Bug 1420995

Summary: [Docs][RFE][Admin][Install] oVirt cockpit plugin is consumable on regular hosts
Product: Red Hat Enterprise Virtualization Manager Reporter: Tahlia Richardson <trichard>
Component: DocumentationAssignee: Emma Heftman <eheftman>
Status: CLOSED CURRENTRELEASE QA Contact: Tahlia Richardson <trichard>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.1.0CC: lbopf, lsurette, mlibra, mperina, rbalakri, rbarry, sbonazzo, srevivo, trichard, ykaul
Target Milestone: ovirt-4.1.1-1Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-14 12:01:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Docs RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1346835    
Bug Blocks:    

Description Tahlia Richardson 2017-02-10 05:15:40 UTC 
The Cockpit plugin in now available on RHEL hosts. 

This requires a procedure for installing Cockpit on RHEL hosts (some of this could be a link to the Atomic Host docs for the non-RHV-specific part), and updates to anything that currently mentions Cockpit not being supported on RHEL hosts.
Comment 1 Lucy Bopf 2017-04-13 01:35:43 UTC 
Assigning to Emma for review.

Emma, I suspect some of this may have been covered by updates to the install and upgrade procedures, but please use this bug to check.
Comment 2 Emma Heftman 2017-04-13 12:14:51 UTC 
Hi Sandro, 
I'm documenting this bug 1346835 regarding support for Cockpit on the RHEL hosts.
I have seen that the latest Self-hosted engine guide covers this, but the Installation Guide and the Admin Guide need to be updated.\

I have a couple of questions:

1. In the RHVH installation, step 13 is to use the cockpit to subscribe to entitlements:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.0/html-single/installation_guide/#Installing_RHVH

"Once the installation is complete, log in to the Cockpit user interface at https://HostFQDNorIP:9090 to subscribe the host to the Content Delivery Network. Click Tools > Subscriptions > Register System and enter your Customer Portal username and password. The system automatically subscribes to the Red Hat Virtualization Host entitlement. "

Should this now be done for RHEL hosts too? instead of the steps described in section 7.2 Subscribing to the Required Entitlements.

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.0/html-single/installation_guide/#Subscribing_to_Required_Channels_using_Subscription_Manager1


2. Should the section about Firewalls and TCP ports be updated to use 9090 for RHEL Hosts? i.e remove the word "Optional" and replace it with "Cockpit user interface access". 

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.0/html-single/installation_guide/#sect-Firewalls
Comment 3 Sandro Bonazzola 2017-04-19 12:10:41 UTC 
For RHEL hosts, what is already in the documentation is still valid.
While RHV-H comes with preinstalled cockpit, on RHEL you need to subscribe to the channel in order to be able to install cockpit.
So no, you can't subscribe to the channel with cockpit until you install it.

About the firewall, cockpit is still optional so I think it can be kept as is,
Comment 9 Emma Heftman 2017-04-26 11:43:33 UTC 
Hi Sandro
I have a few more questions for you as I also need to add the installation to the documentation.

Please take a look at the following link to instructions for installing Cockpit on Enterprise Linux Hosts

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/getting_started_with_cockpit/installing_and_enabling_cockpit#installing_cockpit

1. Does step B in section 2.1.1 cover all the steps that the customer should perform if the Linux host is running in a RHV environment?

2. What about yum install cockpit-ovirt-dashboard.noarch?
If its needed should it be run between steps 3 and 4?

3. Is this issue relevant for self-hosted engines or is it automatically installed.
Comment 10 Sandro Bonazzola 2017-04-27 09:20:24 UTC 
(In reply to Emma Heftman from comment #9)
> Hi Sandro
> I have a few more questions for you as I also need to add the installation
> to the documentation.
> 
> Please take a look at the following link to instructions for installing
> Cockpit on Enterprise Linux Hosts
> 
> https://access.redhat.com/documentation/en-us/
> red_hat_enterprise_linux_atomic_host/7/html/getting_started_with_cockpit/
> installing_and_enabling_cockpit#installing_cockpit
> 
> 1. Does step B in section 2.1.1 cover all the steps that the customer should
> perform if the Linux host is running in a RHV environment?


