Cockpit, the advanced admin interface for Linux servers and desktops
The Cockpit Project is a Project started by Linux developers to provide a clean and crisp web interface for several Linux distros, to help with server administrative tasks[1].
What is Cockpit?
Well, in the words of the developers them self, cockpit is...
The easy-to-use, integrated, glanceable, and open web-based interface for your servers , The cockpit-project.org index page
And I'll add to that by saying: There is no extra layer between Linux and Cockpit. Cockpit directly talks to the Linux components. Everything you are viewing in Cockpit, is a live view of the server.
One great feature - in my opinion - of Linux servers, is that there are no GUIs to waste precious resources on. There is just a dark background with gray text to type in what the server should do for you. List all the files in the current directory your on, start and or stop the web/mail server software that you are using, display a train passing by your screen. That's all for the benefit of the server resources. Nothing is wasted on a Linux server, unless you waste it yourself.
If you want to have a very simplistic website, you can do so, by installing the web server software, and uploading your .html files to the server, Everything else, next to the web server software, is core. Meaning it is needed to keep the server up and running. There are no redundant packages.
But, not all can remember the thousands of commands that a Linux server has to offer. Not all have the strong will, mind and beard to endure that black screen and gray text. It's not for the soft hearted. People get depressed.
And that's where Cockpit comes around. To help the soft hearted better manage their Linux servers. It's a GUI for the Linux distro you are running.
You can manage your web server software, via a desktop GUI, by installing the desktop interface and all the gui applications of your choosing. However, that means installing allot of packages, that will use up resources, use up precious disk space and possibly slow down the responsiveness of your website. Here is where Cockpit really shines.
The Cockpit web service(cockpit-ws) only starts up when its requested. This is accomplished by using systemd's socket activation. It is setup so that when someone goes to the Cockpit port, it will start up the cockpit-ws, and that will start up other cockpit services needed to make Cockpit awesome. If nobody is logged in, all the cockpit services will stay closed[7].
This project is to provide users - experienced or not - a GUI, that is meant to aid them in better managing their Linux servers.
On top of that, I use it to maintain my own Personal Linux desktop. Sometimes its easier to use cockpit.
How do I install cockpit?
Since Cockpit provides a web interface for Linux component, and distro specific packages, the available cockpit plugin packages may vary from distro. Not all Linux component available on RedHat are available on Ubuntu, because Ubuntu does not have that specific package, and vice versa.
At the moment, Cockpit provides install instructions for 9 different Linux distros. Since it won't do any good to copy all of the install instruction here, we are just going to focus on one, Ubuntu 18.04 (LTS). To install on a different distro, follow the instructions on the cockpit install page. Due note that you might get it to work on other distros, *IF* they have systemd installed, since Cockpit relies heavily on systemd as its backend.
Installing Cockpit is as easy as running apt install cockpit
on any Ubuntu version, if its 17.04 or later. Due note that you might need to enable the cockpit services.
You can do that like so:
- systemctl start cockpit
- systemctl enable cockpit
- systemctl status cockpit
Cockpit has
new releases
roughly twice a month. Meaning allot of Linux distros will have outdated cockpit binaries, however, on Ubuntu,
you can install the latest and greatest, by using the bionic back ports,
like so: apt install cockpit/bionic-backports
.
To install the latest cockpit and its plugins, from the bionic backport, you can use the following one liner:
- apt-cache search cockpit | grep '^cockpit' | awk '{print $1}' | while read -r cockpit; do apt install $cockpit/bionic-backports ;done
This will list all the packages from the Ubuntu repos, put them in a while loop, and ask you if you want to install the specified Cockpit/Cockpit plugin.
There is a complementary blog post per a new Cockpit release, screenshots and all: Blog posts — Cockpit Project
If you have a firewall enabled, you have to whitelist port 9090. Use the appropriate firewall software to to do this. If you have firewalld, here is how you do that:
- sudo firewall-cmd --add-service=cockpit --permanent
- sudo firewall-cmd --reload
If you are on your Linux Desktop, you can browse the following url: http://localhost:9090/, to access the Cockpit login page. If you are on a server, you can access Cockpit, by typing in the IP address and or hostname of the server, and appending ":9090" at the end of the url. And then voila, the Cockpit login page.
This is the Cockpit login page. It uses the /etc/passwd and /etc/shadow file for the user credentials. Use the credentials of one of the Linux users to login.
After login you see the /system page, which is an overview of your server. From here, you can browse and click around on what you want to do on your Linux system. Most of this is self explanatory, you will need to have *some* technical know-how to keep you from mucking up your server.
The Cockpit dashboard plugin allows you to add other Linux servers - with Cockpit - to a server
with the cockpit-dashboard
plugin installed. This is done via SSH, with the logged user - and or the users ssh key - There in you can click on any of the servers and
manage them from there. All the added servers are saved as a json file in /etc/cockpit/machines.d/*.json
.
You can manually add all the machines in that directory. Save them, like so: 05-domain.json
. See example below. You might still need to manually input your password if you don't have SSH keys setup[8].
{ "sub.domain.fqdn": { "visible": true, "color": "rgb(103, 211, 0)", "address": "sub.domain.fqdn", "port": 9090, "user": "root" } }
Cockpit autodetect features, like firewalld. If you go to the /network
page, you would not see a firewall tab there, but if you'd install the firewalld package,
and refresh the page, the will be a new firewall tab, which in you can add services. Neat.
Removal
To remove Cockpit and all of its plugins and dependencies, I use the following:
- apt remove cockpit cockpit-* --purge --autoremove
This will purge cockpit and its plugins, including its dependencies, completely from your system.
Due note that the likes of Docker will also be purge from your system including docker images. Be aware of what you are doing. At all times.
Security
Cockpit is an alternative Linux session. Meaning it's another session to Linux, opened. Similar to the likes of SSH, X11 and VT logins. It does nothing special to the user.
An SSH user can also login to the Cockpit interface, if you log in as a normal user,
all of the components that Cockpit is loading, is loaded using that user's specific permissions[6].
Same as when you log in with SSH, if you don't have the rights to view the /home/otheruser/test/
directory,
or execute halt --poweroff
Cockpit can't either. So, rest assure, that they would need to execute some pretty
nifty Linux Kong Fu to break the Linux system.
For a more in depth blog posts about Cockpit security, please go to the cockpit website and visit the "Is cockpit Secure Post?"
Image Gallery
Here are some screenshot with Cockpit and several plugins, on an Ubuntu 18.04 server.
Conclusion
Cockpit, after several years of development, feels mature and stable. With steadily new releases every few weeks, its not gonna stop maturing any time soon. When looking at the road map, Cockpit is on the road on having a plugin for various Linux software, like NGINX. Which will allow many users to manage their web-server via a Cockpit.
I can go on and on about every little Cockpit feature, and I really tried to keep it short and simple, but I'm pretty excited about this software and all that its doing. I am not going away from my terminal. Not by a long shot. But, I respect the work they put into this. For more information , you can check out their homepage, for its code, wiki, and documentation. Have fun!
Reference
- cockpit-project.org: Cockpit Project
- cockpit-project.rorg: Is Cockpit Secure? — Cockpit Project
- web.archive.org => thewalter.net: cockpit-devconf-2014-talk.pdf
- github.com: cockpit-project / wiki Proxying-Cockpit-over-nginx
- github.com: cockpit-project / cockpit
- cockpit-project.org: guide / Privileges and Permissions
- cockpit-project.org: guide / cockpit-ws
- cockpit-project.org: guide / feature-machines