Lead Image © Alexandr Marinenko, 123RF.com

Lead Image © Alexandr Marinenko, 123RF.com

Server administration using Cockpit

Control Center

Article from ADMIN 28/2015
By
Cockpit makes it easy to manage Linux servers: Four mouse clicks in the browser restart the crashed web server, and four more interconnect the server's network interfaces. Pilots flying in this cockpit, though, have to cope with a few limitations.

Cockpit [1] lets you manage a remote Linux system through a browser window. An administrator can take a look at the systemd journal, check the load, and start and stop services. Thanks to responsive design, the user interface automatically adapts to different screen sizes which, in turn, facilitates easy access via smartphones.

You can also easily switch to the command line, start web servers there, and create new user accounts at any time. They then appear in the web application, and you can use them to manage multiple Linux systems. To this end, just draw attention to Cockpit on the remaining servers, on which the software must also be running.

This functionality makes Cockpit – developed by Red Hat – similar to the well-known Webmin [2]. The user interface which, according to self-promotion, is easy to use and "very lightweight" especially appeals to less experienced administrators. However, Cockpit is also suitable for managing a home server or smaller business networks. Users should not mistake the tool licensed under LGPL 2.1 for the similarly named openITCOCKPIT [3].

All Inclusive

Red Hat has not even been working on Cockpit for a full two years. The work on it can now be done openly on GitHub [4], but those who observe the project will note its closeness to Red Hat (e.g., the distribution used). Also, Fedora 21 Server, CentOS Atomic, and RHEL Atomic are already preinstalling the tool for server management. Fedora 21 Workstation and Arch Linux only have finished packages. In Fedora 21 Workstation, the command

yum install cockpit

installs the control center.

Users of Arch Linux can install the cockpit package via the Arch User Repository (AUR). The Cockpit version accompanying Fedora 21 still reports as version 0.27 from autumn 2014, although the current version was already 0.52 at the time of writing. However, except for cosmetics, it has not particularly changed.

Those who want to use a different distribution, such as Ubuntu or Debian, will need to compile the source code themselves. Because Cockpit is strongly attached to Fedora, and especially systemd, commissioning turns out to be only a small hurdle. You first need to collect the numerous dependencies in the cockpit.spec file. The "Vivid Vervet" box describes how to compile the software for Ubuntu 15.04.

Vivid Vervet

You first need to install all required packages [5] to install Cockpit in Ubuntu 4.15:

sudo apt-get install xsltproc \
  libglib2.0-dev libjson-glib-dev \
  libpolkit-agent-1-dev libkrb5-dev \
  liblvm2-dev libgudev-1.0-dev \
  libssh-dev libpam0g-dev libkeyutils-dev \
  libpcp3-dev libpcp-import1-dev \
  libpcp-pmda3-dev intltool xmlto \
  libsystemd-journal-dev libsystemd-daemon-dev \
  libxslt1-dev npm nodejs selinux-policy-dev \
  checkpolicy selinux-policy-doc libdbus-1-dev

You then need to fish the .tar.bz2 archive out of the latest stable Cockpit version from the GitHub repository [6], unzip it, and then compile Cockpit using the well-known rule of three:

./configure
make
make install

You then need to give the almighty user root a password via

sudo passwd root

so you can log on to Cockpit later.

Cockpit cannot even be put into operation on distributions without systemd. This relates to earlier versions of both Ubuntu and Debian systems up to and including version 7. Those who manually installed Cockpit must finally start it using the systemctl systemd tool:

systemctl enable cockpit.socket
systemctl start cockpit.socket

This happens automatically in Fedora 21 Server, CentOS Atomic, and RHEL Atomic.

Access

Cockpit can be accessed via HTTPS through the browser on TCP port 9090. If, for example, the server has the IP address 192.168.100.11, you can accordingly call up the URL https://192.168.100.11:9090 , although you might sometimes still need to drill a hole in the firewall. In Fedora 21 Workstation, this is applied by two commands:

firewall-cmd --reload
firewall-cmd --add-service=cockpit

The firewall in Fedora 21 Server innately accepts connections on port 9090. You should especially bear this in mind if you want to prevent access to Cockpit. Those who prefer a different port must customize the ListenStream setting in the configuration file cockpit.socket designated for systemd. This file is usually located in the /usr/lib/systemd/system/ folder; systemd must then apply the changes:

systemctl daemon-reload
systemctl restart cockpit.socket

Cockpit forces a secure connection via HTTPS and automatically redirects the HTTP request. A self-signed certificate is used here, which the operator must accept when first accessing Cockpit in the browser. Access to the server itself via http://localhost:9090 is an exception. Here, Cockpit also allows unencrypted connections.

If you want to use your own certificate, you must store it as a cert file with precisely this extension in the directory /etc/cockpit/ws-certs.d. If there are multiple certificates, Cockpit always uses the first file in alphabetical order. The certificate a.cert is therefore preferred over z.cert. If there is no certificate in the said directory, Cockpit automatically creates one. A self-signed certificate /etc/cockpit/ws-certs.d/~self-signed.cert is enclosed with Fedora 21.

Cockpit encrypts communication with the browser via TLS and current encryption methods. The standards SSLv3.0 and RC4, which are considered insecure, are disabled.

Logging On

You can log on to Cockpit using the same username and password pair you use to log directly onto the server. If the managed Linux system prevents you from setting up a user account, for example, Cockpit will also block this action. For full access to the system, the system administrator must therefore approach Cockpit as a root user.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Server administration with Cockpit
    Administer a small server farm, virtual machines, and the Docker alternative Podman with just a web browser.
  • Fedora 33 Server (full install)
    Fedora Server is an open source short-lifecycle server operating system sponsored by Red Hat and supported by a robust community.
  • Fedora 22 Server Edition (64-bit)
    Warning: Fedora 22 Server is not a Live distribution. Please run in a virtual environment for test purposes.

    The Fedora community unveils Fedora 22 Server, an operating system designed with various data center technologies to assist you in controlling your infrastructure and services. Server roles allow deployment and management of prepared roles with the Rolekit tool. DNF (Dandified Yum) replaces Yum as the default packaging tool. The web-based Cockpit server manager lets you access various subsystems across multiple servers from a single interface. Cockpit features include:

    • systemd service management
    • Journal log viewer
    • Storage configuration, including LVM
    • Docker container management
    • Basic network configuration
    • local user management
  • Fedora 35 Server (Install)
    The Fedora community delivers a short-lifecycle server operating system for seasoned system administrators with the latest technologies available in the open source community.
comments powered by Disqus