Although equipped with the latest Linux desktop environment, Rocky Linux 9 is very much a server operating system. As such, most Rocky Linux deployments will be to remote physical servers or as cloud-based virtual machine instances. Invariably, these systems run without a keyboard, mouse, or monitor, with direct access only available via the command prompt over a network connection. This presents a challenge in terms of administering the system from remote locations. While much can certainly be achieved via remote access to the command-line and desktop environments, there needs to be a consistent and cohesive solution to the administrative and monitoring tasks that must be performed daily on an enterprise-level operating system such as Rocky Linux 9.
The Cockpit web-based administration interface provides this functionality. This chapter will explain how to install, configure and access the Cockpit interface while also providing an overview of the key features of Cockpit, many of which will be covered in greater detail in later chapters.
An Overview of Cockpit
Cockpit is a lightweight, web-based interface that allows general system administrative tasks to be performed remotely. When installed and configured, the system administrator opens a local browser window and navigates to the Cockpit port on the remote server. After loading the Cockpit interface into the browser and logging in, a wide range of tasks can be performed visually using administration and monitoring tools.
Behind the scenes, Cockpit uses the same tools to perform tasks typically used when working at the command line and updates automatically to reflect changes occurring elsewhere on the system. This allows Cockpit to be used with other administration tools and techniques without the risk of one approach overriding another. Cockpit can also be configured to access more than one server, allowing multiple servers to be administered and monitored simultaneously through a single browser session.
Cockpit’s modular design also allows many features to be embedded into other web-based applications.
Installing and Enabling Cockpit
Cockpit is generally not installed on Rocky Linux 9 by default but can be set up and enabled in a few simple steps. The first step is to install the Cockpit package as follows: Next, the Cockpit socket service needs to be enabled:
# systemctl enable --now cockpit.socketCode language: Shell Session (shell)
Finally, the necessary ports need to be opened on the firewall to allow remote browser connections to reach Cockpit if a firewall is enabled on your system (for details on firewalls, refer to the chapter entitled Rocky Linux 9 Firewall Basics).
# firewall-cmd --add-service=cockpit --permanent
# firewall-cmd --reloadCode language: Shell Session (shell)
If you have access to the desktop environment of the server on which Cockpit has been installed, open a browser window and navigate to https://localhost:9090 to access the Cockpit sign-in screen. If, on the other hand, the server is remote, navigate to the server using the domain name or IP address (for example, https://myserver.com:9090).
When the connection is established, the browser may warn that the connection is not secure. This is because the Cockpit service uses a self-signed certificate. Select the option to proceed to the website or, to avoid this message in the future, select the advanced option and add an exception for the server address.
Once connected, the browser will load the login page shown in Figure 7-1 below:
Sign in to the Cockpit interface either as root or with your user account credentials. Note that some tasks will be restricted within the Cockpit interface when signed in as a user due to permission constraints. In this situation, the Cockpit console will display a button labeled “Limited Access,” as shown in Figure 7-2:
To elevate your privileges, click on the limited access button and enter your password when you are prompted to do so:
After signing in, Cockpit will display the Overview screen.
The Overview screen provides an overview of the current system, including access to CPU, memory, storage, and network activity performance metrics. This screen also includes information about the system, including the underlying hardware, hostname, system time, and whether the system software is up to date. Options are also provided to restart or shut down the system.
Figure 7-4, for example, shows the Overview page of the Cockpit interface:
For more information on a particular category, click on the corresponding link. Figure 7-5, for example, shows the system usage and metrics screen:
When the Logs category is selected, Cockpit displays the contents of the systemd journal logs. Choosing a log entry will display the entire log message. The log entries are ordered with the most recent at the top, and menus are included to filter the logs for different time durations and based on message severity.
Select the Storage option to review and manage the storage on the system, including disks, partitions, and volume groups, Network File System (NFS) mounts, and RAID storage. This screen also allows disk I/O activity to be monitored in real-time and lists log output from the system udisksd service used to query and manage storage devices:
The Networking screen provides information on various network-related configurations and services, including network interfaces and firewall settings. In addition, it allows configuration changes such as creating network bridges or setting up virtual networks:
Select this option to view the current user accounts configured on the system and create accounts for additional users. The topic of user management will be covered later in the chapter entitled “Managing RHEL 9 Users and Groups”:
Click on an existing account to view details and make changes. The user account details page may also be used to review and add Public SSH keys to the user’s account for remote access to the server, as outlined in the chapter Configuring SSH Key-based Authentication on Rocky Linux 9.
This screen displays a list of the system services running on the server and allows those services to be added, removed, stopped, and started.
The topic of services will be covered in detail in the chapter Managing Rocky Linux 9 systemd Units.
As previously mentioned, additional functionality can be added to Cockpit as extensions. These can either be self-developed extensions or those provided by third parties. The Applications screen lists installed extensions and allows extensions to be added or removed:
Virtualization allows multiple operating system instances to run simultaneously on a single computer system, with each system running inside its own virtual machine. The Virtual Machines Cockpit extension provides a way to create and manage the virtual machine guests installed on the server:
The Virtual Machines extension is not installed by default but can be added via the Cockpit Applications screen or by running the following command:
# dnf install cockpit-machinesCode language: Shell Session (shell)
The use of virtualization with Rocky Linux 9 is covered starting with the chapter An Overview of Rocky Linux 9 Virtualization Techniques.
If any software updates are available for the system, they will be listed here and can be installed from this screen:
As the name suggests, the Terminal screen provides access to the command-line prompt:
Connecting to Multiple Servers
Cockpit can be configured to administer multiple servers from within a single session. To add another host to the Cockpit session, click on the button highlighted in Figure 7-15 to display the Hosts panel:
Click the Add new host button and enter the IP address or hostname of the other system and select a color by which to distinguish this server from any others added to Cockpit before clicking on the Add button:
Cockpit will ask you to accept a new SSH key if you are connecting to the remote server for the first time. After accepting the key, you will be prompted to enter the password for the user name specified in Figure 7-16 above. The option is also provided to set up and authorize a password-protected SSH key to enable automatic login to the second host system next time you need to access it:
To switch between the hosts, display the Hosts panel (Figure 7-15 above) and select the required system.
Enabling Stored Metrics
In a standard installation, Cockpit does not retain any performance metric data beyond what is displayed in the short time window covered by the graphs. To retain the data collected by Cockpit, the Cockpit Co-Pilot (PCP) package needs to be installed. Begin by installing the cockpit-pcp package as follows:
# dnf install cockpit-pcpCode language: Shell Session (shell)
After installing cockpit-pcp, log out of the current Cockpit session and back in.
Next, display the Metrics and history screen and click on the Metrics settings button to display the screen shown in Figure 7-18, switch on the Collect metrics option, and click Save:
After sufficient time has elapsed for Cockpit to gather data, the metric information will appear as shown in Figure 7-19, categorized in hourly blocks:
The Cockpit web interface allows remote system administration tasks to be performed visually from within a web browser without relying on the command prompt and command-line tools. Once installed and enabled, the system administrator opens a web browser, connects to the remote server, and signs into the Cockpit interface. Behind the scenes, Cockpit uses the same command line tools as those available via the command prompt, allowing both options to be used without the risk of configuration conflicts. In addition, Cockpit uses a modular framework enabling additional extensions to be added and for custom extensions to be developed and integrated. A Cockpit session can be used to administer a single server or configured to access multiple servers simultaneously.