CentOS 8

Background

In this lab we used nmcli, realmd, and cockpit on a CentOS 8 server. Though the point of this lab was to work with CentOS 8 some of the information can be transferred to other Linux distros as show in the lab. For this lab we used a total of three virtual machines running different OS, CentOS 8 (obviously), CentOS 7, and Ubuntu 20.04.

NMCLI

Nmcli is the command line tool for controlling Network Manager. Network manager ships by default with CentOS 8 so its good to know how to use it. In this lab we only used a basic function of nmcli, changing the systems IP address. To do this we ran nmcli con show to list the current network adapter connections. The command can also be written nmcli connection show. If you need to view inactive interfaces as well you can run nmcli dev status. Once you identify the interface you wish to change you can run nmcli con mod $InterfaceName ipv4.addresses $IP/Subnet where $InterfaceName is the interface name you got from the first nmcli command and $IP/Subnet is the IP address in CDIR notation. If you need to change the default gateway you can run nmcli con mod $InterfaceName ipv4.gateway $IP . Finally if you need to update the DNS server you can run nmcli con mod $InterfaceName ipv4.dns "$DNS_Server" where $DNS_Server is the IP of your DNS server. If your server was set to use DHCP you will need to change that to static by running nmcli con mod enps03 ipv4.method manual. Once you run all those commands run nmcli con up $InterfaceName to apply the changes.

REALMD

To connect a Linux system to a Windows Active Directory Domain you will need to use realmd. Realmd will allow you to use Active Directory as an identity source for your Linux systems which can help with user management and permissions. I have already covered realmd for another wiki entry and that information can be found here. Though it has already been covered in another entry I will cover some of the basics. To install realmd on CentOS 8 you need to run sudo yum install realmd -y. Once realmd is installed run realm join -U $Username $Domain to join an Active Directory Domain. For example if I wanted to join the dylan.local domain and my admin account was called admin01 I would run realm join -U admin01 dylan.local then I would put the password for my admin user when prompted. If I want to allow domain users to have sudo privileges through an AD account I would need to adjust the /etc/sudoers file. To do this run visudo and then under the group section add the following %$Domain\\$Group ALL=(ALL) ALL. If you want to use a group name that has a space you need to use %$Domain\\$Group\ $Group. If I wanted to give the Domain Admins group on dylan.local access to sudo I would put %dylan.local\\Domain\ Admins ALL=(ALL) ALL.

Cockpit

Cockpit is a web GUI for Linux servers. Though cockpit is labeled as being for "CentOS- or RHEL-based servers" it can be installed on any Linux system. Below you will find the installation methods for installing cockpit on different operating systems. Cockpit is similar to Windows Server Manager and Windows Admin Center.

CentOS

On CentOS 8 cockpit comes installed on the system by default. However just because it is installed doesn't mean it is running. If you are using CentOs 8 you can enable and start cockpit by running systemctl enable --now cockpit.socket as root. This will enable the service and start the service with one command. If you are on an older version of CentOS you will need to install cockpit before enabling it. To install cockpit you will need to run sudo yum install cockpit cockpit-machines. Note on newer CentOS installations dfn replaces yum. Once you install the package you can run the enable command. If you have a firewall enabled you will need to allow port 9090 through the firewall. On CentOS you can run firewall-cmd --add-service=cockpit--permanent and then firewall-cmd --reload to add the rule and apply the updated rule.

Ubuntu

On Ubuntu the process is quite similar to on CentOS. Version 17.04 and above have support for cockpit by default. If you are on a newer version you can simply run sudo apt install cockpit cockpit-machines. Again just like on CentOS having the package installed doesn't mean its running. Run systemctl enable --now cockpit.socket to start and enable the service. Once you have the service add any firewall rules if necessary. If you are using ufw you will need to run the following commands, ufw allow 9090/tcp and ufw reload. From there you should have cockpit all set up on Ubuntu.

Managing Multiple Hosts

In the cockpit web GUI you can add multiple host by selecting dashboard, then the blue plus button next to servers. From there you will put the hostname of the server or IP address. You may be prompted to trust the key for the server, that's fine. You should be able to manage the server now. If you get an authentication error make sure you logged into the cockpit web GUI with an account that has access to both servers and that you check the box that says "Reuse my password for privileged tasks". Either that or you can configure SSH keys.