firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity

docs: Add comprehensive Cockpit access decision document for Holly

Browse Source 
Created detailed analysis document to help Michael decide whether to grant
Holly Cockpit access to TX1/NC1 game servers.

Document includes:
- What Cockpit is and what it provides
- Current access (Pterodactyl Panel) vs proposed (Cockpit)
- Detailed pros & cons analysis
- Three access options with risk/benefit analysis:
  - Option A: Limited user (RECOMMENDED)
  - Option B: Full admin (high risk/high reward)
  - Option C: No change (Pterodactyl only)
- Complete implementation guide with commands
- 4-week training plan
- Safety guidelines for Holly
- Monitoring/audit instructions
- Discussion questions to ask Holly

Recommendation: Option A (Limited Cockpit User)
- Low risk, high benefit
- Holly can learn Linux safely
- Can't break critical infrastructure
- Clear upgrade path if she wants more access

Purpose: Michael can discuss with Holly, decide based on her interest level.

Chronicler #40
This commit is contained in:
Claude
2026-03-22 13:03:54 +00:00
parent f24e976690
commit 04c3436d0a
1 changed files with 621 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

621
docs/planning/holly-cockpit-access-decision.md Normal file
View File

@@ -0,0 +1,621 @@
# Cockpit Access for Holly - Decision Document
**Date:** March 23, 2026
**Prepared by:** Chronicler #40
**For:** Michael (to discuss with Holly)
**Purpose:** Evaluate whether to grant Holly Cockpit access to TX1/NC1 game servers
---
## 📋 TABLE OF CONTENTS
1. [What is Cockpit?](#what-is-cockpit)
2. [Current Access (Pterodactyl Panel)](#current-access)
3. [Proposed Access (Cockpit)](#proposed-access)
4. [Pros & Cons Analysis](#pros-cons-analysis)
5. [Three Access Options](#three-access-options)
6. [Recommendation](#recommendation)
7. [Implementation Guide](#implementation-guide)
8. [Training Plan](#training-plan)
---
## 🖥️ WHAT IS COCKPIT?
**Cockpit** is a web-based server management interface for Linux servers.
**Access URLs:**
- TX1 Dallas: `https://38.68.14.26:9090`
- NC1 Charlotte: `https://216.239.104.130:9090`
**What it provides:**
- Web-based terminal (no need for MobaXterm/PuTTY/SSH clients)
- File browser with drag-and-drop upload
- Service management (start/stop/restart services)
- Resource monitoring (CPU, RAM, disk, network)
- Log viewer (real-time and historical)
- User management
- System updates
**Think of it as:** A control panel for the entire Linux server, similar to cPanel but for server administration.
---
## 🎮 CURRENT ACCESS (PTERODACTYL PANEL)
**What Holly currently has:**
**Pterodactyl Panel** (panel.firefrostgaming.com)
- Access to all 13 game server consoles
- File manager for game server files (in `/mods/`, `/config/`, etc.)
- Start/stop/restart game servers
- View logs for game servers
- Edit config files
- Upload/download files
**What Holly CAN do now:**
- ✅ Install mods (upload `.jar` files)
- ✅ Edit config files (LuckPerms, FTB, etc.)
- ✅ Restart game servers
- ✅ View server logs
- ✅ Manage server files
**What Holly CANNOT do now:**
- ❌ Access the host operating system (TX1/NC1 Linux servers)
- ❌ Install system packages (like `htop`, `ncdu`, etc.)
- ❌ Manage systemd services (like Pterodactyl Wings)
- ❌ View host system logs (`journalctl`)
- ❌ Monitor host system resources (RAM/CPU usage of the host)
- ❌ Access files outside of game server directories
---
## 🚀 PROPOSED ACCESS (COCKPIT)
**What Holly would gain with Cockpit:**
**Additional capabilities:**
- ✅ Web-based terminal (easier than SSH)
- ✅ Drag-and-drop file upload to any directory
- ✅ Browse entire filesystem (not just game server directories)
- ✅ View host system logs (see what's happening on TX1/NC1)
- ✅ Monitor host resources (is TX1 actually running out of RAM?)
- ✅ Restart system services (if granted permission)
**What this means practically:**
- Faster mod installation (drag-and-drop vs Pterodactyl upload)
- Better troubleshooting (can see host logs if game server won't start)
- Independence (doesn't need Michael for simple system checks)
- Learning opportunity (builds Linux skills)
---
## ⚖️ PROS & CONS ANALYSIS
### ✅ PROS
#### 1. Easier Mod Installation
**Current:** Upload through Pterodactyl Panel (can be slow, sometimes times out)
**With Cockpit:** Drag-and-drop files directly to `/var/lib/pterodactyl/volumes/[server-uuid]/mods/`
**Benefit:** Faster deployment, fewer upload failures, batch uploads easier
---
