Professional Documents
Culture Documents
Cee-Rl-802 - Web Console
Cee-Rl-802 - Web Console
Cee-Rl-802 - Web Console
of Contents
Home 1.1
Objectives 1.2
Lab Environment 1.3
Dashboard 1.7.2
System 1.7.3
Logs 1.7.4
Networking 1.7.5
Accounts 1.7.6
Services 1.7.7
SELinux 1.7.12
Terminal 1.7.15
1
Lab 2.8 1.10.8
2
Home
Copyright © 2018 Red Hat, Inc. Red Hat, Red Hat Enterprise Linux, and the Shadowman logo are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in
the United States and other countries. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
3
Objectives
Objectives
On completing this training, you should be able to:
Prerequisites
This training assumes that you have the following prior experience:
Red Hat Certified System Administrator (RHCSA) on Red Hat Enterprise Linux 7, or equivalent experience with RHEL 7
Show transcript
Welcome to this training, RHEL 8 Readiness Training: The RHEL 8 Web Console. On completing this training, you should be able to define the Red Hat Enterprise Linux
8 web console, install and enable the RHEL 8 web console, identify key management areas within the RHEL 8 web console interface, and use the RHEL 8 web console to
perform system administration tasks.
You should also be able to manage virtual machines from the RHEL 8 web console, and add a secondary server to the RHEL 8 web console interface.
This training assumes that you are a Red Hat Certified System Administrator on Red Hat Enterprise Linux 7, or that you have equivalent experience with RHEL 7.
4
Lab Environment
Lab Environment
Successful completion for this training includes hands-on lab activities hosted in a cloud-based lab environment.
PROVIS IONING
(2) On the far left, mouse over S ervices and select Catalogs from the pop-up menu.
(6) Complete the application request: read the Runtime Warning, check the box to confirm the runtime and expiration dates, and select
S ubmit.
(7) Look for information on how to access your lab environment from one of two places:
Information email
Look for an email from Red Hat OPENTLC <noreply@opentlc.com> with the Subject similar to: Your Red Hat OPENTLC service
provision request for OTLC-LAB_COMPLETED has completed. This email may arrive before the environment is ready to use. If
you don't receive this email within 15 minutes, you can generate a new one from OpenTLC: S ervices > Active S ervices > OTLC-
LAB-NAME* > App Control > S tatus > S ubmit
The OpenTLC UI
Look in the Custom Attributes section on the right in OpenTLC: S ervices > Active S ervices > OTLC-LAB-*NAME*
S YS TEM INFO
CLI: root/redhat web UI: Server to be used for the RHEL 8 web
servera.example.com 172.25.250.10
root/RedHat1! console
S S H ACCES S
(1) Use the SSH command shown here to access your environment, modifying the command based on the information you received by
email:
$ ssh flastname-redhat.com@classroom-guid.red.osp.opentlc.com
(2) When prompted, log in to your lab environment using one of these options:
5
Lab Environment
$ ssh flastname-redhat.com@classroom-guid.red.osp.opentlc.com
The authenticity of host 'classroom-guid.red.osp.opentlc.com (169.47.191.199)' can't be established.
ECDSA key fingerprint is SHA256:v01n4XWXr0lphfGpBiSSvbasmrlQZul2ntS8g0Kbmdk.
Are you sure you want to continue connecting (yes/no)? yes
If you need console access to any of the machines in this environment, follow these steps:
(1) Retrieve the Master Console URL from the information email you received on provisioning your lab environment. Look for a line
that's similar to this one:
(2) Open this console URL in your web browser, and select Log in with OpenS hift.
(3) Enter your OpenTLC username and password at the OpenShift login prompt.
(4) If a dialog appears requiring you to Authorize Access for a service account, choose to allow the selected permissions to continue.
(5) Select Access Console for a given virtual machine to open a VNC console session with that system.
(1) Use the same ssh command from your local system as for command line access, but add the argument -CfND 8080
(2) Configure your local web browser to send all web traffic through localhost:8080.
Show transcript
Successful completion for this training includes hands-on lab activities. Use the information on this page to launch you cloud-based lab environment, locate the URLs and
credentials to access that environment, familiarize yourself with the network setup, and use SSH or a local web browser to access lab systems.
6
What is the RHEL 8 web console?
