.

Procedure

1. Log in to the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Logs.

3. By default, web console shows the latest log entries. To filter by a specific time range, click the Time drop-down menu and choose a preferred option.

   

4. Error and above severity logs list is shown by default. To filter by different priority, click the Error and above drop-down menu and choose a preferred priority.

   

5. By default, web console shows logs for all identifiers. To filter logs for a particular identifier, click the All drop-down menu and select an identifier.

   

6. To open a log entry, click on a selected log.

1. Type identifier:systemd since:2020-10-22 JOB_TYPE=start,restart to search field.

2. Check the results.

   

1. Type service:cockpit boot:-1 error|fail to the search field.

2. Check the results.

   

Procedure

1. Log in to the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Logs.

3. Use the drop-down menus to specify the three main quantifiers - time range, priority, and identifier(s) - you want to filter.

   The Priority quantifier always has to have a value. If you do not specify it, it automatically filters the Error and above priority. Notice that the options you set reflect in the text search box.

4. Specify the log field you want to filter.

   It is possible to add several log fields.

5. You can use a free-form string to search for anything else. The search box also accepts regular expressions.

Procedure

1. Log in to the RHEL web console.
2. Click Accounts.

3. Click Create New Account.

   

4. In the Full Name field, enter the full name of the user.

   The RHEL web console automatically suggests a user name from the full name and fills it in the User Name field. If you do not want to use the original naming convention consisting of the first letter of the first name and the whole surname, update the suggestion.

5. In the Password/Confirm fields, enter the password and retype it for verification that your password is correct. The color bar placed below the fields shows you security level of the entered password, which does not allow you to create a user with a weak password.

   

6. Click Create to save the settings and close the dialog box.
7. Select the newly created account.
8. Select Server Administrator in the Roles item.

Procedure

1. Log in to the RHEL 8 web console interface.
2. Click Accounts.
3. Select the user account for which to enforce password expiration.
4. In the user account settings, click Never expire password.

5. In the Password Expiration dialog box, select Require password change every …​ days and enter a positive whole number representing the number of days when the password expires.

   

6. Click Change.

Procedure

1. Log in to the RHEL 8 web console.
2. Click Accounts.
3. Click the user account for which you want to terminate the session.

4. Click the Terminate Session button.

   

1. Log in to the RHEL web console with administrator privileges.

   For details, see Logging in to the web console.

2. Click Services in the web console menu on the left.

3. The default tab for Services is System Services. If you want to manage targets, sockets, timers, or paths, switch to the respective tab in the menu on top.

   

4. To open service settings, click on a selected service from the list. You can tell which services are active or inactive by checking the State column.

5. Activate or deactivate a service:

   • To activate an inactive service, click the Start button.

     

   • To deactivate an active service, click the Stop button.

     

1. Log in to the RHEL web console with administrator privileges.

   For details, see Logging in to the web console.

2. Click Services in the web console menu on the left.

3. The default tab for Services is System Services. If you want to manage targets, sockets, timers, or paths, switch to the respective tab in the menu on top.

   

4. To open service settings, click on a selected service from the list.

5. To restart a service, click the Restart button.

   

Procedure

1. Log in to the web console.

   For details, see Logging in to the web console.

2. Open Networking.
3. Click the Add Bond button.
4. In the Bond Settings dialog box, enter a name for the new bond.
5. In the Members field, select interfaces which should be a member of the bond.

6. [Optional] In the MAC drop down list, select a MAC address which will be used for this interface.

   If you leave the MAC field empty, the bond will get one of the addresses that are listed in the drop down list.

7. In the Mode drop down list, select the mode.

   For details, see network bond modes

8. If you select Active Backup, select the primary interface.

   

9. In the Link Monitoring drop down menu, leave here the MII option.

   Only the adaptive load balancing mode requires to switch this option to ARP.

10. The Monitoring Interval, Link up delay, and Link down delay fields, which contain values in milliseconds, leave as they are. Change it only for a troubleshooting purpose.

11. Click Apply.

    

Procedure

1. Log in to the web console.

   For details, see Logging in to the web console.

2. Open Networking.
3. In the Interfaces table, click on the bond you want to configure.
4. In the bond settings screen, scroll down to the table of members (interfaces).
5. Click the + icon.

6. Select the interface in the drop down list and click it.

   

Procedure

1. Log in to the RHEL web console.

   For details, see Logging in to the web console.

2. Open Networking.
3. Click the bond you want to configure.
4. In the bond settings screen, scroll down to the table of ports (interfaces).

5. Select the interface and and remove or disable it:

   • Click the - icon to remove the interface.
   • Switch the ON/OFF button to Off.

   

Procedure

1. Log in to the web console.

   For details, see Logging in to the web console.

2. Open Networking.
3. Click the bond you want to remove.

4. In the bond settings screen, you can disable the bond with the ON/OFF button or click the Delete button to remove the bond permanently.