You can drop the subscriptions to optional and extra channels since cockpit is included in the RHV agent channel which should be already enabled for deploying the host in RHV.

firewalld commands are needed only if the host is deployed without firewall handling enabled on the engine side. If firewall is handled by engine iptables is used instead of firewalld and ports are opened by the engine.


> 2. What about yum install cockpit-ovirt-dashboard.noarch?
> If its needed should it be run between steps 3 and 4?

It's needed and should be installed between 3 and 4.

> 
> 3. Is this issue relevant for self-hosted engines or is it automatically
> installed.

cockpit-ovirt-dashboard install also hosted engine rpms even if hosted engine is not used.
Comment 11 Emma Heftman 2017-04-27 10:24:44 UTC 
(In reply to Sandro Bonazzola from comment #10)
> (In reply to Emma Heftman from comment #9)
> > Hi Sandro
> > I have a few more questions for you as I also need to add the installation
> > to the documentation.
> > 
> > Please take a look at the following link to instructions for installing
> > Cockpit on Enterprise Linux Hosts
> > 
> > https://access.redhat.com/documentation/en-us/
> > red_hat_enterprise_linux_atomic_host/7/html/getting_started_with_cockpit/
> > installing_and_enabling_cockpit#installing_cockpit
> > 
> > 1. Does step B in section 2.1.1 cover all the steps that the customer should
> > perform if the Linux host is running in a RHV environment?
> 
> 
> You can drop the subscriptions to optional and extra channels since cockpit
> is included in the RHV agent channel which should be already enabled for
> deploying the host in RHV.
> 
> firewalld commands are needed only if the host is deployed without firewall
> handling enabled on the engine side. If firewall is handled by engine
> iptables is used instead of firewalld and ports are opened by the engine.
> 

Sandro, how can the customer tell/know/decide  whether firewall is handled by the engine. Are't we assuming they are installing with the RHV Installation Guide and therefore will be following instructions for configuring the engine?

Another firewall question. In the RHV installation Guide we left 9090 port as optional for Linux hosts. Don't you think it should say Optional. Required for Cockpit running on Linux?

Also, you say that the port should be configured on the engine side but i see 9090 is configured on the host, not the manager. Can you please explain this.


https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html-single/installation_guide/#sect-Firewalls

> 
> > 2. What about yum install cockpit-ovirt-dashboard.noarch?
> > If its needed should it be run between steps 3 and 4?
> 
> It's needed and should be installed between 3 and 4.
> 
> > 
> > 3. Is this issue relevant for self-hosted engines or is it automatically
> > installed.
> 
> cockpit-ovirt-dashboard install also hosted engine rpms even if hosted
> engine is not used.

