Bug 1651264 - provide better desktop integration
Summary: provide better desktop integration
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: cockpit
Version: 8.0
Hardware: All
OS: All
high
high
Target Milestone: rc
: 8.0
Assignee: Martin Pitt
QA Contact: Jan Ščotka
URL:
Whiteboard:
Depends On:
Blocks: 1635157 1651621
TreeView+ depends on / blocked
 
Reported: 2018-11-19 14:57 UTC by Scott Herold
Modified: 2019-06-11 08:34 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-23 11:52:58 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)

Description Scott Herold 2018-11-19 14:57:24 UTC
Description of problem:
In a Workstation install, launching Subscription Manager's GUI client from gnome opens a firefox window and attempts to load the cockpit interface.  The browser throws an error with zero indication as to why.  People unfamiliar with cockpit (as it's new as a default in RHEL 8), will have no idea that port 9090 is cockpit.

Version-Release number of selected component (if applicable):
8.0 Beta

How reproducible:
Always

Steps to Reproduce:
1. Login to gnome session
2. Run Red Hat Subscription Manager from app menu
3. Error

Actual results:
Error with page unable to load

Expected results:
Visibility of the subscription manager ui in cockpit

Additional info:
cockpit.socket could be enabled by default, but locked to locahost.  This would be a better experience for users.  Documentation for enabling remote management should also be included.

Comment 1 Scott Herold 2018-11-19 15:12:40 UTC
Steps I took to provide a better OOTB experience without sacrificing security by opening 9090 to the world:

# systemctl enable cockpit.socket
Modify /usr/lib/systemd/system/cockpit.socket and replace the line:
ListenStream=9090     with
ListenStream=127.0.0.1:9090
# systemctl daemon-reload
# systemctl restart cockpit.socket

Comment 2 Mark Thacker 2018-11-19 15:38:01 UTC
Additionally, the need to turn on cockpit is supposed to be documented in /etc/issue, to be seen when a customer logs into the CONSOLE of the system.

HOWEVER, this file is not displayed for a customer of a Workstation or GUI Server installation. Thus, there is no way for a user to know that they must turn on cockpit.

Hence, Scott's suggestion very solution seems very valid : Enable cockpit on the localhost interface to allow immediate first-boot use of the subscription manager Cockpit GUI.

Comment 3 Scott Herold 2018-11-19 15:59:05 UTC
(In reply to Scott Herold from comment #1)
> Steps I took to provide a better OOTB experience without sacrificing
> security by opening 9090 to the world:
> 
> # systemctl enable cockpit.socket
> Modify /usr/lib/systemd/system/cockpit.socket and replace the line:
> ListenStream=9090     with
> ListenStream=127.0.0.1:9090
> # systemctl daemon-reload
> # systemctl restart cockpit.socket

OK, so apparently using an override is the right way to resolve this AFTER the fact.  

# systemctl edit cockpit.socket
add:
[Socket]
ListenStream=127.0.0.1:9090

Save and exit

Comment 4 Martin Pitt 2018-11-19 16:18:14 UTC
If you use the .override approach: You need to first reset the existing ListenStream=. Like the above (comment #3) you *additionally* open it on localhost, which doesn't work (the .socket unit will fail to start, as it's already listening everywhere).

So:

[Socket]
ListenStream=
ListenStream=127.0.0.1:9090


Indeed cockpit.socket not enabled by default as it opens a port. Also, services are generally not enabled by default in RHEL (or Fedora), they need to get into that central list of services that do (using systemd presets, I figure?).

I feel like this touches a fairly rigid policy, and I can't decide this by myself. If there's consensus (and maybe even precedent) for this approach, we can certainly do this, although this requires some pondering how exactly to set this up: e. g. cockpit should not ship an override file in /etc by itself, and the dynamic motd/issue message needs to be changed, and we need to document how to enable cockpit on remote interfaces.

I'll start a thread on rhel8-devel@.

Comment 6 Martin Pitt 2018-11-21 09:56:34 UTC
*** Bug 1651621 has been marked as a duplicate of this bug. ***

Comment 7 Martin Pitt 2018-11-23 16:45:22 UTC
For everyone following along here: I have a first proof of concept of how this could look like: http://post-office.corp.redhat.com/archives/rhel8-devel/2018-November/msg00331.html

Comment 8 Martin Pitt 2018-12-03 12:20:31 UTC
I now installed RHEL 8 beta desktop, and I see subscription-manager-cockpit.desktop (shipped by subscription-manager-cockpit RPM). So after the cockpit-desktop work lands, subscription-manager needs to adjust this desktop file to make this all work.

Comment 9 Martin Pitt 2018-12-03 20:31:04 UTC
I got a resounding silence on the ML to my post...

Anyway, https://github.com/cockpit-project/cockpit/pull/10684 provides the mechanics for that. Once that is released, I'll provide a bug and proposed patch for subscription-manager.


Note You need to log in before you can comment on or make changes to this bug.