Show transcript
The RHEL 8 web console is a user-friendly web-based interface for administering servers. It allows users to monitor system resources and adjust configuration. This web
console was known as "Cockpit" at the time of the RHEL 8 Beta release, and you will see references to "cockpit" in the web console's package names, service name, and other
artifacts.
Starting with its addition to RHEL 7, the "cockpit" package provides an extensible web console for system administration.
7
Key Benefits
Show transcript
Listed here are the key benefits of using the RHEL 8 web console.
The web console builds on existing functions within RHEL. It has no lock-in, either, so you can use other tools alongside it and switch between tools as needed. The web
console does not need any special infrastructure or configuration, so once it's installed, it's ready to use.
The web console uses no memory or CP U on the server when its idle, a critical detail when performance is a concern.
The web console updates its data to reflect the current state of the server within seconds of server updates. It also stores no data or policy, so system users keep their system-
wide permissions as they use their system credentials to access the web console interface.
The RHEL 8 web console itself is not used for configuration management, but it can interact with configuration management and custom server tools.
8
Install & Enable
Show transcript
This section covers how to install and enable the RHEL 8 web console on a RHEL 8 system.
9
Primary & secondary servers
Show transcript
There are two types of servers from the web console's perspective. A primary web console server is a system that runs the web console service and hosts its web interface.
Secondary web console servers are systems that are administered using that primary web console. It's possible to add one or more secondary servers to the primary server.
This training starts by looking at how to install and enable a primary web console server and how to use its interface. Then it covers how to add a secondary server and
administrate it from the primary.
10
Primary server setup
In a web browser, use the host name and port of the web console server (default port 9090)
From the primary host, you can connect with localhost:9090
Show transcript
To install a primary web console server, you must have RHEL 8 installed, networking enabled on the RHEL 8 system, and that RHEL 8 system registered with a valid
subscription attached.
The steps to set up the web console are to install the "cockpit" packages, open the port for the web console, and start the "cockpit" service. With the service running, you can
connect to the interface from a web browser using the host name and port of the web console server. By default, this port is 9090. When working from that primary host, you
can connect by pointing a web browser to localhost:9090.
11
Lab 1.1
(1) Register and subscribe servera using your personal Red Hat Customer Portal credentials:
NOTE: The cockpit-dashboard package is optional and provides the "Dashboard" tab in the web interface.
(3) Allow external connections to the configured web console port through the firewall:
At this point, the RHEL 8 web console should be installed and running. Continue on to the next page.
Show transcript
This and the next few pages are a guided hands-on lab. Follow the instructions on each page to complete the lab in your lab environment. There will be no audio
accompanying these lab pages.
12
Lab 1.2
[Socket]
ListenStream=
ListenStream=9090
ListenStream=9091
(4) If you have SELinux enabled, change the default SELinux policy to allow the websm_port_t domain to listen on TCP ports 9090 and
9091:
If a port is already defined by some other part of the SELinux policy, use the -m argument instead of -a to modify the definition:
(6) Verify that the configured ports are listening by using netstat:
At this point, you should be able to use the newly assigned port in the web browser. Continue on to the next page.
13
Lab 1.3
Once provisioned by OpenTLC, you will receive an email that will detail the hostnames and services you will use. Specifically, look for
the following snip from opentlc.com:
You can connect to this environment from the following hostnames and services:
- servera-20e6.green.osp.opentlc.com port 22
- servera-20e6.green.osp.opentlc.com port 9091
NOTE: Some services are not available till some minutes after you receive this mail.
The exact hostname will differ slightly from the example above.
(2) Enter the server's hostname and configured web console port in your local browser's address bar:
https://servera-GUID.green.osp.opentlc.com:9091
(3) If you use a self-signed certificate, as in this lab environment, the browser may issue a warning:
When you see this, use your browser's procedure for adding an exception for this certificate. For example, in Firefox, use Advanced >
Add Exception > Confirm Security Exception.
At this point, you should see the login screen for the RHEL 8 web console. Continue on to the next page.
14
Lab 1.4
15
Grade Lab 1
Grade Lab 1
Complete the following on servera.example.com:
(3) Configure the firewall and SELinux to allow external connections to the web console.
(4) Ensure that you can access the web console from your local system using the hostname and port 9091.