#### 2. Better Troubleshooting
**Current:** If a game server won't start, Holly can only see game server logs in Pterodactyl
**With Cockpit:** She can check:
- Host system logs (`journalctl`)
- Is Wings running? (`systemctl status wings`)
- Is the host out of RAM/disk space?
- Are there permission errors?
**Benefit:** Diagnose issues without waiting for Michael, faster problem resolution
---
#### 3. Independence & Empowerment
**Current:** Holly waits for Michael when:
- Need to check if Wings is running
- Need to see system logs
- Need to verify host resources
- Need to restart a system service
**With Cockpit:** Holly can handle these herself
**Benefit:** Michael isn't the bottleneck, Holly can work asynchronously
---
#### 4. Learning Opportunity
**Current:** Holly's Linux knowledge limited to Pterodactyl Panel interface
**With Cockpit:** Holly learns:
- Linux file system structure
- How services work (systemd)
- Resource monitoring basics
- Log troubleshooting
**Benefit:** Holly becomes more capable, can take on more infrastructure responsibility
---
#### 5. Faster Iteration
**Current:** Make config change → Upload via Pterodactyl → Test → Repeat
**With Cockpit:** Edit file directly in web terminal → Save → Test → Repeat
**Benefit:** Faster development/testing cycles for configuration changes
---
### ❌ CONS
#### 1. Security Risk
**Risk:** Full server access = Holly could accidentally break things
**Examples of things that could go wrong:**
- Delete critical system files (`rm -rf /var/lib/pterodactyl`)
- Stop Pterodactyl Wings (`systemctl stop wings` → all game servers down)
- Change firewall rules and lock everyone out
- Fill up disk with large file uploads
- Misconfigure services
**Severity:** High - Could take down all 6-7 game servers on that host
**Mitigation:** Restricted user account (see Options section)
---
#### 2. Complexity & Learning Curve
**Risk:** Linux terminal is harder than Pterodactyl Panel
**Challenges:**
- Commands must be typed exactly (one typo = error)
- File paths are absolute (`/var/lib/...` not relative)
- Permission errors can be confusing
- Terminal isn't as forgiving as GUI
**Severity:** Medium - Holly might get frustrated, make mistakes
**Mitigation:** Training, clear documentation, start with read-only tasks
---
#### 3. Multiple Access Methods = Confusion
**Risk:** Pterodactyl Panel AND Cockpit both available
**Confusion points:**
- Which tool should I use for this task?
- Did I edit the file in Cockpit or Pterodactyl? (version conflicts)
- Where did I upload that mod?
**Severity:** Low-Medium - Can lead to mistakes, wasted time
**Mitigation:** Clear guidelines on when to use each tool
---
#### 4. Accountability & Tracking
**Risk:** Multiple access methods = harder to track who did what
**Scenarios:**
- Server breaks, was it a Pterodactyl change or Cockpit change?
- File modified, but which interface was used?
- Service restarted, but by whom? (if multiple people have access)
**Severity:** Low - Mostly an audit/troubleshooting issue
**Mitigation:** Cockpit logs all actions, can review if needed
---
## 🎛️ THREE ACCESS OPTIONS
### Option A: Limited Cockpit User (RECOMMENDED)
**What Holly gets:**
- ✅ Web-based terminal (read-only by default)
- ✅ File browser for game server directories
- ✅ Upload mods via drag-and-drop
- ✅ View system logs (`journalctl -u wings`)
- ✅ Monitor system resources (CPU/RAM/disk)
-**CANNOT** restart services (except specifically granted ones)
-**CANNOT** edit system files
-**CANNOT** install packages
-**CANNOT** become root/sudo
**Implementation:**
```bash
# Create limited user account
useradd -m -s /bin/bash holly
passwd holly # Set strong password
# Add to specific groups
usermod -aG systemd-journal holly # Can read logs
usermod -aG pterodactyl holly # Can access game server files
# Grant ONLY specific service restart permission (optional)
echo "holly ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart wings" >> /etc/sudoers.d/holly
```
**Risk Level:** **LOW**
**Benefit Level:** **HIGH**
**Best for:** Holly learning Linux while preventing catastrophic mistakes
---
### Option B: Full Admin Access with Training
**What Holly gets:**
- ✅ Full `sudo` access
- ✅ Can do anything root can do
- ✅ Install packages, edit any file, restart any service
-**HIGH RISK** if she makes a mistake
**Implementation:**
```bash
# Create admin user
useradd -m -s /bin/bash holly
passwd holly
usermod -aG sudo holly # Full admin rights
```
**Risk Level:** **HIGH**
**Benefit Level:** **VERY HIGH** (if Holly is competent)
**Best for:** Holly is comfortable with Linux AND you trust her judgment
**Requirements:**
- Holly must go through Linux training first
