Search

Chapter 3. Using Cockpit

download PDF

3.1. Getting to know the Cockpit interface

Once you have logged in, you will see the tabs for the Dashboard and the individual machines added to Cockpit.

Dashboard: Shows a list of all systems added to the Cockpit server with graphs for CPU usage, memory usage, disk I/O, and network traffic.

Sunset

You can then select a system name, in this case "rhel atomic 7.2.3", and have a look at the side menu:

System: Shows information about the system that Cockpit is running on. This includes CPU usage, memory usage, disk I/O, and network traffic, as well as hardware and operating system details.

Sunset

Services: Shows the systemd services running on the Cockpit server. You can see which are active/enabled or inactive. You can also see other systemd features: Targets, sockets, timers, and paths.

Sunset

Select a service to view its details:

Sunset

Containers: Lists all images available on the system, all running and non-running containers, combined CPU & memory usage graphs, and a storage usage bar.

Sunset

Logs: See messages produced by the systemd journal. These are errors, warnings, and notices that are generated by systemd services and gathered by the journal (like the output of the journalctl command). Errors are listed by the date they occurred. You can also view warnings, notices, or all messages.

Sunset

Networking: See networking interfaces (eth0, docker0, etc.) as well as the amount of data being sent and received.

Sunset

Tools: View other system information:

  • Subscriptions: Displays what Red Hat products are installed and subscribed.

Sunset

  • Accounts: Shows which administrative (root) and other users (atomic_user1, atomic_user2) have accounts on the system.

Sunset

  • Diagnostic report: Collects system configuration and diagnostics information and prepares a report in an XZ format.

Sunset

You can then download the report locally on your system:

diagnostics report download

  • Terminal: Opens a Terminal (command line) session to the Cockpit system. From there, you can run any commands available to the user you are logged in as. For example, as root, you could run docker or kubectl commands.

Sunset

  • Software Updates: Shows the available OSTrees on the system. You can also check for a newer tree, or rollback to a previous version.

Sunset

3.1.1. Adding another system to monitor

Once you log in to the primary server, you will be able to connect to additional servers. These secondary systems need to have:

  • The Cockpit packages installed.
  • An SSH server running and available on port 22 that supports password or key-based authentication.

The cockpit-ws component is not necessary on these additional systems.

From the "Dashboard" tab next to the system name, choose the "plus" button to add a new host. You can then add the IP of the secondary machine and choose which color will represent it in the user interface.

Sunset

Select the user name and type in the password:

add host passwd

Configuring Key-Based Authentication

If you have keys generated on the primary server, you need to add them to the target server, in the ~/.ssh/authorized_keys file. If you do not have keys, use the following command:

$ ssh-keygen

Next, copy the contents of the ~/.ssh/id_rsa.pub file to the ~/.ssh/authorized_keys file on the target server. Then, return to the user interface on the primary server, click the top right corner menu with the user name on it, choose Authentication, and enable the preloaded key.

Sunset

After you type in the IP when adding the new system to the Dashboard, change the Authentication type to Use available credentials.

3.1.2. Logging to other systems through Cockpit

On the login screen, you can also choose an alternate host to connect to. Type in your username and password from that alternate host, then click Other Options, in the entry field type the IP address of the new host, and click Log In. You will be prompted for the SSH fingerprint, click Log In again, and you will be able to browse the new system. Cockpit uses SSH to authenticate you against that host, and you do not need to configure anything additionally on the new system. As a prerequisite, it will need to have SSH listening on port 443, and the cockpit-bridge package installed and the same version as in the Cockpit server.

Note

As a prerequisite, it will need to have SSH listening on port 443, and the cockpit-bridge package installed and the same version as in the Cockpit server. If the new machine is not known to Cockpit, and you get the Refusing to connect. Host is unknown use the following command to allow connections from unknown hosts:

+

ssh-keyscan -H [ip_address] >> /var/lib/cockpit/known_hosts

3.2. Logging into a system via a Bastion Host

On the Cockpit login screen you can now choose an alternate host to connect to. Cockpit with use SSH to authenticate you against that host, and display the admin interface for that host.

Although browsers cannot use SSH directly to connect to machines or authenticate against them, Cockpit can make this happen. Only one host needs to have Cockpit listen on port 9090 available to browsers over TLS, and other hosts can only have SSH accessible on the usual port 22.

3.2.1. Working with containers

The Containers tab presents you with a UI to interact with your images and containers. Apart from the system resources graphs, there are lists of all images you have locally on the system as well as all running and non-running containers.

  • Download an image. Click the "Get new image" button from the images list to the right and enter an image name or a keyword. Choose an image and click "Download".

Sunset

  • Starting and stopping containers. From the "Containers" list, you can start and stop containers using the buttons on the right-hand side. Use the drop-down menu to see all or filter out the non-running containers.

Sunset

  • Click on a container to inspect it. Shows the state, the command executed, the container’s and image’s IDs, a timestamp, as well as the container’s own terminal:

Sunset

  • Click on an image to inspect it. Shows the image’s ID, entrypoint and command, and a list of containers based on that image. You can also delete the image from here or run a container from it.

Sunset

  • Run a container. To run a container from an image, either click the triangle button from the right-hand side of the list or choose the image first and then click "Run" from the top right corner. A dialog is displayed where you can enter the required data for the new container:

Sunset

You can select which command the container should run, and you can also link that container to other containers, which will allow them to interact. In addition, you can expose a port when you want a specific service to be visible from the host.

3.2.2. Changing the port

A. On Red Hat Enterprise Linux Atomic Host:

atomic run rhel7/cockpit-ws --port 9898

B: On Red Hat Enterprise Linux:

Create the /etc/systemd/system/websocket.cockpit.d/listen.conf file and, if needed, the preceding directories.

$ mkdir /etc/systemd/system/websocket.cockpit.d/
$ touch /etc/systemd/system/websocket.cockpit.d/listen.conf

The file should have the following content:

[Socket]
ListenStream=9898

Next, allow the new port through the firewall:

$ sudo firewall-cmd --add-port=9898/tcp
$ sudo firewall-cmd --permanent --add-port=9898/tcp

If you have SELinux enabled, change the default SELinux policy to allow the websm_port_t domain to listen on the TCP 9898 port:

$ sudo semanage port -a -t websm_port_t -p tcp 9898

If the port is already defined by some other part of the SELinux policy, use the -m argument instead of -a to modify the definition:

$ sudo semanage port -m -t websm_port_t -p tcp 9898

In order for the changes to take effect, run the following commands:

$ sudo systemctl daemon-reload
$ sudo systemctl restart cockpit.socket

You can now use the address with the newly assigned port in the web browser.

3.3. Enabling more features on Cockpit

You can add more features to Cockpit that are not in Atomic by default using package layering.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.