Beyond a “single pane of glass”
Managing machines from the outside is usually adequate, but sometimes it’s best to log into the machine itself and have a look around. Cockpit excels in this task. In fact, both ManageIQ and Foreman have Cockpit integration built-in.
Machine management software already has administrative access over the machines (both virtual and on bare metal), so there should not be a need to type credentials a second time.
Indeed, ManageIQ currently opens Cockpit in a seamless manner, using OAuth and external authentication helpers, all without requiring additional username and passwords.
Foreman currently does not have a seamless handover; it simply provides a standard link. As a result, when Foreman opens Cockpit, you’re greeted with the log in page.
How can we improve Foreman?
It would be ideal for Foreman to also have seamless Cockpit integration.
- As a first step, I have written a prototype based on what I have figured out so far in a
- Additionally, I have also written a version that uses a reverse proxy on the
nginxedbranch. This approach is altogether nicer — but, before it works, we need to fix a Cockpit bug (#9237).
Test it out
If you are using Foreman to manage your machines and would seamless credentials handover, we welcome you to try out the above code — and please let us know how it works for you!