-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add asciidoc guide #21515
Draft
bookwar
wants to merge
6
commits into
cockpit-project:main
Choose a base branch
from
bookwar:asciidoc-guide
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Add asciidoc guide #21515
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
c65d180
Initial result of pandoc conversion
bookwar 002a207
Add cockpit-guide.xml fixes
bookwar ea8ea1b
Rebase to current master
bookwar 9b4315d
Add new cockpit-guide entry
bookwar 9d1d4b2
Skip cockpit-guide from conversion
bookwar 78d9ab2
Add man pages and Makefile
bookwar File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| all: render_html render_man | ||
|
|
||
| render_html: | ||
| mkdir -p output/html | ||
| asciidoctor -b html5 -D output/html cockpit-guide.adoc | ||
|
|
||
| render_man: | ||
| mkdir -p output/html | ||
| asciidoctor -b manpage -D output/man ./man/*.adoc | ||
|
|
||
| clean: | ||
| rm -rf output/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| cockpit | ||
|
|
||
| cockpit-bridge | ||
|
|
||
| 1 | ||
|
|
||
| cockpit-bridge | ||
|
|
||
| Cockpit Host Bridge | ||
|
|
||
| cockpit-bridge | ||
|
|
||
| --help | ||
|
|
||
| --packages | ||
|
|
||
| [[cockpit-bridge-description]] | ||
| == DESCRIPTION | ||
|
|
||
| The `cockpit-bridge` program is used by Cockpit to relay messages and | ||
| commands from the Web front end to the server. Among other things it | ||
| relays DBus, and spawns processes on behalf of the Web user interface. | ||
|
|
||
| This program is not routinely run by users or administrators. It is in | ||
| the `$PATH` so that Cockpit can find it when connecting between hosts. | ||
| However there are some diagnostics available when running from the | ||
| command line. | ||
|
|
||
| [[cockpit-bridge-options]] | ||
| == OPTIONS | ||
|
|
||
| `--help`:: | ||
| Show help options. | ||
| `--interact=boundary`:: | ||
| Interact with the raw cockpit1 protocol. Useful for debugging and | ||
| testing. Specify a `boundary` which should be on an empty line between | ||
| messages. | ||
| `--packages`:: | ||
| List all available Cockpit packages and exit. Note this includes | ||
| packages available to the user running this command. | ||
| `--version`:: | ||
| Show Cockpit version information. | ||
|
|
||
| [[cockpit-bridge-bugs]] | ||
| == BUGS | ||
|
|
||
| Please send bug reports to either the distribution bug tracker or the | ||
| https://github.com/cockpit-project/cockpit/issues/new[upstream bug | ||
| tracker]. | ||
|
|
||
| [[cockpit-bridge-author]] | ||
| == AUTHOR | ||
|
|
||
| Cockpit has been written by many | ||
| https://github.com/cockpit-project/cockpit/[contributors]. | ||
|
|
||
| [[cockpit-bridge-also]] | ||
| == SEE ALSO | ||
|
|
||
| `cockpit-ws(8)` | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| = cockpit-desktop(1) | ||
| :doctype: manpage | ||
|
|
||
| == NAME | ||
|
|
||
| cockpit-desktop - Cockpit Desktop integration | ||
|
|
||
| == SYNOPSIS | ||
|
|
||
| *cockpit-desktop* {URLPATH} [SSH_HOST] | ||
|
|
||
| [[cockpit-desktop-description]] | ||
| == DESCRIPTION | ||
|
|
||
| The `cockpit-desktop` program provides secure access to Cockpit pages in | ||
| an already running desktop session. It starts a web server | ||
| (`cockpit-ws`) and a web browser in an isolated network namespace, and a | ||
| `cockpit-bridge(8)` in the running user session. | ||
|
|
||
| This avoids having to log into Cockpit, and having to enable | ||
| `cockpit.socket` system-wide. The network isolation ensures that no | ||