   

Procedure

1. Log in to the web console.

   For details, see Logging in to the web console

2. Go to the Networking tab.
3. Click the Add Team button.

4. In the Team Settings area, configure parameters for the new team:

   1. Add a name for your team device to the Name field.
   2. In the Ports field, select all network interfaces you want to add to the team.
   3. In the Runner drop down menu, select the runner.

   4. In the Link Watch drop down menu select a link watcher.

      1. If you select Ethtool, additionally, set a link up delay and a link down delay.
      2. If you select ARP Ping or NSNA Ping, additionally, set a ping interval and ping target.

5. Click Apply

   

Verification steps

1. Go to the Networking tab and check if the Sending and Receiving columns in the Interfaces table display a network activity.

   

Procedure

1. Log in to the web console.

   For details, see Logging in to the web console.

2. Switch to the Networking tab.
3. In the Interfaces table, click on the team you want to configure.
4. In the team settings window, scroll down to the Ports table.
5. Click on the + icon.

6. Select the interface you wish to add from the drop down list.

   

Procedure

1. Log in to the RHEL web console.

   For details, see Logging in to the web console.

2. Switch to the Networking tab.
3. Click the team you want to configure.
4. In the team settings window, scroll down to the table of ports (interfaces).

5. Select an interface and remove or disable it.

   1. Switch the ON/OFF button to Off to disable the interface.

   2. Click the - icon to remove the interface.

      

Procedure

1. Log in to the web console.

   For details, see Logging in to the web console.

2. Switch to the Networking tab.
3. Click the team you wish to remove or disable.

4. Remove or disable the selected team.

   1. You can remove the team by clicking the Delete button.

   2. You can disable the team by moving the ON/OFF switch to a disabled position.

      

Procedure

1. Log in to the RHEL web console.

   For details, see Logging in to the web console.

2. Open Networking.

3. Click the Add Bridge button.

   

4. In the Bridge Settings dialog box, enter a name for the new bridge.
5. In the Port field, select interfaces which you want to put to the one subnet.

6. Optionally, you can select the Spanning Tree protocol (STP) to avoid bridge loops and broadcast radiation.

   If you do not have a strong preference, leave the predefined values as they are.

   

7. Click Create.

Procedure

1. Log in to the RHEL web console.

   For details, see Logging in to the web console.

2. Open the Networking section.

3. Click the interface where you want to set the static IP address.

   

4. In the interface details screen, click the IPv4 configuration.

   

5. In the IPv4 Settings dialog box, select Manual in the Addresses drop down list.

   

6. Click Apply.

7. In the Addresses field, enter the desired IP address, netmask and gateway.

   

8. Click Apply.

Procedure

1. Log in to the RHEL web console.

   For details, see Logging in to the web console.

2. Open Networking.

3. Click the bridge you want to configure.

   

4. In the bridge settings screen, scroll down to the table of ports (interfaces).

   

5. Select the interface and click the - icon.

Procedure

1. Log in to the RHEL web console.

   For details, see Logging in to the web console.

2. Open the Networking section.

3. Click the bridge you want to configure.

   

4. In the bridge settings screen, scroll down to the table of ports.

   

5. Click Delete.

Procedure

1. To add a new port number, run the following command:

   $ sudo firewall-cmd --permanent --service cockpit --add-port=PORT_NUMBER/tcp

2. To remove the old port number from the cockpit service, run:

   $ sudo firewall-cmd --permanent --service cockpit --remove-port=OLD_PORT_NUMBER/tcp

Procedure

1. Change the listening port with one of the following methods:

   1. Using the systemctl edit cockpit.socket command:

      1. Run the following command:

         $ sudo systemctl edit cockpit.socket

         This will open the /etc/systemd/system/cockpit.socket.d/override.conf file.

      2. Modify the content of override.conf or add a new content in the following format:

         [Socket]
         ListenStream=
         ListenStream=PORT_NUMBER

   2. Alternatively, add the above mentioned content to the /etc/systemd/system/cockpit.socket.d/listen.conf file.

      Create the cockpit.socket.d. directory and the listen.conf file if they do not exist yet.

2. Run the following commands for changes to take effect:

   $ sudo systemctl daemon-reload
   $ sudo systemctl restart cockpit.socket

   If you used systemctl edit cockpit.socket in the previous step, running systemctl daemon-reload is not necessary.

Procedure

1. Log in to the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Open the Networking section.

3. In the Firewall section, click ON to run the firewall.

   

   If you do not see the Firewall box, log in to the web console with the administration privileges.

Procedure

1. Log in to the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Open the Networking section.

3. In the Firewall section, click OFF to stop it.

   

   If you do not see the Firewall box, log in to the web console with the administration privileges.

Procedure

1. Log in to the RHEL web console with administration privileges.

   For details, see Logging in to the web console.

2. Click Networking.

3. Click on the Firewall box title.

   

   If you do not see the Firewall box, log in to the web console with the administrator privileges.

4. In the Firewall section, click Add Services.
5. Click on the Add Zone button.

6. In the Add Zone dialog box, select a zone from the Trust level scale.

   You can see here all zones predefined in the firewalld service.

