linux-system-roles.cockpit
Cockpit
This installs and sets up the Cockpit Web Console on compatible systems like RHEL, CentOS, Fedora, Debian, and Ubuntu.
Requirements
RHEL/CentOS 7.x needs to have the Extras repository enabled.
Collection requirements
This role needs the firewall and selinux roles from the fedora.linux_system_roles collection if you want to manage the firewall and SELinux settings. Check cockpit_manage_firewall and cockpit_manage_selinux in Role Variables.
If you're using cockpit from the fedora.linux_system_roles collection or from the Fedora RPM package, you’re all set.
To manage rpm-ostree systems, you must install additional collections. Use the command below:
ansible-galaxy collection install -vv -r meta/collection-requirements.yml
Role Variables
Here are the available variables for each distribution with their default values (see defaults/main.yml):
cockpit_packages
This variable lets you pick which Cockpit packages to install. You can choose your own or select from three sets: default, minimal, or full. If you don't specify this variable, default is used. The specific packages may differ based on the distribution and version.
For example, if you want specific Cockpit packages:
cockpit_packages:
- cockpit-storaged
- cockpit-podman
Using predefined package sets is recommended:
cockpit_packages: default
# which installs these:
# - cockpit
# - cockpit-networkmanager
# - cockpit-packagekit
# - cockpit-selinux
# - cockpit-storaged
cockpit_packages: minimal
# which installs these:
# - cockpit-system
# - cockpit-ws
cockpit_packages: full
# This option installs nearly all available Cockpit packages.
cockpit_enabled
cockpit_enabled: true
This is a boolean variable that controls whether Cockpit starts automatically on boot (default is true).
cockpit_started
cockpit_started: true
This boolean controls whether Cockpit should be running (default is true).
cockpit_config
cockpit_config:
WebService:
LoginTitle: "custom login screen title"
MaxStartups: 20
Session:
IdleTimeout: 15
Banner: "/etc/motd"
This is for setting options in /etc/cockpit/cockpit.conf. Existing settings will be replaced with this configuration.
cockpit_port
cockpit_port: 9090
Cockpit uses port 9090 by default. Change it here if needed.
cockpit_manage_firewall
cockpit_manage_firewall: false
This boolean determines if the cockpit role manages the firewall (default is false). It can only add ports, not remove them. This feature only works on RedHat systems.
cockpit_manage_selinux
cockpit_manage_selinux: false
This flag allows SELinux to be configured using the SELinux role. By default, Cockpit can only listen on port 9090 unless this is enabled.
cockpit_transactional_update_reboot_ok
cockpit_transactional_update_reboot_ok: true
If a reboot is needed for updates, this variable allows the role to proceed with the reboot or notify the user.
Certificate setup
By default, Cockpit creates a self-signed certificate on first start. It's best to customize this for production settings.
Use an existing certificate
If you already have a certificate for your server, point the cockpit_cert and cockpit_private_key options to it:
cockpit_cert: /path/to/server.crt
cockpit_private_key: /path/to/server.key
Generate a new certificate
To create a new certificate, use the cockpit_certificates variable.
Example for using an IdM-issued web server certificate:
- name: Install cockpit with Cockpit web server certificate
include_role:
name: linux-system-roles.cockpit
vars:
cockpit_certificates:
- name: monger-cockpit
dns: ['localhost', 'www.example.com']
ca: ipa
group: cockpit-ws
Example Playbooks
Simplest example for managing Cockpit:
---
- name: Manage cockpit
hosts: fedora, rhel7, rhel8
become: true
roles:
- linux-system-roles.cockpit
Another example with firewall configuration:
---
tasks:
- name: Install RHEL/Fedora Web Console (Cockpit)
include_role:
name: linux-system-roles.cockpit
vars:
cockpit_packages: default
- name: Configure Firewall for Web Console
include_role:
name: fedora.linux_system_roles.firewall
vars:
firewall:
service: cockpit
state: enabled
License
GPLv3