| other user, and not even other processes in the user's session, can | ||
| access this local web server. | ||
|
|
||
| `URLPATH` is the Cockpit page to open, i. e. the path component of | ||
| Cockpit URLs. It is highly recommended to only open a | ||
| https://cockpit-project.org/guide/latest/embedding.html[particular page | ||
| frame], not the entire Cockpit navigation and menu. For example, the | ||
| path `/cockpit/@localhost/storage/index.html` will open the Storage | ||
| page. It is also possible to give abbreviated forms of urls, such as | ||
| "`storage`" or "`network/firewall`". | ||
|
|
||
| `SSH_HOST` is an optional SSH remote host specification (`hostname` or | ||
| `username@hostname`). If given, `cockpit-bridge` will be started on the | ||
| remote host through `ssh(1)` instead, i. e. the Cockpit web browser will | ||
| show that remote host. Note that this is more of an experimental/demo | ||
| feature. | ||
|
|
||
| [[cockpit-desktop-environment]] | ||
| == ENVIRONMENT | ||
|
|
||
| The `BROWSER` environment variable specifies the browser command (and | ||
| possibly options) that will be used to open the requested Cockpit page. | ||
| If not set, `cockpit-desktop` attempts to use an internal minimalistic | ||
| WebKit browser, and failing that, will attempt to detect some reasonable | ||
| alternatives. | ||
|
|
||
| [[cockpit-desktop-bugs]] | ||
| == BUGS | ||
|
|
||
| Please send bug reports to either the distribution bug tracker or the | ||
| https://github.com/cockpit-project/cockpit/issues/new[upstream bug | ||
| tracker]. | ||
|
|
||
| [[cockpit-desktop-author]] | ||
| == AUTHOR | ||
|
|
||
| Cockpit has been written by many | ||
| https://github.com/cockpit-project/cockpit/[contributors]. | ||
|
|
||
| [[cockpit-desktop-also]] | ||
| == SEE ALSO | ||
|
|
||
| `cockpit-ws(8)`, `cockpit-bridge(1)` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,137 @@ | ||
| cockpit | ||
|
|
||
| cockpit-tls | ||
|
|
||
| 8 | ||
|
|
||
| cockpit-tls | ||
|
|
||
| TLS proxy for Cockpit web service | ||
|
|
||
| cockpit-tls | ||
|
|
||
| --help | ||
|
|
||
| --port | ||
|
|
||
| PORT | ||
|
|
||
| --no-tls | ||
|
|
||
| --idle-timeout | ||
|
|
||
| SECONDS | ||
|
|
||
| [[cockpit-tls-description]] | ||
| == DESCRIPTION | ||
|
|
||
| The `cockpit-tls` program is a TLS terminating HTTP proxy for | ||
| `cockpit-ws(8)`. It manages a set of isolated cockpit-ws instances, one | ||
| per TLS client certificate, plus one for TLS without a client | ||
| certificate, and one for unencrypted HTTP. With that, one session cannot | ||
| tamper with another one through possible security vulnerability | ||
| exploits. | ||
|
|
||
| Users or administrators should never need to start this program as it | ||
| automatically started by `systemd(1)` via socket activation. | ||
|
|
||
| [[cockpit-tls-transport]] | ||
| == TRANSPORT SECURITY | ||
|
|
||
| To specify the TLS certificate the web service should use, simply drop a | ||
| file with the extension `.cert` in the `/etc/cockpit/ws-certs.d` | ||
| directory, or below `$XDG_CONFIG_DIRS` if set (see | ||
| link:./cockpit.conf.5.html[cockpit.conf]). If there are multiple files | ||
| in this directory, then the highest priority one is chosen after | ||
| sorting. | ||
|
|
||
| The `.cert` file should contain at least two OpenSSL style PEM blocks. | ||
| First one or more `BEGIN CERTIFICATE` blocks for the server certificate | ||
| and intermediate certificate authorities and a second one containing a | ||
| `BEGIN PRIVATE KEY` or similar. The key must not be encrypted. | ||