7. In the Interfaces part, select an interface or interfaces on which the selected zone is applied.

8. In the Allowed Addresses part, you can select whether the zone is applied on:

   • the whole subnet

   • or a range of IP addresses in the following format:

     • 192.168.1.0
     • 192.168.1.0/24
     • 192.168.1.0/24, 192.168.1.0

9. Click on the Add zone button.

   

Procedure

1. Log in to the RHEL web console with administrator privileges.

   For details, see Logging in to the web console.

2. Click Networking.

3. Click on the Firewall box title.

   

   If you do not see the Firewall box, log in to the web console with the administrator privileges.

4. In the Firewall section, click Add Services.

   

5. In the Add Services dialog box, select a zone for which you want to add the service.

   The Add Services dialog box includes a list of active firewall zones only if the system includes multiple active zones.

   If the system uses just one (the default) zone, the dialog does not include zone settings.

6. In the Add Services dialog box, find the service you want to enable on the firewall.

7. Enable desired services.

   

8. Click Add Services.

Procedure

1. Log in to the RHEL web console with administrator privileges.

   For details, see Logging in to the web console.

2. Click Networking.

3. Click on the Firewall box title.

   

   If you do not see the Firewall box, log in to the web console with the administration privileges.

4. In the Firewall section, click Add Services.

   

5. In the Add Services dialog box, select a zone for which you want to add the service.

   The Add Services dialog box includes a list of active firewall zones only if the system includes multiple active zones.

   If the system uses just one (the default) zone, the dialog does not include zone settings.

6. In the Add Ports dialog box, click on the Custom Ports radio button.

7. In the TCP and UDP fields, add ports according to examples. You can add ports in the following formats:

   • Port numbers such as 22
   • Range of port numbers such as 5900-5910
   • Aliases such as nfs, rsync
   Note

   You can add multiple values into each field. Values must be separated with the comma and without the space, for example: 8080,8081,http

8. After adding the port number in the TCP and/or UDP fields, verify the service name in the Name field.

   The Name field displays the name of the service for which is this port reserved. You can rewrite the name if you are sure that this port is free to use and no server needs to communicate on this port.

9. In the Name field, add a name for the service including defined ports.

10. Click on the Add Ports button.

    

Procedure

1. Log in to the RHEL web console with administrator privileges.

   For details, see Logging in to the web console.

2. Click Networking.

3. Click on the Firewall box title.

   

   If you do not see the Firewall box, log in to the web console with the administrator privileges.

4. On the Active zones table, click on the Delete icon at the zone you want to remove.

   

Procedure

1. Log in to the RHEL web console.

   For details, see Logging in to the web console.

2. Click on the Storage tab.

Procedure

1. Log in to the RHEL web console.

   For details, see Logging in to the web console.

2. Click the Storage tab.
3. In the Other Devices table, click a volume in which you want to create the partition.
4. In the Content section, click the Create Partition button.
5. In the Create partition dialog box, select the size of the new partition.

6. In the Erase drop down menu, select:

   • Don’t overwrite existing data — the RHEL web console rewrites only the disk header. Advantage of this option is speed of formatting.
   • Overwrite existing data with zeros — the RHEL web console rewrites the whole disk with zeros. This option is slower because the program has to go through the whole disk, but it is more secure. Use this option if the disk includes any data and you need to overwrite it.

7. In the Type drop down menu, select a file system:

   • XFS file system supports large logical volumes, switching physical drives online without outage, and growing an existing file system. Leave this file system selected if you do not have a different strong preference.

   • ext4 file system supports:

     • Logical volumes
     • Switching physical drives online without outage
     • Growing a file system
     • Shrinking a file system

   Additional option is to enable encryption of partition done by LUKS (Linux Unified Key Setup), which allows you to encrypt the volume with a passphrase.

8. In the Name field, enter the logical volume name.

9. In the Mounting drop down menu, select Custom.

   The Default option does not ensure that the file system will be mounted on the next boot.

10. In the Mount Point field, add the mount path.
11. Select Mount at boot.

12. Click the Create partition button.

    

    Formatting can take several minutes depending on the volume size and which formatting options are selected.

    After the formatting has completed successfully, you can see the details of the formatted logical volume on the Filesystem tab.

Procedure

1. Log in to the RHEL web console.

   For details, see Logging in to the web console.

2. Click on the Storage tab.
3. In the Filesystems table, select a volume in which you want to delete the partition.

4. In the Content section, click on the partition you want to delete.

   

5. The partition rolls down and you can click on the Delete button.

   

   The partition must not be mounted and used.

Procedure

1. Log in to the RHEL web console.

   For details, see Logging in to the web console.

2. Click on the Storage tab.
3. In the Filesystems table, select a volume in which you want to delete the partition.
4. In the Content section, click on the partition whose file system you want to mount or unmount.

5. Click on the Mount or Unmount button.

   

Procedure

1. Log in to the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Storage.

3. Click + in the NFS mounts section.

   

4. In the New NFS Mount dialog box, enter the server or IP address of the remote server.
5. In the Path on Server field, enter the path to the directory you want to mount.
6. In the Local Mount Point field, enter the path where you want to find the directory in your local system.
7. Select Mount at boot. This ensures that the directory will be reachable also after the restart of the local system.