After completing these steps, run the grading script as follows on servera.example.com to check your work and get the completion
code. Submit that code as prompted below:
ans: OMIT
Show transcript
Complete the instructions on this page, and submit your completion code as prompted to receive a grade for the activity.
16
Interface Overview
Show transcript
This section provides an overview of the various features and functions within the RHEL 8 web console. We encourage you to look at these in the web console in your lab
environment as we step through them here.
17
Overview
Overview
Watch this video in which Senior Technical Account M anager Brian S mith provides an overview of the RHEL 8 web console (formerly
Cockpit) and its interface. M aximize the video as needed to better see all the details:
18
Dashboard
Dashboard
The Dashboard tab lists all systems that have been added to this primary web console server:
Show transcript
After you log in to the RHEL 8 web console, you should see the "Dashboard" page showing a list of all systems that have been added to this primary web console server.
When you select a system in the list, you should see tabs across the top where you can view CP U usage, memory usage, disk I/O, and network traffic.
From here, you can select a system in the list and open a submenu on the left that branches off the server icon on that left-side menu. In your lab's web console interface, go
ahead and select the primary host, servera, and expand that submenu before going on to the next page.
19
System
System
The System tab for a system shows a summary of information about the selected system:
Show transcript
The "System" tab for a system shows a summary of information about the selected system. This includes CP U usage, memory usage, disk I/O, and network traffic. Is also
shows the hardware and operating system details for the system. In your lab's web console, after you select servera, be sure the "System" tab is selected to see details about
this system that's currently running the "cockpit" service.
20
Logs
Logs
The Logs tab for a system shows messages produced by the systemd journal, with the most recent entry first and options to filter
entries by type:
Show transcript
The "Logs" tab for a system displays the messages produced by the systemd journal, including errors, warnings, and notices. This log output is similar to the output of the
journalctl command. The log displays the newest entries first, and the interface has options to filter log entries by type.
In your own web console, click the "Logs" tab to view the logs for your servera system. If desired, experiment with the filter tool.
21
Networking
Networking
The Networking tab for a system shows a summary of the network interfaces on the system, graphs of sent and received data,
management options, and network-related logs:
Show transcript
The "Networking" tab for a system shows a summary of the network interfaces on the system and graphs of sent and received data. Notice that there are some options for
managing some of the network settings for the system, including firewall rules. Network-related logs are displayed at the bottom of the page.
Click the "Networking" tab in your lab's web console to see what this looks like first hand. Feel free to explore the features here, though use discretion to ensure you do not
disrupt your lab experience.
22
Accounts
Accounts
The Accounts tab for a system shows which administrative and other users have accounts on the system, and an option to create a new
user account:
Show transcript
The "Accounts" tab for a system shows which administrative and other users have accounts on the system. There is also an option to create a new user account.
Click the "Accounts" tab in your lab's web console. There, try adding a new user account to experience what this is like within the web console interface.
23
Services
Services
The Services tab for a system lists the systemd services running on that system along with other systemd features:
Show transcript
The "Services" tab for a system shows the systemd services running on that system. You can see which are active and enabled or inactive. You can also see other systemd
features, such as targets, sockets, timers, and paths.
Click the "Services" tab in your lab's web console to see what's active and inactive on your servera system.
24
Service details
Service details
Select a service to view its details, to stop or start it, and to enable or disable it:
Show transcript
Click a service's name from the "Services" tab to see details about that service. Notice that you can also stop or start a service, and you can enable or disable it, all from here
in the web console.
If you want to try this feature, be sure to select a system service that you know will not disrupt your use of the web console, such as the NTP client/server service shown in
the image here.
25
Diagnostic Reports
Diagnostic Reports
The Diagnostic Reports feature in the web console collects system configuration and diagnostic data using sosreport:
Show transcript
The "Diagnostic reports" feature of the web console collects system configuration and diagnostics data using the Sosreport utility. It prepares this report in the .xz
compressed format you're familiar with when working with Sosreport.
In your lab's web console, click the "Diagnostic Reports" tab, and then click "Create Report" to start generating a new report. While that's working, go on to the next page.
26
Download diagnostics
Download diagnostics
After you create a new diagnostic report, use the interface to download the report to your local system:
Show transcript
After you create a new diagnostic report, use the interface to download the report to your local system. In your lab's web console, when you see this modal dialog stating
that the report is done, click "Download report" to download it. If you have time, feel free to open and examine the report, and compare it to what you are used to seeing from
Sosreport.
