Over 3 years ago the Fedora Magazine published an article entitled Cockpit: an overview. Since then, the interface has see some eye-catching changes. Today’s Cockpit is cleaner and the larger fonts makes better use of screen real-estate.
This article will go over some of the changes made to the UI. It will also explore some of the general tools available in the web interface to simplify those monotonous sysadmin tasks.
Cockpit installation
Cockpit can be installed using the dnf install cockpit command. This provides a minimal setup providing the basic tools required to use the interface.
Another option is to install the Headless Management group. This will install additional packages used to extend the usability of Cockpit. It includes extensions for NetworkManager, software packages, disk, and SELinux management.
Run the following commands to enable the web service on boot and open the firewall port:
$ sudo systemctl enable --now cockpit.socket Created symlink /etc/systemd/system/sockets.target.wants/cockpit.socket -> /usr/lib/systemd/system/cockpit.socket $ sudo firewall-cmd --permanent --add-service cockpit success $ sudo firewall-cmd --reload success
Logging into the web interface
To access the web interface, open your favourite browser and enter the server’s domain name or IP in the address bar followed by the service port (9090). Because Cockpit uses HTTPS, the installation will create a self-signed certificate to encrypt passwords and other sensitive data. You can safely accept this certificate, or request a CA certificate from your sysadmin or a trusted source.
Once the certificate is accepted, the new and improved login screen will appear. Long-time users will notice the username and password fields have been moved to the top. In addition, the white background behind the credential fields immediately grabs the user’s attention.
A feature added to the login screen since the previous article is logging in with sudo privileges — if your account is a member of the wheel group. Check the box beside Reuse my password for privileged tasks to elevate your rights.
Another edition to the login screen is the option to connect to remote servers also running the Cockpit web service. Click Other Options and enter the host name or IP address of the remote machine to manage it from your local browser.
Home view
Right off the bat we get a basic overview of common system information. This includes the make and model of the machine, the operating system, if the system is up-to-date, and more.
Clicking the make/model of the system displays hardware information such as the BIOS/Firmware. It also includes details about the components as seen with lspci.
Clicking on any of the options to the right will display the details of that device. For example, the % of CPU cores option reveals details on how much is used by the user and the kernel. In addition, the Memory & Swap graph displays how much of the system’s memory is used, how much is cached, and how much of the swap partition active. The Disk I/O and Network Traffic graphs are linked to the Storage and Networking sections of Cockpit. These topics will be revisited in an upcoming article that explores the system tools in detail.
Secure Shell Keys and authentication
Because security is a key factor for sysadmins, Cockpit now has the option to view the machine’s MD5 and SHA256 key fingerprints. Clicking the Show fingerprints options reveals the server’s ECDSA, ED25519, and RSA fingerprint keys.
You can also add your own keys by clicking on your username in the top-right corner and selecting Authentication. Click on Add keys to validate the machine on other systems. You can also revoke your privileges in the Cockpit web service by clicking on the X button to the right.
Changing the host name and joining a domain
Changing the host name is a one-click solution from the home page. Click the host name currently displayed, and enter the new name in the Change Host Name box. One of the latest features is the option to provide a Pretty name.
Another feature added to Cockpit is the ability to connect to a directory server. Click Join a domain and a pop-up will appear requesting the domain address or name, organization unit (optional), and the domain admin’s credentials. The Domain Membership group provides all the packages required to join an LDAP server including FreeIPA, and the popular Active Directory.
To opt-out, click on the domain name followed by Leave Domain. A warning will appear explaining the changes that will occur once the system is no longer on the domain. To confirm click the red Leave Domain button.
Configuring NTP and system date and time
Using the command-line and editing config files definitely takes the cake when it comes to maximum tweaking. However, there are times when something more straightforward would suffice. With Cockpit, you have the option to set the system’s date and time manually or automatically using NTP. Once synchronized, the information icon on the right turns from red to blue. The icon will disappear if you manually set the date and time.
To change the timezone, type the continent and a list of cities will populate beneath.
Shutting down and restarting
You can easily shutdown and restart the server right from home screen in Cockpit. You can also delay the shutdown/reboot and send a message to warn users.
Configuring the performance profile
If the tuned and tuned-utils packages are installed, performance profiles can be changed from the main screen. By default it is set to a recommended profile. However, if the purpose of the server requires more performance, we can change the profile from Cockpit to suit those needs.
Terminal web console
A Linux sysadmin’s toolbox would be useless without access to a terminal. This allows admins to fine-tune the server beyond what’s available in Cockpit. With the addition of themes, admins can quickly adjust the text and background colours to suit their preference.
Also, if you type exit by mistake, click the Reset button in the top-right corner. This will provide a fresh screen with a flashing cursor.