8. Optionally, select Mount read only if you do not want to change the content.

   

9. Click Add.

Procedure

1. Log in to the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Storage.
3. Click on the NFS mount you want to adjust.

4. If the remote directory is mounted, click Unmount.

   The directory must not be mounted during the custom mount options configuration. Otherwise the web console does not save the configuration and this will cause an error.

   

5. Click Edit.

   

6. In the NFS Mount dialog box, select Custom mount option.

7. Enter mount options separated by a comma. For example:

   • nfsvers=4 — the NFS protocol version number
   • soft — type of recovery after an NFS request times out
   • sec=krb5 — files on the NFS server can be secured by Kerberos authentication. Both the NFS client and server have to support Kerberos authentication.

   

   For a complete list of the NFS mount options, enter man nfs in the command line.

8. Click Apply.
9. Click Mount.

Procedure

1. Open the RHEL 8 web console.
2. Click Storage.

3. Click the + icon in the RAID Devices box.

   

4. In the Create RAID Device dialog box, enter a name for a new RAID.
5. In the RAID Level drop-down list, select a level of RAID you want to use.

6. In the Chunk Size drop-down list, leave the predefined value as it is.

   The Chunk Size value specifies how large is each block for data writing. If the chunk size is 512 KiB, the system writes the first 512 KiB to the first disk, the second 512 KiB is written to the second disk, and the third chunk will be written to the third disk. If you have three disks in your RAID, the fourth 512 KiB will be written to the first disk again.

7. Select disks you want to use for RAID.

   

8. Click Create.

Procedure

1. Open the RHEL 8 web console.
2. Click Storage.
3. In the RAID devices box, choose the RAID you want to format by clicking on it.
4. In the RAID details screen, scroll down to the Content part.

5. Click to the newly created RAID.

   

6. Click the Format button.

7. In the Erase drop-down list, select:

   • Don’t overwrite existing data — the RHEL web console rewrites only the disk header. Advantage of this option is speed of formatting.
   • Overwrite existing data with zeros — the RHEL web console rewrites the whole disk with zeros. This option is slower because the program has to go through the whole disk. Use this option if the RAID includes any data and you need to rewrite it.
8. In the Type drop-down list, select a XFS file system, if you do not have another strong preference.
9. Enter a name of the file system.

10. In the Mounting drop down list, select Custom.

    The Default option does not ensure that the file system will be mounted on the next boot.

11. In the Mount Point field, add the mount path.
12. Select Mount at boot.

13. Click the Format button.

    Formatting can take several minutes depending on the used formatting options and size of RAID.

    After successful finish, you can see the details of the formatted RAID on the Filesystem tab.

    

14. To use the RAID, click Mount.

Procedure

1. Open the RHEL 8 web console.
2. Click Storage.
3. In the RAID devices box, select the RAID you want to edit.
4. In the RAID details screen, scroll down to the Content part.

5. Click to the newly created RAID.

   

6. Click the Create partition table button.

7. In the Erase drop-down list, select:

   • Don’t overwrite existing data — the RHEL web console rewrites only the disk header. Advantage of this option is speed of formatting.
   • Overwrite existing data with zeros — the RHEL web console rewrites the whole RAID with zeros. This option is slower because the program has to go through the whole RAID. Use this option if RAID includes any data and you need to rewrite it.

8. In the Partitioning drop-down list, select:

   • Compatible with modern system and hard disks > 2TB (GPT) — GUID Partition Table is a modern recommended partitioning system for large RAIDs with more than four partitions.

   • Compatible with all systems and devices (MBR) — Master Boot Record works with disks up to 2 TB in size. MBR also support four primary partitions max.

     

9. Click Format.

Procedure

1. Open the RHEL 8 web console.
2. Click Storage.
3. In the RAID devices box, click to the RAID you want to edit.
4. In the RAID details screen, scroll down to the Content part.
5. Click to the newly created RAID.
6. Click Create Partition.
7. In the Create partition dialog box, set up the size of the first partition.

8. In the Erase drop-down list, select:

   • Don’t overwrite existing data — the RHEL web console rewrites only the disk header. Advantage of this option is speed of formatting.
   • Overwrite existing data with zeros — the RHEL web console rewrites the whole RAID with zeros. This option is slower because the program have to go through the whole RAID. Use this option if RAID includes any data and you need to rewrite it.
9. In the Type drop-down list, select a XFS file system, if you do not have another strong preference.
10. Enter any name for the file system. Do not use spaces in the name.

11. In the Mounting drop down list, select Custom.

    The Default option does not ensure that the file system will be mounted on the next boot.

12. In the Mount Point field, add the mount path.
13. Select Mount at boot.

14. Click Create partition.

    

Procedure

1. Open the RHEL 8 web console.
2. Click Storage.
3. Click the + icon in the Volume Groups box.
4. In the Create Volume Group dialog box, enter a name for the new volume group.