So you're saying that there is no need to install anything on a self-hosted engine and these steps are only required for Linux hosts?
Comment 12 Emma Heftman 2017-04-27 10:35:14 UTC 
(In reply to Emma Heftman from comment #11)
> (In reply to Sandro Bonazzola from comment #10)
> > (In reply to Emma Heftman from comment #9)
> > > Hi Sandro
> > > I have a few more questions for you as I also need to add the installation
> > > to the documentation.
> > > 
> > > Please take a look at the following link to instructions for installing
> > > Cockpit on Enterprise Linux Hosts
> > > 
> > > https://access.redhat.com/documentation/en-us/
> > > red_hat_enterprise_linux_atomic_host/7/html/getting_started_with_cockpit/
> > > installing_and_enabling_cockpit#installing_cockpit
> > > 
> > > 1. Does step B in section 2.1.1 cover all the steps that the customer should
> > > perform if the Linux host is running in a RHV environment?
> > 
> > 
> > You can drop the subscriptions to optional and extra channels since cockpit
> > is included in the RHV agent channel which should be already enabled for
> > deploying the host in RHV.
> > 
> > firewalld commands are needed only if the host is deployed without firewall
> > handling enabled on the engine side. If firewall is handled by engine
> > iptables is used instead of firewalld and ports are opened by the engine.
> > 
> 
> Sandro, how can the customer tell/know/decide  whether firewall is handled
> by the engine. Are't we assuming they are installing with the RHV
> Installation Guide and therefore will be following instructions for
> configuring the engine?
> 
> Another firewall question. In the RHV installation Guide we left 9090 port
> as optional for Linux hosts. Don't you think it should say Optional.
> Required for Cockpit running on Linux?
> 
> Also, you say that the port should be configured on the engine side but i
> see 9090 is configured on the host, not the manager. Can you please explain
> this.
> 
> 
> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/
> html-single/installation_guide/#sect-Firewalls
> 
> > 
> > > 2. What about yum install cockpit-ovirt-dashboard.noarch?
> > > If its needed should it be run between steps 3 and 4?
> > 
> > It's needed and should be installed between 3 and 4.
> > 
> > > 
> > > 3. Is this issue relevant for self-hosted engines or is it automatically
> > > installed.
> > 
> > cockpit-ovirt-dashboard install also hosted engine rpms even if hosted
> > engine is not used.
> 
> So you're saying that there is no need to install anything on a self-hosted
> engine and these steps are only required for Linux hosts?

And one more question. Can I remove sudo from the commands?
Comment 13 Sandro Bonazzola 2017-04-27 11:10:05 UTC 
(In reply to Emma Heftman from comment #11)
> (In reply to Sandro Bonazzola from comment #10)
> > (In reply to Emma Heftman from comment #9)
> > > Hi Sandro
> > > I have a few more questions for you as I also need to add the installation
> > > to the documentation.
> > > 
> > > Please take a look at the following link to instructions for installing
> > > Cockpit on Enterprise Linux Hosts
> > > 
> > > https://access.redhat.com/documentation/en-us/
> > > red_hat_enterprise_linux_atomic_host/7/html/getting_started_with_cockpit/
> > > installing_and_enabling_cockpit#installing_cockpit
> > > 
> > > 1. Does step B in section 2.1.1 cover all the steps that the customer should
> > > perform if the Linux host is running in a RHV environment?
> > 
> > 
> > You can drop the subscriptions to optional and extra channels since cockpit
> > is included in the RHV agent channel which should be already enabled for
> > deploying the host in RHV.
> > 
> > firewalld commands are needed only if the host is deployed without firewall
> > handling enabled on the engine side. If firewall is handled by engine
> > iptables is used instead of firewalld and ports are opened by the engine.
> > 
> 
> Sandro, how can the customer tell/know/decide  whether firewall is handled
> by the engine. Are't we assuming they are installing with the RHV
> Installation Guide and therefore will be following instructions for
> configuring the engine?

There's a checkbox in the host deploy dialog about configuring the firewall


> 
> Another firewall question. In the RHV installation Guide we left 9090 port
> as optional for Linux hosts. Don't you think it should say Optional.
> Required for Cockpit running on Linux?

Make sense

> 
> Also, you say that the port should be configured on the engine side but i
> see 9090 is configured on the host, not the manager. Can you please explain
> this.

ovirt-engine has a iptables configuration stored in its DB. When a host is deployed with the checkbox set to configure the firewall on the host the iptables configuration is applied on the deployed host.


> 
> 
> https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/
> html-single/installation_guide/#sect-Firewalls
> 
> > 
> > > 2. What about yum install cockpit-ovirt-dashboard.noarch?
> > > If its needed should it be run between steps 3 and 4?
> > 
> > It's needed and should be installed between 3 and 4.
> > 
> > > 
> > > 3. Is this issue relevant for self-hosted engines or is it automatically
> > > installed.
> > 
> > cockpit-ovirt-dashboard install also hosted engine rpms even if hosted
> > engine is not used.
> 
> So you're saying that there is no need to install anything on a self-hosted
> engine and these steps are only required for Linux hosts?