Adding a remote server and the Dashboard overlay
The Headless Management group includes the Dashboard module (cockpit-dashboard). This provides an overview the of the CPU, memory, network, and disk performance in a real-time graph. Remote servers can also be added and managed through the same interface.
For example, to add a remote computer in Dashboard, click the + button. Enter the name or IP address of the server and select the colour of your choice. This helps to differentiate the stats of the servers in the graph. To switch between servers, click on the host name (as seen in the screen-cast below). To remove a server from the list, click the check-mark icon, then click the red trash icon. The example below demonstrates how Cockpit manages a remote machine named server02.local.lan.
Documentation and finding help
As always, the man pages are a great place to find documentation. A simple search in the command-line results with pages pertaining to different aspects of using and configuring the web service.
$ man -k cockpit cockpit (1) - Cockpit cockpit-bridge (1) - Cockpit Host Bridge cockpit-desktop (1) - Cockpit Desktop integration cockpit-ws (8) - Cockpit web service cockpit.conf (5) - Cockpit configuration file
The Fedora repository also has a package called cockpit-doc. The package’s description explains it best:
The Cockpit Deployment and Developer Guide shows sysadmins how to deploy Cockpit on their machines as well as helps developers who want to embed or extend Cockpit.
For more documentation visit https://cockpit-project.org/external/source/HACKING
Conclusion
This article only touches upon some of the main functions available in Cockpit. Managing storage devices, networking, user account, and software control will be covered in an upcoming article. In addition, optional extensions such as the 389 directory service, and the cockpit-ostree module used to handle packages in Fedora Silverblue.
The options continue to grow as more users adopt Cockpit. The interface is ideal for admins who want a light-weight interface to control their server(s).
What do you think about Cockpit? Share your experience and ideas in the comments below.
Ondrej Kolin
Thanks for sharing this! Cockpit looks great and I am looking forward to see the bright future with complex monitoring, mantaining system, which is simple, secure, and yet powerful!
So far we will stick to Icinga as we sysadmins are so conservative about techs and setups.
Andreas P
I love Cockpit, I use it for my home computers and it works like a charm. Cockpit being so much developed right now makes it like christmas every update with new features and patches. A must have if you ask me!
Eric Mesa
I’ve been using it for a few years now to manage my headless servers and I love it! It gives me a GUI for those times when I don’t want to remember all the commandline switches for a particular command. Also, I’m a visual person, so the graphs really help.
Mark
Thanks for this, it has been a while since I looked at cockpit and it has certainly improved.
I’ve had another look at it after this post and what seems to be most useful (to me anyway) is the ability to add additional servers to the dashboard performance display; rather than having to logon to multiple servers to run iotop/iftop/top/sar to find a performance bottleneck the dashboard can at least give an indication of what is happening across all servers of interest to provide a starting point in hunting down active issues.
Hopefully in the future it will integrate into things like lm_sensors and virt-top to provide further useful graphs on the dashboard.
But as it currently exists it is already a useful tool.
AsciiWolf
Nice article, thanks! Looking forward to similar article about Fleet Commander. 🙂
Thomas
Nice article, thanks.
On the occasion of cockpit being talked about… maybe someone ’round here can shed some light: I still haven’t figured out what to do (and how) in order to make cockpit being available as a location in my nginx config.
See, I’d like to be able to serve cockpit under a path like {myserver}/console instead of {myserver}:9090. And although it should work in theory by following some sparse instructions available on the internet it actually does not.
Someone’s got a clue? Or even, whohoo, a working setup? TIA, Thomas
Randy
I have a valid Let’s Encrypt Cert for my server. It works on every other service I use on my server. How do I make my LE Cert work with cockpit? It keeps telling me that the cert is invalid every time I go to https://my.domain:9090 I can just as easily accept the invalid cert, but I’d like it to use the valid cert already on the system, verified valid today with certbot.
I have never controlled the server with a GUI or WebUI before but I figured I’d give it a try with the new Cockpit.
Ilias
You will need to symlink your LE certificate to the
directory. See https://cockpit-project.org/guide/149/https.html
Thomas
Randy, I guess that varies a lot depending on which web server you are running… in my case it’s Nginx – and regarding how to make it play with cockpit, I found the following sites to be helpful.
( Well, let’s say “interesting” at least, since I wasn’t able to solve my issues. Maybe it helps you to gather more insight. )
https://github.com/cockpit-project/cockpit/wiki/Proxying-Cockpit-over-NGINX
https://cockpit-project.org/guide/latest/
HTH, Cheers, Thomas
Thomas
Randy, me again. Check this:
https://github.com/cockpit-project/cockpit/wiki/Proxying-Cockpit-over-Apache-with-LetsEncrypt
And here’s a feature request from the cockpit wiki …that rather sounds like none of any currently availabe solutions works at all:
https://github.com/cockpit-project/cockpit/wiki/Feature:-Certificates
Cheers, Thomas