5. In the Disks list, select a RAID device.

   If you do not see the RAID in the list, unmount the RAID from the system. The RAID device must not be used by the RHEL 8 system.

   

6. Click Create.

Procedure

1. Log in to the RHEL 8 web console.
2. Click Storage.

3. Click the + icon in the Volume Groups box.

   

4. In the Name field, enter a name of a group without spaces.

5. Select the drives you want to combine to create the volume group.

   

   It might happen that you cannot see devices as you expected. The RHEL web console displays only unused block devices. Used devices means, for example:

   • Devices formatted with a file system
   • Physical volumes in another volume group

   • Physical volumes being a member of another software RAID device

     If you do not see the device, format it to be empty and unused.

6. Click Create.

Procedure

1. Log in to the RHEL 8 web console.
2. Click Storage.
3. Click the volume group in which you want to create logical volumes.
4. Click Create new Logical Volume.
5. In the Name field, enter a name for the new logical volume without spaces.

6. In the Purpose drop down menu, select Block device for filesystems.

   This configuration enables you to create a logical volume with the maximum volume size which is equal to the sum of the capacities of all drives included in the volume group.

   

7. Define the size of the logical volume. Consider:

   • How much space the system using this logical volume will need.
   • How many logical volumes you want to create.

   You do not have to use the whole space. If necessary, you can grow the logical volume later.

   

8. Click Create.

Procedure

1. Log in to the RHEL web console.
2. Click Storage.
3. Click the volume group in which the logical volume is placed.
4. Click the logical volume.

5. Click on the Unrecognized Data tab.

   

6. Click Format.

7. In the Erase drop down menu, select:

   • Don’t overwrite existing data — the RHEL web console rewrites only the disk header. Advantage of this option is speed of formatting.
   • Overwrite existing data with zeros — the RHEL web console rewrites the whole disk with zeros. This option is slower because the program have to go through the whole disk. Use this option if the disk includes any data and you need to overwrite it.

8. In the Type drop down menu, select a file system:

   • XFS file system supports large logical volumes, switching physical drives online without outage, and growing an existing file system. Leave this file system selected if you do not have a different strong preference.

     XFS does not support reducing the size of a volume formatted with an XFS file system

   • ext4 file system supports:

     • Logical volumes
     • Switching physical drives online without outage
     • Growing a file system
     • Shrinking a file system

   You can also select a version with the LUKS (Linux Unified Key Setup) encryption, which allows you to encrypt the volume with a passphrase.

9. In the Name field, enter the logical volume name.

10. In the Mounting drop down menu, select Custom.

    The Default option does not ensure that the file system will be mounted on the next boot.

11. In the Mount Point field, add the mount path.

12. Select Mount at boot.

    

13. Click Format.

    Formatting can take several minutes depending on the volume size and which formatting options are selected.

    After the formatting has completed successfully, you can see the details of the formatted logical volume on the Filesystem tab.

    

14. To use the logical volume, click Mount.

1. Log in to the RHEL web console.
2. Click Storage.
3. Click the volume group in which the logical volume is placed.
4. Click the logical volume.
5. On the Volume tab, click Grow.

6. In the Grow Logical Volume dialog box, adjust volume space.

   

7. Click Grow.

Procedure

1. Log in to the RHEL 8 web console.
2. Click Storage.
3. Click the volume group in which you want to create thin volumes.
4. Click Create new Logical Volume.
5. In the Name field, enter a name for the new pool of thin volumes without spaces.

6. In the Purpose drop down menu, select Pool for thinly provisioned volumes. This configuration enables you to create the thin volume.

   

7. Define the size of the pool of thin volumes. Consider:

   • How many thin volumes you will need in this pool?
   • What is the expected size of each thin volume?

   You do not have to use the whole space. If necessary, you can grow the pool later.

   

8. Click Create.

   The pool for thin volumes has been created and you can add thin volumes.

Procedure

1. Log in to the RHEL 8 web console.
2. Click Storage.
3. Click the volume group in which you want to create thin volumes.
4. Click the desired pool.

5. Click Create Thin Volume.

   

6. In the Create Thin Volume dialog box, enter a name for the thin volume without spaces.

7. Define the size of the thin volume.

   

8. Click Create.

Procedure

1. Log in to the RHEL web console.
2. Click Storage.
3. Click the volume group in which the logical volume is placed.
4. Click the logical volume.

5. Click on the Unrecognized Data tab.

   

6. Click Format.

7. In the Erase drop down menu, select:

   • Don’t overwrite existing data — the RHEL web console rewrites only the disk header. Advantage of this option is speed of formatting.
   • Overwrite existing data with zeros — the RHEL web console rewrites the whole disk with zeros. This option is slower because the program have to go through the whole disk. Use this option if the disk includes any data and you need to overwrite it.

8. In the Type drop down menu, select a file system:

   • XFS file system supports large logical volumes, switching physical drives online without outage, and growing an existing file system. Leave this file system selected if you do not have a different strong preference.

