diff options
| -rw-r--r-- | README.md | 5 | ||||
| -rw-r--r-- | deploy.yml | 23 | ||||
| -rw-r--r-- | templates/bootcblade.containerfile.j2 | 2 |
3 files changed, 23 insertions, 7 deletions
@@ -120,5 +120,10 @@ There was some advice in that thread about using the containerized version of `` and not baked into the image. [https://quay.io/repository/cockpit/ws](https://quay.io/repository/cockpit/ws) +Using this containerized version of ```cockpit-ws``` also brought problems, using the privileged container caused mount points to be held inside the container. +This meant once the container started, ZFS datasets could not be deleted since they were still "mounted" inside the container. To workaround this bastion mode +is being used instead. That means to login to Cockpit you have to use the host ```host.containers.internal```. SSL certificates can still be added to the +```/etc/cockpit/ws-certs.d``` directory - it is mounted into the container. + This also explains why I'm using rpm vs dnf to install the 45Drives Cockpit packages - they have a dependency on ```cockpit-ws``` that I need to override. Once the official ```cockpit-files``` package is released I will be using that instead of ```cockpit-navigator```. @@ -103,14 +103,25 @@ - "bootc-fetch-apply-updates.timer" - "bootc-fetch-apply-updates.service" - - name: Install container-based cockpit-ws - ansible.builtin.shell: "podman container runlabel INSTALL quay.io/cockpit/ws systemctl enable cockpit.service" + - name: Generate quadlet file for cockpit-bastion + ansible.builtin.shell: "podman run --rm -it ghcr.io/containers/podlet -i podman run --rm -d --name cockpit-bastion -p 9090:9090 -v /etc/cockpit/ws-certs.d/:/etc/cockpit/ws-certs.d/:rw,Z quay.io/cockpit/ws" + register: cockpit_bastion_quadlet - - name: Enable and start container-based Cockpit - ansible.builtin.systemd: - name: "cockpit.service" + - name: Install quadlet file for cockpit-bastion + ansible.builtin.copy: + content: "{{ cockpit_bastion_quadlet.stdout }}" + dest: "/etc/containers/systemd/cockpit-bastion.container" + + - name: Create SSL certificate directory for cockpit-ws + ansible.builtin.file: + path: "/etc/cockpit/ws-certs.d" + state: directory + + - name: Start cockpit-bastion service + ansible.builtin.systemd_service: + name: "cockpit-bastion.service" state: "started" - enabled: true + daemon-reload: true vars: ansible_user: "root" tags: configure diff --git a/templates/bootcblade.containerfile.j2 b/templates/bootcblade.containerfile.j2 index 3dfdb32..a366bd1 100644 --- a/templates/bootcblade.containerfile.j2 +++ b/templates/bootcblade.containerfile.j2 @@ -16,7 +16,7 @@ RUN dnf -y install epel-release git && \ # KVM & Cockpit RUN echo "qemu:x:107:107:qemu user:/:/sbin/nologin" >> /etc/passwd && \ dnf -y install qemu-kvm libvirt virt-install virt-viewer && \ - dnf -y install cockpit-bridge cockpit-machines cockpit-pcp cockpit-podman cockpit-storaged cockpit-system cockpit-navigator cockpit-selinux cockpit-ostree centos-logos && \ + dnf -y install cockpit-bridge cockpit-machines cockpit-pcp cockpit-podman cockpit-storaged cockpit-system cockpit-navigator cockpit-selinux cockpit-ostree && \ systemctl enable libvirt-guests && \ dnf clean all |