Automate the Installation of Cockpit Using CloudRay

Automating Cockpit deployment on Rocky Linux 9 ensures consistent, secure server management with minimal manual intervention. CloudRay simplifies this process by handling dependencies, configurations, and security hardening through scripted workflows.

This guide walks through automating Cockpit setup with SSL encryption and firewall rules using CloudRay.

Contents

Adding Servers to CloudRay

Before getting started with your automation, make sure your target servers are connected to CloudRay. If you haven’t done this yet, follow our servers docs to add and manage your server

NOTE

This guide uses Bash scripts, providing a high degree of customisation. You can adapt the scripts to fit your specific Installations needs and environment. Additionally, if you’re using a different version or a different distribution, adjust the commands accordingly

Create the Automation Script

To automate the installation of Cockpit, you will need two Bash scripts:

  1. Install Cockpit Script: This script installs and setup cockpit
  2. Secure Cockpit Script: This script configures firewall rules, enables HTTPS encryption with Let’s Encrypt certificates, and secures remote access to the Cockpit web interface

Let’s begin with the installation of Cockpit.

Install Cockpit Script

To create the Install Cockpit Script, you need to follow these steps:

Screenshot of adding a new install script
  1. Go to Scripts in your CloudRay project
  2. Click New Script
  3. Name: Install Cockpit Script. You can give it any name of your choice
  4. Copy this code:
#!/bin/bash

# Exit on Error
set -e

# Update system
sudo dnf update -y

# Install Cockpit
sudo dnf install cockpit -y

# Enable and start Cockpit service
sudo systemctl enable cockpit.socket
sudo systemctl start cockpit

# Check Cockpit status
sudo systemctl status cockpit

# Create an admin user for Cockpit
sudo adduser {{admin_user}}
echo "{{admin_pass}}" | sudo passwd {{admin_user}} --stdin
sudo usermod -aG wheel {{admin_user}}

echo "Cockpit installation and basic setup completed!"

Here is a breakdown of what each command in the Install Cockpit Script does:

  • Updates all installed packages to the latest version
  • Installs Cockpit and dependencies
  • Creates a privileged user with variables for credentials

Secure Cockpit Script

Next, you need secure the Cockpit installed on your server. To do so, follow similar steps as the above:

Screenshot of securing cockpit
  1. Go to Scripts > New Script
  2. Name: Secure Cockpit Script
  3. Add code:
#!/bin/bash

# Exit on error
set -e

# Install Firewalld
sudo dnf install firewalld -y
sudo systemctl start firewalld
sudo systemctl enable firewalld

# Configure firewall rules
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --permanent --add-port=9090/tcp
sudo firewall-cmd --reload

# Install EPEL and Certbot
sudo dnf install epel-release -y
sudo dnf install certbot -y

# Obtain SSL certificate
sudo certbot certonly --standalone -d {{domain}} -m {{email}} --agree-tos --no-eff-email --non-interactive

# Test certificate renewal
sudo certbot renew --dry-run

# Link SSL certificates to Cockpit
sudo ln -sf /etc/letsencrypt/live/{{domain}}/fullchain.pem {{cockpit_cert_dir}}/certificate.cert
sudo ln -sf /etc/letsencrypt/live/{{domain}}/privkey.pem {{cockpit_cert_dir}}/certificate.key

# Restart Cockpit to apply SSL
sudo systemctl restart cockpit

echo "Cockpit security configuration completed!"

This is what the Secure Cockpit Script does:

  • Install and configures firewall rules
  • Sets up Let’s Encrypt SSL certificates
  • Enforces HTTPS for Cockpit’s web interface

Create a Variable Group

Now, before running the scripts, you need to define values for the placeholders {{admin_user}}, {{admin_pass}}, {{domain}}, {{email}}, and {{cockpit_cert_dir}} used in the scrips. CloudRay processes all scripts as Liquid templates. This allows you to use variables dynamically across different servers.

Screenshot of adding a new variable group

To ensure that these values are automatically substituted when the script runs, follow these steps to create a variable Group:

  1. Navigate to Variable Groups: In your CloudRay project, go to “Scripts” in the top menu and click on “Variable Groups”.
  2. Create a new Variable Group: Click on “Variable Group”.
  3. Add the following variables:
  • admin_user: The username for the Cockpit administrator account
  • admin_pass: The password for the Cockpit administrator account
  • domain: The registered domain name for SSL certificate configuration
  • email: The email address associated with the SSL certificate (used for renewal alerts)
  • cockpit_cert_dir: The directory path where Cockpit stores its SSL certificates

Since the variables are setup, proceed to run the scripts with CloudRay.

Running the Scripts to Install Cockpit with CloudRay

Now that everything is setup, you can use CloudRay to automate the installation of Cockpit.

You can choose to run the scripts individually or execute them all at once using CloudRay’s Script Playlists. Since there are multiple scripts, using CloudRay playlists will help automate the execution sequence and save time.

Here are the steps to follow:

  1. Navigate to “Script Playlists”: Click on the Scripts tab in the CloudRay interface
Locate the script playlist in CloudRay interface
  1. Click “Add Script Playlist”: This initiates the creation of a new playlist
  2. Provide a Name: Give your playlist a unique name (For example “Automate Cockpit Deployment and Management”)
  3. Add Scripts in Order: Select and add the scripts sequentially
Locate the script playlist in CloudRay interface
  1. Save the Playlist: Click “create playlist” to store your new playlist.

Once your script playlist is created, proceed with execution:

  1. Navigate to Runlogs: In your CloudRay project, go to the Runlogs section in the top menu.
  2. Create a New Runlog: Click on New Runlog.
  3. Configure the Runlog: Provide the necessary details:
Screenshot of creating a new runlog
  • Server: Select the server where Cockpit will be installed
  • Script Playlist: Choose the playlist you created (For example “Automate Cockpit Deployment and Management”)
  • Variable Group: Select the variable group you set up earlier
  1. Execute the Script: Click on Run Now to start the execution
Screenshot of the result of all the script from the script playlist

Once the script runs successfully, your Cockpit will be fully deployed. You can now visit your Cockpit using your domain on port 9090 (https://cockpit.mydomain.com:9090).

Screenshot of the output on the browser

Your Cockpit is now deployed and managed with CloudRay.

Troubleshooting

If you encounter issues during Cockpit installation or setup, consider the following:

  • Cockpit Web Interface Not Loading:: Check if the Cockpit service is running with sudo systemctl status cockpit.socket and restart it using sudo systemctl restart cockpit.socket
  • SSL Certificate Errors: Verify certificate validity with sudo certbot certificates and renew if needed using sudo certbot renew
  • Firewall Blocking Access: Ensure port 9090 is open by running sudo firewall-cmd --list-ports | grep 9090 and add it if missing: sudo firewall-cmd --add-port=9090/tcp --permanent && sudo firewall-cmd --reload

If the issue persists, consult the official Cockpit documentation for further assistance.

Get Started with CloudRay