     XFS does not support reducing the size of a volume formatted with an XFS file system

   • ext4 file system supports:

     • Logical volumes
     • Switching physical drives online without outage
     • Growing a file system
     • Shrinking a file system

   You can also select a version with the LUKS (Linux Unified Key Setup) encryption, which allows you to encrypt the volume with a passphrase.

9. In the Name field, enter the logical volume name.

10. In the Mounting drop down menu, select Custom.

    The Default option does not ensure that the file system will be mounted on the next boot.

11. In the Mount Point field, add the mount path.

12. Select Mount at boot.

    

13. Click Format.

    Formatting can take several minutes depending on the volume size and which formatting options are selected.

    After the formatting has completed successfully, you can see the details of the formatted logical volume on the Filesystem tab.

    

14. To use the logical volume, click Mount.

Procedure

1. Log in to the RHEL 8 web console.
2. Click Storage.
3. In the Volume Groups box, click the volume group in which you want to add a physical volume.

4. In the Physical Volumes box, click the + icon.

   

5. In the Add Disks dialog box, select the preferred drive and click Add.

   

1. Log in to the RHEL 8 web console.
2. Click Storage.
3. Click the volume group in which you have the logical volume.
4. In the Physical Volumes section, locate the preferred volume.

5. Click the - icon.

   The RHEL 8 web console verifies, if the logical volume has enough free space for removing the disk. If not, you cannot remove the disk and it is necessary to add another disk first. For details, see Adding physical drives to logical volumes in the web console.

   

Procedure

1. Log in to the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Storage.

3. Click the + icon in the VDO Devices box.

   

4. In the Name field, enter a name of a VDO volume without spaces.
5. Select the drive that you want to use.

6. In the Logical Size bar, set up the size of the VDO volume. You can extend it more than ten times, but consider for what purpose you are creating the VDO volume:

   • For active VMs or container storage, use logical size that is ten times the physical size of the volume.
   • For object storage, use logical size that is three times the physical size of the volume.

   For details, see Deploying VDO.

7. In the Index Memory bar, allocate memory for the VDO volume.

   For details about VDO system requirements, see System Requirements.

8. Select the Compression option. This option can efficiently reduce various file formats.

   For details, see Enabling or disabling compression in VDO.

9. Select the Deduplication option.

   This option reduces the consumption of storage resources by eliminating multiple copies of duplicate blocks. For details, see Enabling or disabling deduplication in VDO.

10. [Optional] If you want to use the VDO volume with applications that need a 512 bytes block size, select Use 512 Byte emulation. This reduces the performance of the VDO volume, but should be very rarely needed. If in doubt, leave it off.

11. Click Create.

    

Procedure

1. Log in to the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Storage.
3. Click the VDO volume.
4. Click on the Unrecognized Data tab.

5. Click Format.

   

6. In the Erase drop down menu, select:

   Don’t overwrite existing data

   The RHEL web console rewrites only the disk header. The advantage of this option is the speed of formatting.

   Overwrite existing data with zeros

   The RHEL web console rewrites the whole disk with zeros. This option is slower because the program has to go through the whole disk. Use this option if the disk includes any data and you need to rewrite them.

7. In the Type drop down menu, select a filesystem:

   • The XFS file system supports large logical volumes, switching physical drives online without outage, and growing. Leave this file system selected if you do not have a different strong preference.

     XFS does not support shrinking volumes. Therefore, you will not be able to reduce volume formatted with XFS.

   • The ext4 file system supports logical volumes, switching physical drives online without outage, growing, and shrinking.

   You can also select a version with the LUKS (Linux Unified Key Setup) encryption, which allows you to encrypt the volume with a passphrase.

8. In the Name field, enter the logical volume name.

9. In the Mounting drop down menu, select Custom.

   The Default option does not ensure that the file system will be mounted on the next boot.

10. In the Mount Point field, add the mount path.

11. Select Mount at boot.

    

12. Click Format.

    Formatting can take several minutes depending on the used formatting options and the volume size.

    After a successful finish, you can see the details of the formatted VDO volume on the Filesystem tab.

    

13. To use the VDO volume, click Mount.

Procedure

1. Log in to the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Storage.

3. Click your VDO volume in the VDO Devices box.

   

4. In the VDO volume details, click the Grow button.

5. In the Grow logical size of VDO dialog box, extend the logical size of the VDO volume.

   

   Original size of the logical volume from the screenshot was 6 GB. As you can see, the RHEL web console enables you to grow the volume to more than ten times the size and it works correctly because of the compression and deduplication.

6. Click Grow.

Procedure

1. Log in to the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Storage.
3. Select the storage device you want to format.
4. Click the menu icon and select Format option.

5. Select the Encrypt data box to activate encryption on your storage device.

   

6. Set and confirm your new passphrase.
7. [Optional] Modify further encryption options.
8. Finalize formatting settings.
9. Click Format.

Procedure

1. Log in to the web console.

   For details, see Logging in to the web console.

2. Click Storage
3. In the Drives table, select the disk with encrypted data.
4. In Content, select the encrypted partition.
5. Click Encryption.

