RHEL 8 New Features for Experienced Linux Administrators

The web console is already installed on the system, but it is not activated. Use the systemctl enable --now cockpit.socket command to enable the web console.

[root@servera ~]# systemctl enable --now cockpit.socket
Created symlink /etc/systemd/system/sockets.target.wants/cockpit.socket -> /usr/lib/systemd/system/cockpit.socket.

On workstation, open Firefox and log in to the web console interface running on servera.lab.example.com system as the student user with student as password.

1. Open Firefox and go to the https://servera.lab.example.com:9090 address.

2. Accept the self-signed certificate by adding it as an exception.

3. Log in as student user with student as password.

   You are now logged in as a normal user, with only minimal privileges.

4. Click Terminal in the left navigation bar to access the terminal.

   A terminal session opens with the student user already logged in. Type in the id command to confirm that you are able to use the terminal remotely from a browser session.

   [student@servera ~]$ id
   uid=1000(student) gid=1000(student) groups=1000(student),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0
   

5. Click Accounts in the left navigation bar to manage users.

   Notice that the student user is not permitted to create new accounts.

6. Click the Student User link.

   On the student user's account details page, notice that the user is only permitted to set a new password, or to add authorized SSH public keys.

7. Click the Student User drop-down menu in the upper right corner. From the drop-down menu, choose Log Out

Log back in to the web console as the student user with student as password, but this time select the Reuse my password for privileged tasks checkbox.

Notice that the student user is now a Privileged user. Some of the previously unavailable administrative tasks are now available and can be executed using the sudo mechanism. For example, return to Accounts to notice that you are now allowed to create new accounts.

Click System in the left navigation bar to access the system's statistics.

This page shows you some of the basic operating system statistics, such as current load, disk usage, disk I/O, and network traffic.

Click Logs in the left navigation bar to access system's logs.

This page shows you the systemd system logs. You can choose the date that you want to access the logs from as well as the type of severity of the log entries you look for.

1. Click the Severity drop-down menu, and choose Everything.

2. Review the log entries for your current day of the month, and click on the one you want to view. A log entry detail page opens with additional information about the event. It shows you, for example, the host name, or the SELinux context, or the PID number of the process that the entry corresponds to.

Click Networking in the left navigation bar.

This page shows you the details of the current network configuration for servera, as well as real-time network statistics, firewall configuration, and log entries related to networking.

1. Click the Firewall link.

2. Click Add Services....

3. In the Add Services window, click the checkbox for Red Hat Satellite 6 service.

4. Click Add Services to add this service to the firewall configuration.

   Notice that the Red Hat Satellite 6 service was added to the list of allowed services.

5. In the same line as the Red Hat Satellite 6 service, click the trash icon to remove the service from the firewall configuration.

   Notice that the service was removed without asking for confirmation.

Click Networking in the left navigation bar.

Notice that in the Interfaces section you can add bonding, teaming, bridging, or a VLAN to that server.

1. Click the available network interface name (for example, ens3).

   A details page opens to show real-time network statistics, and the network interface current configuration.

2. Click the Address 172.25.250.10/24 via 172.25.250.254 link.

   A new window opens to change the network interface configuration.

Add a second IP address to the interface identified in the previous step.

1. In the new IPv4 Settings window, click + next to Manual.

2. In the Address text box, enter 172.25.250.99 as the second IP address.

3. In the Prefix length or Netmask text box, enter 24 as the netmask value.

4. Click Apply to save the new network configuration.

   The new configuration is immediately applied. The new IP address is visible in the IPv4 line.

Click Accounts in the left navigation bar.

1. Click Create New Account.

2. In the new Create New Account window, fill in the details as follows:

   Field	Value
   Full Name	Sam Simons
   User Name	ssimons
   Password	redh@t123
   Confirm	redh@t123

3. Click Create.

Click Services in the left navigation bar.

1. Scroll down the list of System Services. Find and click the Software RAID monitoring and management link.

   To find the required service within Firefox, search for text using Ctrl+F.

   The service's details page shows that it is inactive.

2. Click Start to start the service.

   The reason this service fails to start is the missing /etc/mdadm.conf configuration file.

3. In the left pane, click Services.

4. Scroll down the list of System Services. In the Disabled section, find and click the Kernel process accounting link.

5. Click Enable.

6. Click Start.

   The service is now enabled and active. This service performs a one-time change. It starts and then exits.

Click Diagnostic Reports in the left navigation bar.

1. Click Create Report and wait for the report to be created (it takes up to two minutes to finish).

2. When the report is ready, click Download report, followed by Save File.

3. Click Close.

Click SELinux in the left navigation bar.

Notice the SELinux access control errors. Depending on the current environment, there might not be any errors present. If not, proceed with the next step.

Click on any of the reported errors to access detailed information about the event.

In the details section for each event, follow the suggested solution to solve the problem, or click on the trash icon to delete the entry from the list, as well as find the original audit log entry for that event.

Add a remote system to the web console dashboard.

1. Click Terminal in the left navigation bar.

   On servera.lab.example.com install the cockpit-dashboard package.

   [student@servera ~]# sudo yum install cockpit-dashboard
   [sudo] password for student: student
   ...output omitted...
   Is this ok [y/N]: y
   ...output omitted...
   

2. Log out from the web console interface. Log in again as the student user with student as password with the privileged user checkbox marked.

   In the left navigation bar there is now a new section representing the Dashboard.

3. Click Dashboard in the left navigation bar.

   It shows real-time graphs for various statistics from servera.lab.example.com.

4. Click +.

5. In the Add Machine to Dashboard window, enter the serverb.lab.example.com host name.

6. Click Add.

7. In the Unknown Host Key window click Connect.

   There are now two hosts in the Dashboard. Use the same web console interface running on servera.lab.example.com to make changes to serverb.lab.example.com. To switch to a different server, click the name of the desired server from the Servers list in the Dashboard.

Log off from the web console interface.

Log off from servera.

[root@servera ~]# exit
[student@workstation ~]$