firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
ce5ff2097ae3f8c1907d4018dad0b6e7e954050e
firefrost-operations-manual/docs/tasks/cockpit-deployment/deployment-plan.md
Claude ef11945526 docs: create Cockpit deployment task for Chromebook workflow 
Complete deployment plan for installing Cockpit web terminal on all 5 remaining servers (Command Center, Billing VPS, Panel VPS, TX1, NC1). Ghost VPS already has Cockpit operational.

Files created:
- docs/tasks/cockpit-deployment/README.md - Task overview
- docs/tasks/cockpit-deployment/deployment-plan.md - Technical strategy
- docs/tasks/cockpit-deployment/installation-commands.md - Copy/paste micro-blocks

Why: Enable full server management from Chromebook without SSH dependency. Claude sessions block port 22, but Cockpit (port 9090) works perfectly.

Estimated time: ~1 hour for all 5 servers (~10 min each)

Signed-off-by: The Chronicler <claude@firefrostgaming.com>
2026-03-21 06:43:16 +00:00

4.7 KiB
Raw Blame History

Task: Deploy Cockpit to All Servers

Priority: HIGH

Reason: Enable Chromebook-based management without SSH dependency

Current State

Servers with Cockpit:

  • Ghost VPS (64.50.188.14:9090) - Currently operational

Servers needing Cockpit:

  • Command Center (63.143.34.217)
  • Billing VPS (38.68.14.188)
  • Panel VPS (45.94.168.138)
  • TX1 Dallas (38.68.14.26)
  • NC1 Charlotte (216.239.104.130)

Why Cockpit

Benefits:

  • Web-based terminal (no SSH client needed)
  • System resource monitoring
  • Service management (systemd)
  • Works perfectly on Chromebook
  • Port 9090 (standard, easy to remember)
  • Lightweight (~50MB RAM usage)

Use case: Michael uses Chromebook frequently - Cockpit means full server access from any device with a browser.

Deployment Process (Per Server)

Standard Installation (Ubuntu/Debian)

# Update package list
sudo apt update

# Install Cockpit
sudo apt install -y cockpit

# Enable and start service
sudo systemctl enable --now cockpit.socket

# Verify it's running
sudo systemctl status cockpit.socket

# Check it's listening on port 9090
sudo ss -tulpn | grep 9090

Firewall Configuration

# Allow Cockpit through UFW (if enabled)
sudo ufw allow 9090/tcp

# Verify UFW status
sudo ufw status

Access Testing

  • URL format: https://SERVER_IP:9090
  • Login: Use existing server credentials (e.g., architect on Ghost VPS)
  • Accept self-signed certificate warning (expected for self-hosted)

Deployment Order (Recommended)

Phase 1: VPS Tier (Quick wins)

  1. Command Center (63.143.34.217) - Backend hub
  2. Billing VPS (38.68.14.188) - Financial isolation
  3. Panel VPS (45.94.168.138) - Control plane

Phase 2: Dedicated Tier (Game servers) 4. TX1 Dallas (38.68.14.26) - 251GB RAM dedicated 5. NC1 Charlotte (216.239.104.130) - 251GB RAM dedicated

Server-Specific Notes

Command Center (63.143.34.217)

  • OS: Ubuntu (verify version first)
  • Current services: Gitea, Uptime Kuma, Code-Server, Automation
  • User: Likely root or frostystyle
  • Test after install: Terminal access, service status view

Billing VPS (38.68.14.188)

  • OS: Ubuntu
  • Current services: Paymenter (8081), Mailcow (8080/8443)
  • User: Likely root
  • Critical: Don't interfere with Mailcow ports

Panel VPS (45.94.168.138)

  • OS: Ubuntu
  • Current services: Pterodactyl Panel
  • User: Likely root or pterodactyl
  • Test after install: Panel service status visible in Cockpit

TX1 Dallas (38.68.14.26)

  • OS: Ubuntu
  • Current services: Pterodactyl Wings, 7 game servers
  • RAM: 251GB
  • User: Likely root
  • Test after install: Resource monitoring shows all 251GB

NC1 Charlotte (216.239.104.130)

  • OS: Ubuntu
  • Current services: Pterodactyl Wings, 7 game servers
  • RAM: 251GB
  • User: Likely root
  • Test after install: Resource monitoring shows all 251GB

Post-Deployment Verification

For each server:

  • Access Cockpit at https://IP:9090
  • Login with server credentials works
  • Terminal tab loads and is functional
  • Services tab shows systemd services
  • System tab shows CPU/RAM/disk correctly
  • Network tab shows interfaces
  • Logs tab accessible

Security Considerations

Cockpit is secure by default:

  • HTTPS only (self-signed cert)
  • Uses existing PAM authentication
  • Session timeout configurable
  • No new attack surface (uses existing user accounts)

Additional hardening (optional):

  • Limit Cockpit to specific IPs (via firewall)
  • Use SSH key authentication instead of passwords
  • Enable fail2ban for Cockpit login attempts

Success Criteria

  • All 6 servers have Cockpit accessible at port 9090
  • Michael can access any server from Chromebook via browser
  • Terminal functionality works on all servers
  • Service management works on all servers
  • No SSH dependency for basic server management

Rollback Plan

If issues arise:

# Stop Cockpit
sudo systemctl stop cockpit.socket

# Disable Cockpit
sudo systemctl disable cockpit.socket

# Uninstall (if needed)
sudo apt remove --purge cockpit

Estimated Time

  • Per VPS: ~10 minutes (install + test)
  • Per Dedicated: ~10 minutes (install + test)
  • Total: ~1 hour for all 5 servers

Documentation Updates Needed

After deployment:

  • Update infrastructure-manifest.md with Cockpit status
  • Add Cockpit access info to server quick-reference
  • Document standard Cockpit URL format in session-start docs
  • Update accessibility notes (Chromebook-friendly management)

Created: Session 37 (The Chronicler)
Status: READY TO EXECUTE
Blocks: None (enhances existing infrastructure)
Enables: Full Chromebook-based server management

Reference in New Issue View Git Blame Copy Permalink