- Clear "DO NOT TOUCH" list of files/commands
- Requires you to be available for questions
- Set up audit logging
---
### Option C: No Cockpit, Pterodactyl Panel Only
**What Holly gets:**
- ✅ Pterodactyl Panel access (current state)
- ❌ No Cockpit access
- ❌ No direct server access
**Risk Level:** **NONE**
**Benefit Level:** **CURRENT STATE**
**Best for:**
- Holly isn't interested in learning Linux
- You don't have time to train/support her
- Current workflow is working fine
---
## 🎯 RECOMMENDATION
**Start with Option A (Limited Cockpit User), with clear path to Option B if she wants.**
### Why Option A?
**1. Balances empowerment with safety**
- Holly can do 90% of what she needs
- Can't break critical infrastructure
- Builds confidence before full access
**2. Low-risk learning environment**
- She can explore, experiment, learn
- Worst case: She breaks a game server file (easy to restore)
- Can't break the host OS
**3. Immediate productivity gains**
- Faster mod installation
- Better troubleshooting
- Less waiting for Michael
**4. Clear upgrade path**
- Start limited (Option A)
- If Holly shows competence and wants more, upgrade to Option B
- If Holly isn't interested, stay at Option A or drop to Option C
### Decision Framework
**Ask Holly:**
1. Are you interested in learning Linux server management?
2. Do you want to be able to troubleshoot server issues independently?
3. Are you comfortable learning command-line tools?
**If YES to all three:** Start with Option A, plan for Option B training
**If YES to some:** Start with Option A, stay there
**If NO to most:** Stick with Option C (Pterodactyl only)
---
## 🛠️ IMPLEMENTATION GUIDE
**IF you decide to grant Holly Cockpit access (Option A or B), here's how:**
### Step 1: Create User Account on TX1
```bash
# SSH to TX1
ssh root@38.68.14.26
# Create user
useradd -m -s /bin/bash holly
passwd holly # Set strong password (save to Vaultwarden)
# Add to groups (Option A)
usermod -aG systemd-journal holly
usermod -aG pterodactyl holly
# Optional: Allow Wings restart only (Option A)
echo "holly ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart wings" > /etc/sudoers.d/holly
chmod 0440 /etc/sudoers.d/holly
# Test the sudoers file
visudo -c
```
### Step 2: Create User Account on NC1
```bash
# SSH to NC1
ssh root@216.239.104.130
# Repeat same commands as TX1
useradd -m -s /bin/bash holly
passwd holly # SAME password as TX1
usermod -aG systemd-journal holly
usermod -aG pterodactyl holly
echo "holly ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart wings" > /etc/sudoers.d/holly
chmod 0440 /etc/sudoers.d/holly
visudo -c
```
### Step 3: Give Holly Login Info
**Provide to Holly (via Vaultwarden):**
- TX1 Cockpit: `https://38.68.14.26:9090`
- NC1 Cockpit: `https://216.239.104.130:9090`
- Username: `holly`
- Password: `[password you set]`
### Step 4: Walk Through Initial Login
**With Holly, do this together:**
1. Open `https://38.68.14.26:9090` in browser
2. Accept self-signed certificate warning (click "Advanced" → "Proceed")
3. Login with `holly` / `[password]`
4. Show her around:
- Terminal (Web Console)
- File browser (navigate to `/var/lib/pterodactyl/volumes/`)
- Logs (click "Logs" → search for "wings")
- Resource monitor (System → Performance)
### Step 5: Test Her Access
**Have Holly try:**
```bash
# In Cockpit terminal, test commands:
# Can she read logs? (should work)
journalctl -u wings -n 50
# Can she list game servers? (should work)
ls /var/lib/pterodactyl/volumes/
# Can she restart Wings? (should work if you granted permission)
sudo systemctl restart wings
# Can she become root? (should FAIL)
sudo su -
# Should say "holly is not in the sudoers file"
```
**If all tests pass, she's set up correctly.**
---
## 📚 TRAINING PLAN
**If Holly has Cockpit access, teach her these skills:**
### Week 1: Read-Only Exploration
**Goal:** Get comfortable navigating, no making changes yet
**Tasks:**
1. Log in to Cockpit on both servers
2. Navigate file browser to game server directories
3. View Wings logs (`journalctl -u wings`)
4. Check system resources (CPU/RAM)
5. Find a specific game server's directory
**Outcome:** Holly comfortable with Cockpit interface, can find things
---
### Week 2: File Operations
**Goal:** Upload mods, edit config files
**Tasks:**
1. Upload a mod via drag-and-drop
2. Edit a config file in terminal (`nano /path/to/file`)
3. Copy a file from one server to another
4. Check file permissions (`ls -la`)
**Outcome:** Holly can manage game server files via Cockpit
---