6. In the Keys table, click the pen icon.

   

7. In the Change passphrase dialog window:

   1. Enter your current passphrase.
   2. Enter your new passphrase.

   3. Confirm your new passphrase.

      

8. Click Save

Procedure

1. Log in to the RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Software Updates.

   The list of available updates refreshes automatically if the last check happened more than 24 hours ago. To trigger a refresh, click the Check for Updates button.

3. Apply updates.

   1. To install all available updates, click the Install all updates button.

      

   2. If you have security updates available, you can install them separately by clicking the Install Security Updates button.

      

      You can watch the update log while the update is running.

4. After the system applies updates, you get a recommendation to restart your system.

   We recommend this especially if the update included a new kernel or system services that you do not want to restart individually.

5. Click Ignore to cancel the restart, or Restart Now to proceed with restarting your system.

   After the system restart, log in to the web console and go to the Software Updates page to verify that the update has been successful.

Procedure

1. Log in to RHEL 8 web console.

   For details, see Logging in to the web console.

2. Click Software Updates.
3. If you want to automatically apply only security updates, click on the Apply all updates drop-down menu and select Apply security updates.
4. To modify day of the automatic update, click on the every day drop-down menu and select a specific day.

5. To modify time of the automatic update, click on the 6:00 drop-down menu and select a specific time.

   

6. If you want to disable automatic software updates, click on switch next to Automatic Updates to move it to disabled position.

   

Procedure

1. Type subscription in the search field and press the Enter key.

   

   Alternatively, you can log in to the RHEL 8 web console. For details, see Logging in to the web console.

2. In the polkit authentication dialog for privileged tasks, add the password belonging to the user name displayed in the dialog.

   

3. Click Authenticate.

4. In the Subscriptions dialog box, click Register.

   

5. Enter your Customer Portal credentials.

   

6. Enter the name of your organization.

   If you have more than one account on the Red Hat Customer Portal, you have to add the organization name or organization ID. To get the org ID, go to your Red Hat contact point.

7. Click the Register button.

Procedure

1. Type subscription in the search field and press the Enter key.

   

   Alternatively, you can log in to the RHEL 8 web console. For details, see Logging in to the web console.

2. In the authentication dialog, add the system username and password you created during the system installation.

   

3. Click Authenticate.

4. In the Subscriptions dialog box, click Register.

   

5. Enter the activation key in the registration form.

6. Enter the name of your organization.

   You need to add the organization name or organization ID, if you have more than one account in the Red Hat Customer Portal.

   To get the org ID, go to your Red Hat contact point.

   

7. Click the Register button.

Procedure

1. Open the Kernel Dump tab and start the kdump service.
2. Configure the kdump memory usage through the command line.

3. Click the link next to the Crash dump location option.

   

4. Select the Local Filesystem option from the drop-down and specify the directory you want to save the dump in.

   

   • Alternatively, select the Remote over SSH option from the drop-down to send the vmcore to a remote machine using the SSH protocol.

     Fill the Server, ssh key, and Directory fields with the remote machine address, ssh key location, and a target directory.

   • Another choice is to select the Remote over NFS option from the drop-down and fill the Mount field to send the vmcore to a remote machine using the NFS protocol.

     Note

     Tick the Compression check box to reduce the size of the vmcore file.

5. Test your configuration by crashing the kernel.

   
   Warning

   This step disrupts execution of the kernel and results in a system crash and loss of data.

Procedure

1. In the RHEL 8 web console, go to Dashboard.

2. In the Dashboard, click the Add Server icon.

   

3. In the Add Machine to Dashboard dialog box, enter the host name or IP address of the remote system.
4. (Optional) Click the Color field to change the color of the system in Dashboard.
5. Click Add.

6. In the Log in to <servername> dialog box, enter the credentials for the remote system.

   You can use any user account of the remote system. Howerver, if you use credetials of a user account without administration privileges, you will not be able to perform administration tasks.

   If you use the same credentials as for your local system, the web console will authenticate remote systems automatically every time you log in. However, using the same credentials on more machines could be a potential security risk.

   

7. Click Log In.

Procedure

1. Log in to the RHEL 8 web console.
2. Click Dashboard.

3. Click the Edit Server icon.

   

4. To remove the server from the Dashboard, click the red Remove icon.

   

1. Open the web console.
2. Click Dashboard.
3. Select the remote system where you want to add the public key.
4. In the system settings, go to Accounts.
5. Select the user account to which you want to assign the public key.

6. In the Authorized Public SSH Keys settings, click the + button.

   

7. In the Add public key dialog box, paste the public key you have in the clipboard.
8. Click Add key.

1. Go to upper right corner settings.

2. In the drop down menu, select Authentication.

   

3. Verify that the web console uses the correct path to the private key you want to use.

   By default, the web console uses the following paths for private keys:

   ~/.ssh/id_rsa
   ~/.ssh/id_dsa
   ~/.ssh/id_ed25519
   ~/.ssh/id_ecdsa

   To use a different key, add the path manually.

4. Enable the key with the On/Off button.

   Enabling the key opens a password dialog.

5. Enter the SSH key password.

   

6. Click Unlock Key.

   On Details tab, you can verify the certificate owner and the fingerprint.

