Server administration using Cockpit

Control Center

Under the Hood

Cockpit itself consists of several components (Figure 7); the cockpit-ws service launched by systemd supplies the switchboard. The ws stands for web server. It delivers the web application to the browser and controls the remaining tools. In doing so, however, cockpit-ws is not just permanently in the background; in fact, systemd listens to port 9090 and only automatically activates the web server when trying to establish a connection.

Figure 7: Cockpit uses a different component for each task. (https://github.com/cockpit-project/cockpit/blob/master/doc/cockpit-transport.png)

The cockpit-ws service starts the cockpit-bridge service as soon as you log on. This, in turn, communicates with systemd, the network manager, and other system components via the D-Bus interface. Docker and Kubernetes, which Cockpit controls via REST, are exceptions.

Whereas cockpit-ws works using root privileges, cockpit-bridge runs with normal user rights. In older versions of Cockpit, the service cockpitd was used instead of cockpit-bridge. This applies in particular to version 0.27, which came with Fedora 21.

A few other auxiliary programs are available besides cockpit-ws and cockpit-bridge. For example, Cockpit uses cockpit-session and PAM to authenticate the user and to initiate a corresponding session.

If you register another server in the web interface, cockpit-ws establishes contact with it via SSH. cockpit-ws then directs the cockpit-bridge running on the other server using the secured SSH connection. However, this procedure requires both that Cockpit is installed on each server and that an SSH daemon constantly listens to port 22.

Note that cockpit-ws automatically terminates after 10 minutes of inactivity. If port 9090 is then accessed again, systemd starts the web application again. Alternatively, you can manually call up Cockpit via /usr/libexec/cockpit-ws in Fedora 21.

Furthermore, a suitable systemd service called cockpit.service can be used to shut down or restart Cockpit. If you stop the service, you should close the socket; otherwise, systemd will automatically start up Cockpit again if a connection is (accidentally) established:

systemctl stop cockpit.socket cockpit

If you delve more deeply into the structure of Cockpit and want to supplement the user interface with additional functions, you should take a look at the Developer Guide [7]. An updated version is enclosed with the source code in the subdirectory doc [4].

Conclusions

You can easily manage one or more servers using Cockpit. Those who can deal with Gnome's system settings will find their way in Cockpit, too. Unlike its competitor Webmin, Cockpit focuses on Linux systems. You need to set up additional applications such as an Apache web server manually.

Additionally, Cockpit is currently strongly tailored to Fedora and especially systemd. Users should therefore at least have superficial knowledge of the init system and its concepts. By focusing on a few system components, however, Cockpit is able to work more reliably and, above all, shine with a consistent, uncluttered user interface. Like all web applications, however, Cockpit opens a new port on the server, which is in principle a security risk.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Server administration with Cockpit
    Administer a small server farm, virtual machines, and the Docker alternative Podman with just a web browser.
  • Fedora 22 Server Edition (64-bit)
    Warning: Fedora 22 Server is not a Live distribution. Please run in a virtual environment for test purposes.

    The Fedora community unveils Fedora 22 Server, an operating system designed with various data center technologies to assist you in controlling your infrastructure and services. Server roles allow deployment and management of prepared roles with the Rolekit tool. DNF (Dandified Yum) replaces Yum as the default packaging tool. The web-based Cockpit server manager lets you access various subsystems across multiple servers from a single interface. Cockpit features include:

    • systemd service management
    • Journal log viewer
    • Storage configuration, including LVM
    • Docker container management
    • Basic network configuration
    • local user management
comments powered by Disqus