### Week 3: Service Management
**Goal:** Restart services, troubleshoot issues
**Tasks:**
1. Check if Wings is running (`systemctl status wings`)
2. Restart Wings (`sudo systemctl restart wings`)
3. View logs for a specific time range
4. Identify when a service crashed from logs
**Outcome:** Holly can restart services and read logs for troubleshooting
---
### Week 4: Problem Solving
**Goal:** Use Cockpit to diagnose real issues
**Tasks:**
1. Game server won't start → check Wings logs → diagnose
2. Server running slow → check RAM/CPU → identify cause
3. Mod won't load → check game server logs → fix
**Outcome:** Holly can independently troubleshoot most issues
---
## 📝 GUIDELINES FOR HOLLY
**If Holly gets Cockpit access, give her these rules:**
### ✅ Safe to Do (Green Light)
- View any logs (`journalctl`)
- Browse any files (read-only)
- Upload mods to game server directories
- Edit game server config files (`/var/lib/pterodactyl/volumes/.../config/`)
- Check system resources
- Restart Wings (if permission granted)
### ⚠️ Ask First (Yellow Light)
- Restart any service other than Wings
- Edit files outside game server directories
- Delete large files
- Install any software
- Change file permissions
### 🛑 Never Do (Red Light)
- Run commands you don't understand
- Delete system files (`/etc`, `/usr`, `/bin`)
- Change firewall rules
- Modify `/etc/fstab`, `/etc/passwd`, `/etc/sudoers` directly
- Run `rm -rf` on any directory
- Kill critical processes (systemd, sshd, nginx)
---
## 🔍 MONITORING HOLLY'S ACCESS
**If you grant Cockpit access, you can monitor:**
### View What Holly Has Done
```bash
# On TX1 or NC1, view Cockpit logs:
journalctl -u cockpit -n 100
# View sudo commands Holly ran:
grep "holly.*sudo" /var/log/auth.log
# View SSH/Cockpit logins:
last -n 20 holly
```
### Cockpit Activity Dashboard
Cockpit logs every action:
- Terminal commands entered
- Files uploaded/modified
- Services restarted
- Login times
You can review these if something breaks and you need to know what happened.
---
## ❓ DISCUSSION QUESTIONS FOR HOLLY
**Before making the decision, ask Holly:**
1. **Interest Level:**
- "Are you interested in learning Linux server administration?"
- "Do you want to be able to fix server issues yourself, or are you happy to ping me when something breaks?"
2. **Comfort Level:**
- "How comfortable are you with command-line interfaces?"
- "Have you used terminal/command prompt before? How did it go?"
3. **Time Commitment:**
- "Are you willing to spend a few hours learning Cockpit and Linux basics?"
- "Would you rather focus on building and let me handle the backend?"
4. **Expectations:**
- "What would you most want to use Cockpit for?"
- "Is there anything you're frustrated with in Pterodactyl Panel that Cockpit would solve?"
---
## 🎓 RESOURCES FOR HOLLY
**If Holly gets Cockpit access, provide these learning resources:**
### Beginner Linux Tutorials
- Linux Journey: https://linuxjourney.com/ (interactive, beginner-friendly)
- Cockpit Project Docs: https://cockpit-project.org/guide/latest/
- Basic Linux Commands Cheat Sheet
### Firefrost-Specific Docs
- Server directory structure guide
- Common troubleshooting commands
- What NOT to touch (critical files/services)
### Michael's Contact
- "If you're unsure about a command, ask me first"
- "If something breaks, don't panic - we have backups"
- "Better to ask than to guess"
---
## 🏁 DECISION SUMMARY
**Three paths forward:**
### Path 1: Give Holly Limited Cockpit Access (Option A)
**When:** Holly is interested in learning Linux
**Risk:** Low
**Benefit:** High
**Next Step:** Create `holly` user on TX1/NC1, walk through training plan
### Path 2: Give Holly Full Cockpit Access (Option B)
**When:** Holly is confident with Linux AND you have time to train/support
**Risk:** High
**Benefit:** Very High
**Next Step:** Training program first, then grant access
### Path 3: Keep Pterodactyl Only (Option C)
**When:** Holly prefers GUI or isn't interested in Linux
**Risk:** None
**Benefit:** Current state
**Next Step:** Nothing changes
---
## 📞 NEXT STEPS
1. **Read this document**
2. **Discuss with Holly** (gauge her interest and comfort)
3. **Choose an option** based on her responses
4. **If Option A or B:** Implement user account, start training
5. **If Option C:** Close this document, stick with Pterodactyl
---
**Fire + Frost + Foundation = Where Love Builds Legacy** 🔥❄️
**Prepared by:** Chronicler #40
**Date:** March 23, 2026
**Status:** Decision pending - discuss with Holly
---
**END OF DOCUMENT**