27
Kernel Dump
Kernel Dump
Use the Kernel Dump tab to check the kdump status and test kdump configuration:
Show transcript
Is kdump configured and running on the system? Use the "Kernel Dump" tab to check, and to verify the configured crash kernel size and save location. Also use this page to
test the kdump configuration.
For now, skip exploring this feature further in your lab environment. When you finish this training, feel free to return to this tab to experiment.
28
SELinux
SELinux
Use the SELinux tab to check whether SELinux is set to "enforcing" its policy, and to view access control errors:
Show transcript
Use the "SELinux" tab to check whether SELinux is set to "enforcing" its policy, and to view access control errors. Check the "SELinux" tab now in your lab's web console
before going on to the next page.
29
SELinux access errors
Show transcript
Click on an error on the SELinux page to see detailed information about it along with a proposed solution and the audit log entry. If you have an error in your lab's web
console, take time to view that now.
30
Subscriptions
Subscriptions
The Subscriptions tab confirms system registration, shows the attached subscriptions on the system, and lists the installed Red Hat
products.
For more about System Purpose, see RHEL 8 Readiness Training: Beta overview (CEE-RL-801)
Show transcript
The "Subscriptions" tab confirms system registration, shows the attached subscriptions on the system, and lists the installed Red Hat products. There is a button included to
register the system if it not yet registered.
The "System P urpose" is a new Anaconda-related feature in RHEL 8, introduced in our Beta overview training from the time of the Beta release. Look to that training for more
information about these System P urpose fields.
In your lab's web console, click the "Subscriptions" tab to see whether the servera system is registered, what subscriptions are attached, and what products are installed.
31
Terminal
Terminal
The Terminal tab for a system opens an in-browser terminal with a command line session to that system (as the current user):
Show transcript
The "Terminal" tab for a system opens an in-browser terminal with a command line session to that system. In this shell, you can run commands as the user you're currently
signed in as. For example, as root, you could run the systemctl start or yum install commands that you might run if you were signed in directly on the system or using SSH.
Click the "Terminal" tab in your lab's web console, and take a moment to experiment with using this in-browser terminal.
32
Enable Features with Plugins
Add more web console features by installing other cockpit- packages (available in RHEL 8):
cockpit-tests
cockpit-composer
cockpit-doc.noarch
cockpit-session-recording
cockpit-machines
cockpit-machines-ovirt
Note
After installing certain plugins, you may need to restart the cockpit service to load those plugins into the interface. Restarting the service
from the web console disconnects you from the interface, but you can reload the page and sign in again after the service is restarted.
Show transcript
The RHEL 8 web console is considered "pluggable," meaning its basic functions can be extended by adding plugins. You can add these plugins to the web console by
installing other packages that start with the "cockpit" string. Shown here is a list of the plugins currently available with the release of RHEL 8.
Note that after you install certain plugins, you may need to restart the "cockpit" service to load those plugins into the interface. Restarting the service from the web console
itself will disconnect you from the interface, but you can reload the page and sign in again after the service is restarted.
Next let's take a closer look at a couple of the plugins available for the RHEL 8 web console. Some others, like the Image Builder, have dedicated training modules within
this RHEL 8 Readiness Training series.
33
Storage Plugin
Storage Plugin
Install the plugin to monitor and manage storage on a system:
After the install, log out of the web console interface, and log in again.
To see this plugin in action, generate some writes on the system and monitor the storage:
Show transcript
In your lab's web console, use the terminal to install the "cockpit" storage plugin as shown here. After the install, log out of the web console, and log in again. That should
refresh the interface, allowing a new Storage tab to appear for your servera system.
Navigate to that "Storage" tab for servera. From that tab, you can view storage usage, monitor storage-related activity, and view storage events in logs.
From the "Terminal" tab, use the loop command on this page to generate some storage traffic that you can monitor here. Then, wait for a short time for this traffic to appear in
the "Storage" tab. You should see a spike within the "Writing" graph.
34
Virtualization Plugins
Virtualization Plugins
In RHEL 8:
The web console is the default graphical management tool for virtual machines.
