Bug 2137667

Summary: [RFE] cockpit: convert cockpit role to use firewall, selinux role, and certificate role
Product: Red Hat Enterprise Linux 8 Reporter: Noriko Hosoi <nhosoi>
Component: rhel-system-rolesAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: David Jež <djez>
Severity: unspecified Docs Contact: Lucie Vařáková <lmanasko>
Priority: unspecified    
Version: 8.8CC: djez, efedin, lmanasko, rhel-cs-system-management-subsystem-qe, rmeggins, spetrosi
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: 8.8Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: role:cockpit
Fixed In Version: rhel-system-roles-1.21.0-0.5.el8 Doc Type: Enhancement
Doc Text:
.The `cockpit` RHEL System Role integration with the `firewall`, `selinux`, and `certificate` roles This enhancement enables you to integrate the `cockpit` role with the `firewall` role and the `selinux` role to manage port access and the `certificate` role to generate certificates. To control the port access, use the new `cockpit_manage_firewall` and `cockpit_manage_selinux` variables. Both variables are set to `false` by default and are not executed. Set them to `true` to allow the `firewall` and `selinux` roles to manage the RHEL web console service port access. The operations will then be executed within the `cockpit` role. Note that you are responsible for managing port access for firewall and SELinux. To generate certificates, use the new `cockpit_certificates` variable. The variable is set to `false` by default and is not executed. You can use this variable the same way you would use the `certificate_request` variable in the `certificate` role. The `cockpit` role will then use the `certificate` role to manage the RHEL web console certificates.
 Story Points: ---
Clone Of: 2137663 Environment:
Last Closed: 2023-05-16 08:31:36 UTC Type: Enhancement
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2137663    
Bug Blocks:    

Comment 7 Rich Megginson 2022-12-01 18:41:10 UTC 
1) this is a known issue - https://github.com/linux-system-roles/cockpit#generate-a-new-certificate "NOTE: This creating a self-signed certificate is not supported on RHEL/CentOS-7."
Not sure how you want to handle this.

2) This is fixed in rhel-system-roles-1.21.0-0.5.el8

3) This is fixed in rhel-system-roles-1.21.0-0.5.el8

> Also, there is a lot of "linux-system-roles" references in the output or "lsr_cockpit" like e

If you only see "lsr" references in the test code (e.g. tests/tasks/clone_cert_role.yml is test only code) then that's ok.  If you see references to "linux-system-roles" in rhel-system-roles-1.21.0-0.5.el8
 then that might be a problem.
Comment 15 errata-xmlrpc 2023-05-16 08:31:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:2804