7. Click Close.

1. Log out yourself from the web console.

   After the logging back in the web console, red triangle icon appears before the remote system.

2. Click the system trying to connect to the web console.

   You can see two buttons in the screen. Reconnect and Troubleshoot.

3. Click the Troubleshoot button.

   Login dialog appears.

   

4. In the Authentication drop down menu, select Using available credentials.

Procedure

1. Log into the RHEL web console.

   For details, see Logging in to the web console.

2. Open the System tab.

3. Click Join Domain.

   

4. In the Join a Domain dialog box, enter the host name of the IdM server in the Domain Address field.

5. In the Authentication drop down list, select if you want to use a password or a one-time password for authentication.

   

6. In the Domain Administrator Name field, enter the user name of the IdM administration account.
7. In the password field, add the password or one-time password according to what you selected in the Authentication drop down list earlier.

8. Click Join.

   

Verification steps

1. If the RHEL 8 web console did not display an error, the system has been joined to the IdM domain and you can see the domain name in the System screen.

2. To verify that the user is a member of the domain, click the Terminal page and type the id command:

   $ id
   euid=548800004(example_user) gid=548800004(example_user) groups=548800004(example_user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Procedure

1. Connect to the IdM server.

2. Run the ipa-advise script:

   $ ipa-advise enable-admins-sudo | sh -ex

Procedure

1. Install the opensc and gnutls-utils packages:

   # dnf -y install opensc gnutls-utils

2. Start the pcscd service.

   # systemctl start pcscd

Procedure

1. Erase your smart card and authenticate yourself with your PIN:

   $ pkcs15-init --erase-card --use-default-transport-keys
   Using reader with a card: Reader name
   PIN [Security Officer PIN] required.
   Please enter PIN [Security Officer PIN]:

   The card has been erased.

2. Initialize your smart card, set your user PIN and PUK, and your Security Officer PIN and PUK:

   $ pkcs15-init --create-pkcs15 --use-default-transport-keys \
       --pin 963214 --puk 321478 --so-pin 65498714 --so-puk 784123
   Using reader with a card: Reader name

   The pcks15-init tool creates a new slot on the smart card.

3. Set the label and the authentication ID for the slot:

   $ pkcs15-init --store-pin --label testuser \
       --auth-id 01 --so-pin 65498714 --pin 963214 --puk 321478
   Using reader with a card: Reader name

   The label is set to a human-readable value, in this case, testuser. The auth-id must be two hexadecimal values, in this case it is set to 01.

4. Store and label the private key in the new slot on the smart card:

   $ pkcs15-init --store-private-key testuser.key --label testuser_key \
       --auth-id 01 --id 01 --pin 963214
   Using reader with a card: Reader name

   Note

   The value you specify for --id must be the same when storing your private key, and certificate. If you do not specify a value for --id, a more complicated value is calculated by the tool and it is therefore easier to define your own value.

5. Store and label the certificate in the new slot on the smart card:

   $ pkcs15-init --store-certificate testuser.crt --label testuser_crt \
       --auth-id 01 --id 01 --format pem --pin 963214
   Using reader with a card: Reader name

6. (Optional) Store and label the public key in the new slot on the smart card:

   $ pkcs15-init --store-public-key testuserpublic.key
       --label testuserpublic_key --auth-id 01 --id 01 --pin 963214
   Using reader with a card: Reader name

   Note

   If the public key corresponds to a private key and/or certificate, you should specify the same ID as that private key and/or certificate.

7. (Optional) Some smart cards require you to finalize the card by locking the settings:

   $ pkcs15-init -F

   At this stage, your smart card includes the certificate, private key, and public key in the newly created slot. You have also created your user PIN and PUK and the Security Officer PIN and PUK.

Procedure

1. Log in to the RHEL web console with administrator privileges.

   For details, see Logging in to the web console.

2. Click Terminal.

3. In the /etc/cockpit/cockpit.conf, set the ClientCertAuthentication to yes:

   [WebService]
   ClientCertAuthentication = yes

4. Optionally, disable password based authentication in cockpit.conf with:

   [Basic]
   action = none

   This configuration disables password authentication and you must always use the smart card.

5. Restart the web console to make sure that the cockpit.service accepts the change:

   # systemctl restart cockpit

Procedure

1. Open your web browser and add the web console’s address in the address bar.

   The browser asks you to add the PIN protecting the certificate stored on the smart card.

2. In the Password Required dialog box, enter PIN and click OK.
3. In the User Identification Request dialog box, select the certificate stored in the smart card.

4. Select Remember this decision.

   The system does not open this window next time.

5. Click OK.

Procedure

1. In the terminal, open the system-cockpithttps.slice configuration file:

   # systemctl edit system-cockpithttps.slice

2. Limit the TasksMax to 100 and CPUQuota to 30%:

   [Slice]
   # change existing value
   TasksMax=100
   # add new restriction
   CPUQuota=30%

3. To apply the changes, restart the system:

   # systemctl daemon-reload
   # systemctl stop cockpit