Virtual M achine M anager has been deprecated, but it is still supported.
Watch this video in which Brian Smith (Senior TAM ) provides an overview of managing virtual machines from the web console
(formerly Cockpit). M aximize the video as needed to better see all the details:
Show transcript
In RHEL 8, the web console is the default graphical management tool for virtual machines. Virtual Machine Manager has been deprecated, but it is still supported in RHEL
8.
Watch this video in which Brian Smith provides an overview of managing virtual machines from the web console, formerly Cockpit. The lab activity that follows offers
hands-on experience with this, also, and features adding a secondary web console server to your primary.
35
Lab 2.1
(2) After the install, log out of the web console, and log in again.
(3) Confirm that a Virtual Machines tab appears on the left side of the console interface.
Show transcript
Complete the guided lab on this and the next several pages using your lab environment. Read through each step to learn the technical details about each activity. There will
be no accompanying audio for these pages.
36
Lab 2.2
(1) Install the packages in the virtualization module (the Yum module named virt):
(2) Use virt-host-validate to verify that your system is prepared to be a virtualization host:
If all virt-host-validate checks return a PASS value, your system is prepared for creating virtual machines.
If any of the checks return a FAIL value, follow the displayed instructions to fix the problem.
If any of the checks return a WARN value, consider following the displayed instructions to improve virtualization capabilities.
You can ignore the IOM M U support warning.
37
Lab 2.3
(2) Click the S torage Pools tab in the top left corner.
(4) Enter the details as shown here. Use /vm as the target path because we've provided a QCOW2 image in that directory for use in this
lab:
38
Lab 2.4
(2) In the Create New Virtual Machine dialog box, enter the details as shown here:
How can I select an existing image disk to boot up or create a VM in cockpit UI?
machines: add support for existing disk as installation mode for new VM s #11206](GitHub)
39
Lab 2.5
Keep in mind:
(2) Delete the default image by clicking on the "-" icon on the right side.
(3) Click Add Disk, and select Use Existing for Source.
(4) For Pool, select vmpool, and confirm that the testvm1.qcow2 is automatically selected.
40
Lab 2.6
(2) In the Console tab, confirm that the system has booted with the ISO image, and that it has an option to install the VM .
(3) Because you're using a prebuilt qcow2 image (testvm1.qcow2), select Troubleshooting and press Enter.
(4) From the Troubleshooting sub-menu select Boot from local drive and press Enter.
41
Lab 2.7
Username: root
Password: RedHat1!
To add this VM as a secondary server in Cockpit, you'll need to install the cockpit package.
42
Lab 2.8
(1) From the Dashboard tab, next to the system name, click the plus (+) button.
(2) Enter the IP of the server your adding (192.168.122.167), and select a color label for it.
(4) You may see this message because this is the first time you are making SSH connection with this host:
The authenticity of host 192.168.122.167 can't be established. Are you sure you want to continue connecting?
(5) When prompted, sign in to the system with your user name (root) and password (RedHat1!) for testvm1.example.com:
Now you should be able to manage the testvm1 system from the web console on servera.
43
Lab 2.8
44
Grade Lab 2
Grade Lab 2
Find the completion code in the grade2 file on testvm1.example.com. Submit that code as prompted below:
ans: OMIT
Practice installing one or more RHEL 8 VMs using the web console.
Use the provided ISO image under /mnt on servera.example.com.
Show transcript
Find the completion code in the "grade2" file on "testvm1," and submit that code as prompted here to receive a grade for this activity.
After you complete this lab activity, practice installing one or more RHEL 8 VMs using the web console. To do this, use the provided ISO image under /mnt on the "servera"
system.
45
Resources & Feedback
Resources
M anaging Systems Using the Cockpit Web Interface (RHEL 8 Beta)
Cockpit Project
How can I select an existing image disk to boot up or create a VM in cockpit UI?
machines: add support for existing disk as installation mode for new VM s #11206 (GitHub)
RHEL 8 Beta - Web Console (Cockpit) Interface Overview - by Brian Smith (YouTube)
RHEL 8 Beta - M anaging Virtual M achines From the Web Console Interface - by Brian Smith (YouTube)
Feedback
Thank you for taking time to provide you feedback on this training using the form below.
How likely are you to recommend this training module to other associates?
Submit FeedbackReset
46