Hide Forgot
Description of problem: In a Workstation install, launching Subscription Manager's GUI client from gnome opens a firefox window and attempts to load the cockpit interface. The browser throws an error with zero indication as to why. People unfamiliar with cockpit (as it's new as a default in RHEL 8), will have no idea that port 9090 is cockpit. Version-Release number of selected component (if applicable): 8.0 Beta How reproducible: Always Steps to Reproduce: 1. Login to gnome session 2. Run Red Hat Subscription Manager from app menu 3. Error Actual results: Error with page unable to load Expected results: Visibility of the subscription manager ui in cockpit Additional info: cockpit.socket could be enabled by default, but locked to locahost. This would be a better experience for users. Documentation for enabling remote management should also be included.
Steps I took to provide a better OOTB experience without sacrificing security by opening 9090 to the world: # systemctl enable cockpit.socket Modify /usr/lib/systemd/system/cockpit.socket and replace the line: ListenStream=9090 with ListenStream=127.0.0.1:9090 # systemctl daemon-reload # systemctl restart cockpit.socket
Additionally, the need to turn on cockpit is supposed to be documented in /etc/issue, to be seen when a customer logs into the CONSOLE of the system. HOWEVER, this file is not displayed for a customer of a Workstation or GUI Server installation. Thus, there is no way for a user to know that they must turn on cockpit. Hence, Scott's suggestion very solution seems very valid : Enable cockpit on the localhost interface to allow immediate first-boot use of the subscription manager Cockpit GUI.
(In reply to Scott Herold from comment #1) > Steps I took to provide a better OOTB experience without sacrificing > security by opening 9090 to the world: > > # systemctl enable cockpit.socket > Modify /usr/lib/systemd/system/cockpit.socket and replace the line: > ListenStream=9090 with > ListenStream=127.0.0.1:9090 > # systemctl daemon-reload > # systemctl restart cockpit.socket OK, so apparently using an override is the right way to resolve this AFTER the fact. # systemctl edit cockpit.socket add: [Socket] ListenStream=127.0.0.1:9090 Save and exit
If you use the .override approach: You need to first reset the existing ListenStream=. Like the above (comment #3) you *additionally* open it on localhost, which doesn't work (the .socket unit will fail to start, as it's already listening everywhere). So: [Socket] ListenStream= ListenStream=127.0.0.1:9090 Indeed cockpit.socket not enabled by default as it opens a port. Also, services are generally not enabled by default in RHEL (or Fedora), they need to get into that central list of services that do (using systemd presets, I figure?). I feel like this touches a fairly rigid policy, and I can't decide this by myself. If there's consensus (and maybe even precedent) for this approach, we can certainly do this, although this requires some pondering how exactly to set this up: e. g. cockpit should not ship an override file in /etc by itself, and the dynamic motd/issue message needs to be changed, and we need to document how to enable cockpit on remote interfaces. I'll start a thread on rhel8-devel@.
http://post-office.corp.redhat.com/archives/rhel8-devel/2018-November/msg00277.html
*** Bug 1651621 has been marked as a duplicate of this bug. ***
For everyone following along here: I have a first proof of concept of how this could look like: http://post-office.corp.redhat.com/archives/rhel8-devel/2018-November/msg00331.html
I now installed RHEL 8 beta desktop, and I see subscription-manager-cockpit.desktop (shipped by subscription-manager-cockpit RPM). So after the cockpit-desktop work lands, subscription-manager needs to adjust this desktop file to make this all work.
I got a resounding silence on the ML to my post... Anyway, https://github.com/cockpit-project/cockpit/pull/10684 provides the mechanics for that. Once that is released, I'll provide a bug and proposed patch for subscription-manager.