Photo by Joshua J. Cotten on Unsplash

Photo by Joshua J. Cotten on Unsplash

Server administration with Cockpit

Fly by Sight

Article from ADMIN 59/2020
By , By
Administer a small server farm, virtual machines, and the Docker alternative Podman with just a web browser.

Cockpit [1] offers a graphical user interface for managing servers that takes care of network configuration, displays the server load, starts and stops system services, manages users, and more. All of these tasks can be handled conveniently in a web browser. Cockpit's feature scope is ideally suited to managing individual servers or server farms in corporate environments.

Unlike comparable products such as Webmin [2], which accesses the basic system through Perl scripts, Cockpit works exclusively and directly with systemd, as can be seen in the software versioning: The current version is 217. A glance at the blog [3] reveals that new versions of Cockpit are released approximately every two weeks.

In an article from 2015 [4], ADMIN looked into the topic of managing Linux servers with Cockpit; since then, much has changed. The Red Hat-sponsored project is now available for Fedora, Red Hat Enterprise Linux (RHEL), CentOS, Debian (version 9 and above), and Ubuntu (17.04 and above) and runs on x86_64 architectures, as well as 32-bit ARMv7 and 64-bit ARMv8 (AArch64). The server images of CentOS and Fedora come with Cockpit preinstalled.

Quickstart

On CentOS and Fedora, you can install Cockpit and enable and launch the matching systemd socket with:

dnf install cockpit
systemctl enable cockpit.socket
systemctl start cockpit.socket

These commands wake up a web server, which you can access with the Cockpit computer's IP address on local network port 9090 by entering https://192.168.2.3:9090 in a browser. Cockpit automatically generates a certificate for encrypted HTTPS connections.

To let all the admins on the network access the Cockpit server, you might need to modify your local firewall settings. On Fedora and CentOS, you can use the commands:

# firewall-cmd --add-service=cockpit
# firewall-cmd --reload

If you want to generate your own certificate or already have a suitable *.cert file, you can store it in /etc/cockpit/ws-certs.d/ as an alternative.

Secure Login

To log on to the system, you will usually have an account with administrative privileges (root or admin ) and a password. Logging on as a non-privileged user is also possible, but you won't be able to change system settings. For single sign-on authentication, Cockpit can be teamed with Kerberos. Cockpit 118 also introduced two-factor authentication, including the use of YubiKeys.

The first system view after logging in is an overview that provides information about the server. The web interface also lets you manage other servers in this view. The primary server [5] on which an SSH daemon and the Cockpit web service (cockpit-ws) runs controls and monitors other machines over SSH connections.

Each of these secondary servers runs a Cockpit Bridge, which the primary computer controls over the aforementioned SSH connections. The bridges forward the commands and messages called by the admin in the web-based user interface to the servers by making extensive use of D-Bus and numerous systemd services.

Adding Servers

Further servers can be configured either from the graphical interface or with text files in JSON format [6] stored in the /etc/cockpit/machines.d/ directory. A configuration file would resemble Listing 1: "address" can be either the IP address or the DNS name of the computer that Cockpit manages. These entries are required; all others are optional.

Listing 1

JSON File

01 {
02   "fedora-hc1.reschke.lan": {
03     "address": "192.168.2.17",
04     "visible": true,
05     "color": "green",
06     "user": "root"
07   },
08   "web server": {
09     "address": "192.168.2.4",
10     "visible": true,
11     "color": "rgb(100, 200, 0)",
12     "user": "admin"
13   }
14 }

The "visible" boolean parameter determines whether a server is visible in Cockpit. The "user" entry typically refers to "root" or "admin", as mentioned earlier. Because Cockpit accesses other machines over SSH, port 22 is the default. You can change this port, too, if necessary.

To distinguish the machines, you can also assign them different colors, changing how they are displayed in Cockpit. The ability to highlight subnets in different colors make them easier to distinguish for management tasks.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Server administration using Cockpit
    Cockpit makes it easy to manage Linux servers: Four mouse clicks in the browser restart the crashed web server, and four more interconnect the server's network interfaces. Pilots flying in this cockpit, though, have to cope with a few limitations.
  • Fedora 22 Server Edition (64-bit)
    Warning: Fedora 22 Server is not a Live distribution. Please run in a virtual environment for test purposes.

    The Fedora community unveils Fedora 22 Server, an operating system designed with various data center technologies to assist you in controlling your infrastructure and services. Server roles allow deployment and management of prepared roles with the Rolekit tool. DNF (Dandified Yum) replaces Yum as the default packaging tool. The web-based Cockpit server manager lets you access various subsystems across multiple servers from a single interface. Cockpit features include:

    • systemd service management
    • Journal log viewer
    • Storage configuration, including LVM
    • Docker container management
    • Basic network configuration
    • local user management
  • Fedora 21 Server Edition
    The Fedora Project is a free software community sponsored by Red Hat. With Fedora's rapid release schedule, you get the latest in virtualization, networking, and other technologies. The 64-bit Server version on this DVD is aimed at system administrators and is not a Live distro.
  • Monitoring containers
    A monitoring system helps avoid unpleasant surprises during operations, but admins need to modify existing solutions to fit a containerized world.
  • Elephant Shed PostgreSQL appliance
    The Elephant Shed PostgreSQL appliance bundles and integrates the components needed to manage a PostgreSQL server.
comments powered by Disqus