« Previous 1 2 3
Server administration using Cockpit
Control Center
Under the Hood
Cockpit itself consists of several components (Figure 7); the cockpit-ws
service launched by systemd supplies the switchboard. The ws
stands for web server. It delivers the web application to the browser and controls the remaining tools. In doing so, however, cockpit-ws
is not just permanently in the background; in fact, systemd listens to port 9090 and only automatically activates the web server when trying to establish a connection.
The cockpit-ws
service starts the cockpit-bridge
service as soon as you log on. This, in turn, communicates with systemd, the network manager, and other system components via the D-Bus interface. Docker and Kubernetes, which Cockpit controls via REST, are exceptions.
Whereas cockpit-ws
works using root privileges, cockpit-bridge
runs with normal user rights. In older versions of Cockpit, the service cockpitd
was used instead of cockpit-bridge
. This applies in particular to version 0.27, which came with Fedora 21.
A few other auxiliary programs are available besides cockpit-ws
and cockpit-bridge
. For example, Cockpit uses cockpit-session
and PAM to authenticate the user and to initiate a corresponding session.
If you register another server in the web interface, cockpit-ws
establishes contact with it via SSH. cockpit-ws
then directs the cockpit-bridge
running on the other server using the secured SSH connection. However, this procedure requires both that Cockpit is installed on each server and that an SSH daemon constantly listens to port 22.
Note that cockpit-ws
automatically terminates after 10 minutes of inactivity. If port 9090 is then accessed again, systemd starts the web application again. Alternatively, you can manually call up Cockpit via /usr/libexec/cockpit-ws
in Fedora 21.
Furthermore, a suitable systemd service called cockpit.service
can be used to shut down or restart Cockpit. If you stop the service, you should close the socket; otherwise, systemd will automatically start up Cockpit again if a connection is (accidentally) established:
systemctl stop cockpit.socket cockpit
If you delve more deeply into the structure of Cockpit and want to supplement the user interface with additional functions, you should take a look at the Developer Guide [7]. An updated version is enclosed with the source code in the subdirectory doc
[4].
Conclusions
You can easily manage one or more servers using Cockpit. Those who can deal with Gnome's system settings will find their way in Cockpit, too. Unlike its competitor Webmin, Cockpit focuses on Linux systems. You need to set up additional applications such as an Apache web server manually.
Additionally, Cockpit is currently strongly tailored to Fedora and especially systemd. Users should therefore at least have superficial knowledge of the init system and its concepts. By focusing on a few system components, however, Cockpit is able to work more reliably and, above all, shine with a consistent, uncluttered user interface. Like all web applications, however, Cockpit opens a new port on the server, which is in principle a security risk.
Infos
- Cockpit: http://cockpit-project.org
- Webmin: http://www.webmin.com
- Open IT Cockpit: http://openitcockpit.org/en/home.html
- Cockpit on GitHub: https://github.com/cockpit-project/cockpit
- Code for this article: ftp://ftp.linux-magazine.com/pub/listings/admin-magazine.com/28
- Cockpit download: https://github.com/cockpit-project/cockpit/releases
- Cockpit Developer Guide: http://files.cockpit-project.org/guide/development.html
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)