firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
e6d652e3d2223e68da96ba4ef78db4aae9c650ca
firefrost-operations-manual/docs/tasks/cockpit-deployment/deployment-plan.md
Claude ef11945526 docs: create Cockpit deployment task for Chromebook workflow 
Complete deployment plan for installing Cockpit web terminal on all 5 remaining servers (Command Center, Billing VPS, Panel VPS, TX1, NC1). Ghost VPS already has Cockpit operational.

Files created:
- docs/tasks/cockpit-deployment/README.md - Task overview
- docs/tasks/cockpit-deployment/deployment-plan.md - Technical strategy
- docs/tasks/cockpit-deployment/installation-commands.md - Copy/paste micro-blocks

Why: Enable full server management from Chromebook without SSH dependency. Claude sessions block port 22, but Cockpit (port 9090) works perfectly.

Estimated time: ~1 hour for all 5 servers (~10 min each)

Signed-off-by: The Chronicler <claude@firefrostgaming.com>
2026-03-21 06:43:16 +00:00

175 lines
4.7 KiB
Markdown
Raw Blame History

# Task: Deploy Cockpit to All Servers
## Priority: HIGH
**Reason:** Enable Chromebook-based management without SSH dependency
## Current State
**Servers with Cockpit:**
- ✅ Ghost VPS (64.50.188.14:9090) - Currently operational
**Servers needing Cockpit:**
- ❌ Command Center (63.143.34.217)
- ❌ Billing VPS (38.68.14.188)
- ❌ Panel VPS (45.94.168.138)
- ❌ TX1 Dallas (38.68.14.26)
- ❌ NC1 Charlotte (216.239.104.130)
## Why Cockpit
**Benefits:**
- Web-based terminal (no SSH client needed)
- System resource monitoring
- Service management (systemd)
- Works perfectly on Chromebook
- Port 9090 (standard, easy to remember)
- Lightweight (~50MB RAM usage)
**Use case:** Michael uses Chromebook frequently - Cockpit means full server access from any device with a browser.
## Deployment Process (Per Server)
### Standard Installation (Ubuntu/Debian)
```bash
# Update package list
sudo apt update
# Install Cockpit
sudo apt install -y cockpit
# Enable and start service
sudo systemctl enable --now cockpit.socket
# Verify it's running
sudo systemctl status cockpit.socket
# Check it's listening on port 9090
sudo ss -tulpn | grep 9090
```
### Firewall Configuration
```bash
# Allow Cockpit through UFW (if enabled)
sudo ufw allow 9090/tcp
# Verify UFW status
sudo ufw status
```
### Access Testing
- URL format: `https://SERVER_IP:9090`
- Login: Use existing server credentials (e.g., `architect` on Ghost VPS)
- Accept self-signed certificate warning (expected for self-hosted)
## Deployment Order (Recommended)
**Phase 1: VPS Tier (Quick wins)**
1. Command Center (63.143.34.217) - Backend hub
2. Billing VPS (38.68.14.188) - Financial isolation
3. Panel VPS (45.94.168.138) - Control plane
**Phase 2: Dedicated Tier (Game servers)**
4. TX1 Dallas (38.68.14.26) - 251GB RAM dedicated
5. NC1 Charlotte (216.239.104.130) - 251GB RAM dedicated
## Server-Specific Notes
### Command Center (63.143.34.217)
- **OS:** Ubuntu (verify version first)
- **Current services:** Gitea, Uptime Kuma, Code-Server, Automation
- **User:** Likely `root` or `frostystyle`
- **Test after install:** Terminal access, service status view
### Billing VPS (38.68.14.188)
- **OS:** Ubuntu
- **Current services:** Paymenter (8081), Mailcow (8080/8443)
- **User:** Likely `root`
- **Critical:** Don't interfere with Mailcow ports
### Panel VPS (45.94.168.138)
- **OS:** Ubuntu
- **Current services:** Pterodactyl Panel
- **User:** Likely `root` or `pterodactyl`
- **Test after install:** Panel service status visible in Cockpit
### TX1 Dallas (38.68.14.26)
- **OS:** Ubuntu
- **Current services:** Pterodactyl Wings, 7 game servers
- **RAM:** 251GB
- **User:** Likely `root`
- **Test after install:** Resource monitoring shows all 251GB
### NC1 Charlotte (216.239.104.130)
- **OS:** Ubuntu
- **Current services:** Pterodactyl Wings, 7 game servers
- **RAM:** 251GB
- **User:** Likely `root`
- **Test after install:** Resource monitoring shows all 251GB
## Post-Deployment Verification
For each server:
- [ ] Access Cockpit at https://IP:9090
- [ ] Login with server credentials works
- [ ] Terminal tab loads and is functional
- [ ] Services tab shows systemd services
- [ ] System tab shows CPU/RAM/disk correctly
- [ ] Network tab shows interfaces
- [ ] Logs tab accessible
## Security Considerations
**Cockpit is secure by default:**
- HTTPS only (self-signed cert)
- Uses existing PAM authentication
- Session timeout configurable
- No new attack surface (uses existing user accounts)
**Additional hardening (optional):**
- Limit Cockpit to specific IPs (via firewall)
- Use SSH key authentication instead of passwords
- Enable fail2ban for Cockpit login attempts
## Success Criteria
- [ ] All 6 servers have Cockpit accessible at port 9090
- [ ] Michael can access any server from Chromebook via browser
- [ ] Terminal functionality works on all servers
- [ ] Service management works on all servers
- [ ] No SSH dependency for basic server management
## Rollback Plan
If issues arise:
```bash
# Stop Cockpit
sudo systemctl stop cockpit.socket
# Disable Cockpit
sudo systemctl disable cockpit.socket
# Uninstall (if needed)
sudo apt remove --purge cockpit
```
## Estimated Time
- **Per VPS:** ~10 minutes (install + test)
- **Per Dedicated:** ~10 minutes (install + test)
- **Total:** ~1 hour for all 5 servers
## Documentation Updates Needed
After deployment:
- [ ] Update infrastructure-manifest.md with Cockpit status
- [ ] Add Cockpit access info to server quick-reference
- [ ] Document standard Cockpit URL format in session-start docs
- [ ] Update accessibility notes (Chromebook-friendly management)
---
**Created:** Session 37 (The Chronicler)
**Status:** READY TO EXECUTE
**Blocks:** None (enhances existing infrastructure)
**Enables:** Full Chromebook-based server management
Reference in New Issue View Git Blame Copy Permalink