I'm saying that if you install cockpit-ovirt on linux-hosts ovirt-hosted-engine-setup and ovirt-hosted-engine-ha are installed as dependencies.
cockpit-ovirt is not needed within the hosted engine appliance.
Comment 14 Sandro Bonazzola 2017-04-27 11:11:07 UTC 
Restoring dropped needinfo.

> And one more question. Can I remove sudo from the commands?

If you run them as root, you can drop sudo.
Comment 15 Emma Heftman 2017-04-27 12:46:48 UTC 
(In reply to Sandro Bonazzola from comment #13)
> (In reply to Emma Heftman from comment #11)
> > (In reply to Sandro Bonazzola from comment #10)
> > > (In reply to Emma Heftman from comment #9)
> > > > Hi Sandro
> > > > I have a few more questions for you as I also need to add the installation
> > > > to the documentation.
> > > > 
> > > > Please take a look at the following link to instructions for installing
> > > > Cockpit on Enterprise Linux Hosts
> > > > 
> > > > https://access.redhat.com/documentation/en-us/
> > > > red_hat_enterprise_linux_atomic_host/7/html/getting_started_with_cockpit/
> > > > installing_and_enabling_cockpit#installing_cockpit
> > > > 
> > > > 1. Does step B in section 2.1.1 cover all the steps that the customer should
> > > > perform if the Linux host is running in a RHV environment?
> > > 
> > > 
> > > You can drop the subscriptions to optional and extra channels since cockpit
> > > is included in the RHV agent channel which should be already enabled for
> > > deploying the host in RHV.
> > > 
> > > firewalld commands are needed only if the host is deployed without firewall
> > > handling enabled on the engine side. If firewall is handled by engine
> > > iptables is used instead of firewalld and ports are opened by the engine.
> > > 
> > 
> > Sandro, how can the customer tell/know/decide  whether firewall is handled
> > by the engine. Are't we assuming they are installing with the RHV
> > Installation Guide and therefore will be following instructions for
> > configuring the engine?
> 
> There's a checkbox in the host deploy dialog about configuring the firewall
> 
> 
> > 
> > Another firewall question. In the RHV installation Guide we left 9090 port
> > as optional for Linux hosts. Don't you think it should say Optional.
> > Required for Cockpit running on Linux?
> 
> Make sense
> 
> > 
> > Also, you say that the port should be configured on the engine side but i
> > see 9090 is configured on the host, not the manager. Can you please explain
> > this.
> 
> ovirt-engine has a iptables configuration stored in its DB. When a host is
> deployed with the checkbox set to configure the firewall on the host the
> iptables configuration is applied on the deployed host.
> 
> 
> > 
> > 
> > https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/
> > html-single/installation_guide/#sect-Firewalls
> > 
> > > 
> > > > 2. What about yum install cockpit-ovirt-dashboard.noarch?
> > > > If its needed should it be run between steps 3 and 4?
> > > 
> > > It's needed and should be installed between 3 and 4.
> > > 
> > > > 
> > > > 3. Is this issue relevant for self-hosted engines or is it automatically
> > > > installed.
> > > 
> > > cockpit-ovirt-dashboard install also hosted engine rpms even if hosted
> > > engine is not used.
> > 
> > So you're saying that there is no need to install anything on a self-hosted
> > engine and these steps are only required for Linux hosts?
> 
> I'm saying that if you install cockpit-ovirt on linux-hosts
> ovirt-hosted-engine-setup and ovirt-hosted-engine-ha are installed as
> dependencies.
> cockpit-ovirt is not needed within the hosted engine appliance.

Additional questions sent by mail on the issue of firewall and SHE.
Comment 24 Emma Heftman 2017-05-14 12:01:01 UTC 
The documentation is available on the Customer Portal:

Installation Guide:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/installation_guide/installing_cockpit_on_linux_hosts

Administration Guide:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html-single/administration_guide/#Adding_Red_Hat_Enterprise_Linux_Hosts