Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
.The `cockpit` RHEL System Role integration with the `firewall`, `selinux`, and `certificate` roles
This enhancement enables you to integrate the `cockpit` role with the `firewall` role and the `selinux` role to manage port access and the `certificate` role to generate certificates.
To control the port access, use the new `cockpit_manage_firewall` and `cockpit_manage_selinux` variables. Both variables are set to `false` by default and are not executed. Set them to `true` to allow the `firewall` and `selinux` roles to manage the RHEL web console service port access. The operations will then be executed within the `cockpit` role.
Note that you are responsible for managing port access for firewall and SELinux.
To generate certificates, use the new `cockpit_certificates` variable. The variable is set to `false` by default and is not executed. You can use this variable the same way you would use the `certificate_request` variable in the `certificate` role. The `cockpit` role will then use the `certificate` role to manage the RHEL web console certificates.
Description of problem:
Use the firewall role and the selinux role from the cockpit role
- Introduce cockpit_manage_firewall to use the firewall role to
manage the cockpit service.
Default to false - means the firewall role is not used.
- Introduce cockpit_manage_selinux to use the selinux role to
manage the ports in the cockpit service.
Assign websm_port_t to the cockpit service ports.
Default to false - means the selinux role is not used.
Use the certificate role to create the cert and the key
- Introduce a variable cockpit_certificates to set the certificate_requests.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHEA-2023:2246
Description of problem: Use the firewall role and the selinux role from the cockpit role - Introduce cockpit_manage_firewall to use the firewall role to manage the cockpit service. Default to false - means the firewall role is not used. - Introduce cockpit_manage_selinux to use the selinux role to manage the ports in the cockpit service. Assign websm_port_t to the cockpit service ports. Default to false - means the selinux role is not used. Use the certificate role to create the cert and the key - Introduce a variable cockpit_certificates to set the certificate_requests.