RHEL7: How to install Cockpit.

Share this link

Presentation of Cockpit

Cockpit is a very lightweight system administration tool that provides a user interface for monitoring and administering servers through a web browser. It allows you to monitor current values and adjust limits on system resources through Systemd and the DBUS APIs.

Cockpit is made up of several components:

  • cockpit-ws is the web service used for communication between the browser application and various configuration tools and services; it listens on the network and authenticates users,
  • cockpit-bridge is used to relay messages and commands from the web front end to the server; it spawns processes on behalf of the web user interface,
  • cockpit-system contains the shell and system configuration interfaces.

Access control to Cockpit is done via PolicyKit. In addition, any user in the wheel group gets full access.

Cockpit application

Cockpit has zero memory and process footprint on the server when not in use: it exits after 90 seconds if nobody logs in, or after the last user is disconnected. It is a good example of a socket-activated service:

# cat /usr/lib/systemd/system/cockpit.socket
[Unit]
Description=Cockpit Web Service Socket

[Socket]
ListenStream=9090
...

# cat /usr/lib/systemd/system/cockpit.service
[Unit]
Description=Cockpit Web Service
Requires=cockpit.socket

[Service]
...
ExecStart=/usr/libexec/cockpit-ws
...

Installation Procedure

Install the EPEL repository:

# yum install -y epel-release

Install the cockpit package:

# yum install -y cockpit

Start and enable the Cockpit service:

# systemctl start cockpit && systemctl enable cockpit

Add a new rule to the firewall:

# firewall-cmd --permanent --add-port=9090/tcp
# firewall-cmd --reload

You can now point your browser at https://127.0.0.1:9090 (change the IP address accordingly).

Certificate Configuration

By default, Cockpit creates a self-signed certificate called 0-self-signed.cert during the installation process in the /etc/cockpit/ws-cert.d directory. If it’s not a concern for you, you will have to add a security exception through your browser.

Otherwise, you will need to create a certificate in the /etc/cockpit/ws-cert.d directory (Cockpit uses the last file with a .cert extension in alphabetical order).

This certificate should contain two parts (see additional details here):

  • one or more BEGIN CERTIFICATE blocks for the server certificate and the intermediate certificate authorities
  • followed by a block containing a BEGIN PRIVATE KEY.

If you use a Let’sEncrypt certificate, type:

# cat fullchain.pem privkey.pem > /etc/cockpit/ws-cert.d/1.cert

At any time, you can check what certificate Cockpit is using:

# remotectl certificate
certificate: /etc/cockpit/ws-certs.d/1.cert

Multiple Machines

Cockpit can connect to multiple machines from a single Cockpit session.

To do this, create a file called 05-remotemachines.json in the /etc/cockpit/machines.d directory and paste the following lines (see more details here):

{
   "mymachine": {
      "address": "x.y.t.z",
      "visible": true,
      "color": "green",
      "user": "root"
   }
}

where x.y.t.z is the IP address or the full qualified domain name of the machine you want to add to the Cockpit dashboard.

Sources: RHEL Atomic Host 7 and Cockpit website.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

RHCSA7: Task of the day

Allowed time: 10 minutes.
Create an EXT4 file system mounted by UUID in /etc/fstab under /vol based on a logical volume of 28 logical extents.

RHCE7: Task of the day

Allowed time: 10 minutes.
Set up a httpd virtual server called "dummy" with DocumentRoot assigned to /opt.

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...