1651264 – provide better desktop integration

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1651264 - provide better desktop integration

Summary: provide better desktop integration

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	cockpit
Sub Component:
Version:	8.0
Hardware:	All
OS:	All
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	8.0
Assignee:	Martin Pitt
QA Contact:	Jan Ščotka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1635157 1651621
TreeView+	depends on / blocked

Reported:	2018-11-19 14:57 UTC by Scott Herold
Modified:	2019-06-11 08:34 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-05-23 11:52:58 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Scott Herold 2018-11-19 14:57:24 UTC

Description of problem:
In a Workstation install, launching Subscription Manager's GUI client from gnome opens a firefox window and attempts to load the cockpit interface.  The browser throws an error with zero indication as to why.  People unfamiliar with cockpit (as it's new as a default in RHEL 8), will have no idea that port 9090 is cockpit.

Version-Release number of selected component (if applicable):
8.0 Beta

How reproducible:
Always

Steps to Reproduce:
1. Login to gnome session
2. Run Red Hat Subscription Manager from app menu
3. Error

Actual results:
Error with page unable to load

Expected results:
Visibility of the subscription manager ui in cockpit

Additional info:
cockpit.socket could be enabled by default, but locked to locahost.  This would be a better experience for users.  Documentation for enabling remote management should also be included.

Comment 1 Scott Herold 2018-11-19 15:12:40 UTC

Steps I took to provide a better OOTB experience without sacrificing security by opening 9090 to the world:

# systemctl enable cockpit.socket
Modify /usr/lib/systemd/system/cockpit.socket and replace the line:
ListenStream=9090     with
ListenStream=127.0.0.1:9090
# systemctl daemon-reload
# systemctl restart cockpit.socket

Comment 2 Mark Thacker 2018-11-19 15:38:01 UTC

Additionally, the need to turn on cockpit is supposed to be documented in /etc/issue, to be seen when a customer logs into the CONSOLE of the system.

HOWEVER, this file is not displayed for a customer of a Workstation or GUI Server installation. Thus, there is no way for a user to know that they must turn on cockpit.

Hence, Scott's suggestion very solution seems very valid : Enable cockpit on the localhost interface to allow immediate first-boot use of the subscription manager Cockpit GUI.

Comment 3 Scott Herold 2018-11-19 15:59:05 UTC

(In reply to Scott Herold from comment #1)
> Steps I took to provide a better OOTB experience without sacrificing
> security by opening 9090 to the world:
> 
> # systemctl enable cockpit.socket
> Modify /usr/lib/systemd/system/cockpit.socket and replace the line:
> ListenStream=9090     with
> ListenStream=127.0.0.1:9090
> # systemctl daemon-reload
> # systemctl restart cockpit.socket

OK, so apparently using an override is the right way to resolve this AFTER the fact.  

# systemctl edit cockpit.socket
add:
[Socket]
ListenStream=127.0.0.1:9090

Save and exit

Comment 4 Martin Pitt 2018-11-19 16:18:14 UTC

If you use the .override approach: You need to first reset the existing ListenStream=. Like the above (comment #3) you *additionally* open it on localhost, which doesn't work (the .socket unit will fail to start, as it's already listening everywhere).

So:

[Socket]
ListenStream=
ListenStream=127.0.0.1:9090


Indeed cockpit.socket not enabled by default as it opens a port. Also, services are generally not enabled by default in RHEL (or Fedora), they need to get into that central list of services that do (using systemd presets, I figure?).

I feel like this touches a fairly rigid policy, and I can't decide this by myself. If there's consensus (and maybe even precedent) for this approach, we can certainly do this, although this requires some pondering how exactly to set this up: e. g. cockpit should not ship an override file in /etc by itself, and the dynamic motd/issue message needs to be changed, and we need to document how to enable cockpit on remote interfaces.

I'll start a thread on rhel8-devel@.

Comment 5 Martin Pitt 2018-11-19 16:39:19 UTC

http://post-office.corp.redhat.com/archives/rhel8-devel/2018-November/msg00277.html

Comment 6 Martin Pitt 2018-11-21 09:56:34 UTC

*** Bug 1651621 has been marked as a duplicate of this bug. ***

Comment 7 Martin Pitt 2018-11-23 16:45:22 UTC

For everyone following along here: I have a first proof of concept of how this could look like: http://post-office.corp.redhat.com/archives/rhel8-devel/2018-November/msg00331.html

Comment 8 Martin Pitt 2018-12-03 12:20:31 UTC

I now installed RHEL 8 beta desktop, and I see subscription-manager-cockpit.desktop (shipped by subscription-manager-cockpit RPM). So after the cockpit-desktop work lands, subscription-manager needs to adjust this desktop file to make this all work.

Comment 9 Martin Pitt 2018-12-03 20:31:04 UTC

I got a resounding silence on the ML to my post...

Anyway, https://github.com/cockpit-project/cockpit/pull/10684 provides the mechanics for that. Once that is released, I'll provide a bug and proposed patch for subscription-manager.

Note You need to log in before you can comment on or make changes to this bug.