Menu Close

Chapter 23. Installing and configuring web console with the cockpit RHEL System Role

With the cockpit RHEL System Role, you can install and configure the web console in your system.

23.1. The cockpit System Role

You can use the cockpit System Role to automatically deploy and enable the web console and thus be able to manage your RHEL systems from a web browser.

23.2. Variables for the cockpit RHEL System Role

The parameters used for the cockpit RHEL System Roles are:

Role VariableDescription

cockpit_packages: (default: default)

Set one of the predefined package sets: default, minimal, or full.

* cockpit_packages: (default: default) - most common pages and on-demand install UI

* cockpit_packages: (default: minimal) - just the Overview, Terminal, Logs, Accounts, and Metrics pages; minimal dependencies

* cockpit_packages: (default: full) - all available pages

Optionally, specify your own selection of cockpit packages you want to install.

cockpit_enabled: (default:yes)

Configure if web console web server is enabled to start automatically at boot

cockpit_started: (default:yes)

Configure if web console should be started

cockpit_config: (default: nothing)

You can apply settings in the /etc/cockpit/cockpit.conf file. NOTE: The previous settings file will be lost.

Additional resources

23.3. Installing web console by using the cockpit RHEL System Role

Follow the below steps to install web console in your system and make the services accessible in it.

Prerequisites

  • Access and permissions to one or more managed nodes, which are systems you want to configure with the VPN System Role.
  • Access and permissions to a control node, which is a system from which Red Hat Ansible Core configures other systems.

    On the control node:

    • The ansible-core and rhel-system-roles packages are installed.
    • An inventory file which lists the managed nodes.

Procedure

  1. Create a new playbook.yml file with the following content:

    ---
    - hosts: all
      tasks:
        - name: Install RHEL web console
          include_role:
            name: rhel-system-roles.cockpit
          vars:
            cockpit_packages: default
            #cockpit_packages: minimal
            #cockpit_packages: full
    
        - name: Configure Firewall for web console
          include_role:
            name: rhel-system-roles.firewall
          vars:
            firewall:
              service: cockpit
              state: enabled
    Note

    The cockpit port is open by default in firewalld, so the "Configure Firewall for web console" task only applies if the system administrator customized this.

  2. Optional: Verify playbook syntax.

    # ansible-playbook --syntax-check -i inventory_file playbook.yml
  3. Run the playbook on your inventory file:

    # ansible-playbook -i inventory_file /path/to/file/playbook.yml

23.4. Setting up a new certificate by using the certificate RHEL System Role

By default, web console creates a self-signed certificate on first startup. You can customize the self-signed certificate for security reasons. To generate a new certificate, you can use the certificate role. For that, follow the steps:

Prerequisites

  • Access and permissions to one or more managed nodes, which are systems you want to configure with the VPN System Role.
  • Access and permissions to a control node, which is a system from which Red Hat Ansible Core configures other systems.

    On the control node:

    • The ansible-core and rhel-system-roles packages are installed.
    • An inventory file which lists the managed nodes.

Procedure

  1. Create a new playbook2.yml file with the following content:

    ---
    - hosts: all
      tasks:
        - name: Generate Cockpit web server certificate
          include_role:
            name: rhel-system-roles.certificate
          vars:
            certificate_requests:
              - name: /etc/cockpit/ws-certs.d/01-certificate
                dns: ['localhost', 'www.example.com']
                ca: ipa
                group: cockpit-ws
  2. Optional: Verify playbook syntax.

    # ansible-playbook --syntax-check -i inventory_file playbook2.yml
  3. Run the playbook on your inventory file:

    # ansible-playbook -i inventory_file /path/to/file/playbook2.yml