|
|
||
| If there is no TLS certificate, a self-signed certificate is | ||
| automatically generated using `sscg` (if available) or `openssl` and | ||
| stored in the `0-self-signed.cert` file. | ||
|
|
||
| When enrolling into a FreeIPA domain, an SSL certificate is requested | ||
| from the IPA server and stored in `10-ipa.cert`. | ||
|
|
||
| To check which certificate `cockpit-ws` will use, run the following | ||
| command. | ||
|
|
||
| .... | ||
| $ sudo /usr/libexec/cockpit-certificate-ensure --check | ||
| .... | ||
|
|
||
| Or, on Debian-based systems: | ||
|
|
||
| .... | ||
| $ sudo /usr/lib/cockpit/cockpit-certificate-ensure --check | ||
| .... | ||
|
|
||
| If using `certmonger` to manage certificates, following command can be | ||
| used to generate a certificate/key pair: | ||
|
|
||
| .... | ||
| CERT_FILE=/etc/cockpit/ws-certs.d/50-certmonger.crt | ||
| KEY_FILE=/etc/cockpit/ws-certs.d/50-certmonger.key | ||
|
|
||
| getcert request -f ${CERT_FILE} -k ${KEY_FILE} -D $(hostname --fqdn) | ||
| .... | ||
|
|
||
| [[cockpit-tls-options]] | ||
| == OPTIONS | ||
|
|
||
| `--help`:: | ||
| Show help options. | ||
| `--port` <PORT>:: | ||
| Serve HTTP requests on <PORT> instead of port 9090. Usually Cockpit is | ||
| started on demand by `systemd` socket activation, and this option has | ||
| no effect. Update the `ListenStream` directive `cockpit.socket` file | ||
| in the usual `systemd` manner. | ||
| `--no-tls`:: | ||
| Don't use TLS. Certificates will not be read, and https connections | ||
| denied. Then `cockpit-tls` will only manage a single cockpit-ws | ||
| instance, and thus not do anything different than running | ||
| `cockpit-ws --no-tls` directly. Only use this for debugging or | ||
| testing. | ||
| `--idle-timeout` <SECONDS>:: | ||
| If greater than 0, exit if no connections have happened for the given | ||
| number of seconds, i. e. the server is idle. If not given, the default | ||
| is 90. | ||
|
|
||
| [[cockpit-tls-environment]] | ||
| == ENVIRONMENT | ||
|
|
||
| The `cockpit-tls` program expects the `RUNTIME_DIRECTORY` environment | ||
| variable to be set to an empty directory (preferably in `/run/`) that is | ||
| only accessible by the system user under which it is running. This | ||
| contains the Unix sockets for communicating with the `cockpit-ws` | ||
| instances, and in the future, state information about client | ||
| certificates. This variable is normally set by the `cockpit.service` | ||
| systemd unit. | ||
|
|
||
| In addition, `cockpit-tls` will use the `XDG_CONFIG_DIRS` environment | ||
| variable from the | ||
| https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html[XDG | ||
| basedir spec] to find its certificates and the `cockpit.conf(5)` | ||
| configuration file. | ||
|
|
||
| [[cockpit-tls-bugs]] | ||
| == BUGS | ||
|
|
||
| Please send bug reports to either the distribution bug tracker or the | ||
| https://github.com/cockpit-project/cockpit/issues/new[upstream bug | ||
| tracker]. | ||
|
|
||
| [[cockpit-tls-author]] | ||
| == AUTHOR | ||
|
|
||
| Cockpit has been written by many | ||
| https://github.com/cockpit-project/cockpit/graphs/contributors[contributors]. | ||
|
|
||
| [[cockpit-tls-also]] | ||
| == SEE ALSO | ||
|
|
||
| `cockpit-ws(8)` , `cockpit.conf(5)` , `systemd(1)` |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks really strange -- This should get some more structure, like "NAME", "SYNOPSIS", and proper verbatim formatting and such. But I suppose that's what you meant with "man pages need work".