Bug 2137663

Summary: [RFE] cockpit: convert cockpit role to use firewall, selinux role, and certificate role
Product: Red Hat Enterprise Linux 9 Reporter: Noriko Hosoi <nhosoi>
Component: rhel-system-rolesAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Evgeny Fedin <efedin>
Severity: unspecified Docs Contact: Lucie Vařáková <lmanasko>
Priority: unspecified    
Version: 9.2CC: djez, efedin, pasik, rmeggins, spetrosi
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: 9.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: role:cockpit
Fixed In Version: rhel-system-roles-1.21.0-0.5.el9 Doc Type: Enhancement
Doc Text:
.The `cockpit` RHEL System Role integration with the `firewall`, `selinux`, and `certificate` roles This enhancement enables you to integrate the `cockpit` role with the `firewall` role and the `selinux` role to manage port access and the `certificate` role to generate certificates. To control the port access, use the new `cockpit_manage_firewall` and `cockpit_manage_selinux` variables. Both variables are set to `false` by default and are not executed. Set them to `true` to allow the `firewall` and `selinux` roles to manage the RHEL web console service port access. The operations will then be executed within the `cockpit` role. Note that you are responsible for managing port access for firewall and SELinux. To generate certificates, use the new `cockpit_certificates` variable. The variable is set to `false` by default and is not executed. You can use this variable the same way you would use the `certificate_request` variable in the `certificate` role. The `cockpit` role will then use the `certificate` role to manage the RHEL web console certificates.
 Story Points: ---
Clone Of:
: 2137667 (view as bug list) Environment:
Last Closed: 2023-05-09 07:37:56 UTC Type: Enhancement
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2137667    

Description Noriko Hosoi 2022-10-25 18:40:30 UTC 
Description of problem:

Use the firewall role and the selinux role from the cockpit role

- Introduce cockpit_manage_firewall to use the firewall role to
  manage the cockpit service.
  Default to false - means the firewall role is not used.

- Introduce cockpit_manage_selinux to use the selinux role to
  manage the ports in the cockpit service.
  Assign websm_port_t to the cockpit service ports.
  Default to false - means the selinux role is not used.

Use the certificate role to create the cert and the key
    
- Introduce a variable cockpit_certificates to set the certificate_requests.
Comment 4 Rich Megginson 2022-11-21 22:06:23 UTC 
The corresponding 8.8.0 BZ has already been acked - https://bugzilla.redhat.com/show_bug.cgi?id=2137667
Comment 14 errata-xmlrpc 2023-05-09 07:37:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:2246