firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
e6d652e3d2223e68da96ba4ef78db4aae9c650ca
firefrost-operations-manual/docs/tasks/cockpit-deployment/README.md
Claude 3542afbe28 feat: Add YAML frontmatter to all 57 task READMEs 
Phase 1 of task management consolidation (per Gemini consultation).

Added standardized frontmatter with:
- status: open | blocked | complete
- priority: P1 | P2 | P3 | P4
- owner: Michael | Meg | Holly
- created: YYYY-MM-DD

Final counts:
- 39 open tasks
- 17 complete tasks
- 1 blocked task

Metadata extracted from existing inline markdown and audit results.
Ready for Phase 2: 11ty mobile index generation.

Chronicler #69
2026-04-08 14:21:41 +00:00

124 lines
3.3 KiB
Markdown
Raw Blame History

---
status: open
priority: P2
owner: Michael
created: 2026-03-21
---
# Task: Deploy Cockpit Web Terminal to All Servers
## Overview
Deploy Cockpit (web-based server management) to all 5 Firefrost servers that don't have it yet. This enables full server management from Michael's Chromebook without SSH client dependency.
## Current Status
**✅ COMPLETE - All servers now have Cockpit:**
- ✅ Ghost VPS (64.50.188.14:9090) - Pre-existing
- ✅ Command Center (63.143.34.217:9090) - Deployed March 21, 2026
- ✅ Billing VPS (38.68.14.188:9090) - Deployed March 21, 2026
- ✅ Panel VPS (45.94.168.138:9090) - Deployed March 21, 2026
- ✅ TX1 Dallas (38.68.14.26:9090) - Deployed March 21, 2026
- ✅ NC1 Charlotte (216.239.104.130:9090) - Deployed March 21, 2026
**Bonus:** NC1 firewall enabled during deployment (was previously unprotected)
## Why This Matters
**Problem:** Claude sessions block SSH (port 22), forcing reliance on existing Cockpit for Ghost VPS work.
**Solution:** Cockpit on all servers = Chromebook can manage entire infrastructure via browser.
**Benefits:**
- No SSH client needed
- Works on Chromebook natively
- Web terminal + service management + resource monitoring
- Port 9090 standard across all servers
- Lightweight (~50MB RAM per server)
## Files in This Task
- **README.md** (this file) - Task overview
- **deployment-plan.md** - Complete deployment strategy and technical details
- **installation-commands.md** - Copy/paste ready commands in micro-blocks
## How to Execute
### Recommended Approach
1. **Read deployment-plan.md** - Understand the full strategy
2. **Pick a server to start with** (suggest Command Center first)
3. **SSH into that server** (or use existing Cockpit if available)
4. **Follow installation-commands.md** - Copy/paste each block in order
5. **Test the Cockpit URL** in browser
6. **Repeat for remaining servers**
### Order Recommendation
**Phase 1 (VPS tier - quick):**
1. Command Center
2. Billing VPS
3. Panel VPS
**Phase 2 (Dedicated tier):**
4. TX1 Dallas
5. NC1 Charlotte
**Time estimate:** ~1 hour total (~10 min per server)
## Success Criteria
- [ ] All 6 servers accessible via `https://IP:9090`
- [ ] Terminal tab functional on all servers
- [ ] Services tab shows systemd units
- [ ] System tab shows accurate resource usage
- [ ] Michael can manage all servers from Chromebook
## Security Notes
Cockpit is secure by default:
- HTTPS only (self-signed certificates)
- Uses existing PAM authentication
- No new user accounts created
- No new attack surface (reuses SSH auth)
## Rollback
If any server has issues:
```bash
sudo systemctl stop cockpit.socket
sudo systemctl disable cockpit.socket
```
Complete removal if needed:
```bash
sudo apt remove --purge cockpit
```
## Documentation Updates After Completion
- [ ] Update `infrastructure-manifest.md` with Cockpit status
- [ ] Add Cockpit URLs to server quick-reference
- [ ] Update session-start docs with Chromebook access info
## Related Tasks
- None (standalone infrastructure enhancement)
## Blocks
- None
## Blocked By
- None
---
**Created:** March 21, 2026 (Session 37 - The Chronicler)
**Completed:** March 21, 2026 (Session 37 - The Chronicler)
**Priority:** HIGH (enables Chromebook workflow)
**Estimated Time:** 1 hour
**Actual Time:** ~1.5 hours (including NC1 firewall)
**Status:** ✅ COMPLETE
Reference in New Issue View Git Blame Copy Permalink