I tried using this to handle my 10-ish Docker containers, but I ended up using Portainer. Sure, not the same thing, but if someone (like me) thought Cockpit might be nice for managing a small Docker host, this didn't work for me
Hey that’s pretty cool, nice to see someone paying attention to Docker Swarm (it’s nice for simple deployments, like multi-server Compose). You might want to add some screenshots to the docs though.
Portainer is pretty nice feature wise but even with lowered MTU I still get odd networking related issues (seems like the agent or whatever cannot reach the manager sometimes) but I’ve had those sorts of issues across multiple different clusters, both in cloud and on-prem with single leader setups and across both RPM and DEB only clusters. Weird stuff, otherwise perhaps the most established solution for Docker Swarm.
I don't mind UI, but I think it's a bad approach.
Instead of hiding all those complexities of the server behind UI, I would like to see each part of the application teach me how to achieve the same result in CLI. That would be useful for people to teach themselves, because UI comes and goes but basic linux commands - will stay
I've used this before in the early days of my Linux SysAdmin work, especially in the homelab.
It's pretty solid, but the limited amount of projects and lack of visibility into the CLI it uses on the backend hinder the ability to translate sysadmin work into tangible Linux skills, so I dumped it at home in favor of straight SSH sessions and some TUI stuff.
That said, if I gotta babysit Linux in an Enterprise without something like Centrify? Yeah, Cockpit is a solid, user-friendly abstraction layer, especially for WinFolks.
Part of the technical assessment I have for hiring new platform engineers involves troubleshooting a service hosted in a headless Linux vm.
Troubleshooting and fluency on the command line are among what I consider core skills. Being able to dig through abstraction layers is not just essential for when things go wrong, they are essential for building infrastructure, and really tells you whether an architecture is fit for purpose.
It's neutered and not as full featured, but not bad in a pinch. All of these web admin tools are hacks that call out to shell scripts and whatnot. It requires a lot of conditional behavior and/or vertical integration. "Linux" has no consistent API for control, so its all duct tape. Webmin is the same, tbh (swap perl for whatever cockpit is written in)
Cockpit is great! My NAS (built on a weird “N17” AMD 7840HS laptop processor put into a desktop “server”mITX motherboard by those wizards in China) stuck in a Jonsbo N2 with 5x4TB Samsung 870 evos in ZFS raidz1 is entirely managed by it
I keep meaning to look into making plugins for it, but honestly I’ve barely needed to. Cockpit, the 45drives ZFS plugin fork, and the web terminal have been more than enough for me
I use it for certain use cases, where it definitely is more convenient. For example, adding a new user or adding an ssh key for a user or debugging SELinux issues.
The main difference of Cockpit as opposed to more old school visual server administration tools that it doesn't replace standard server management approaches with its own configuration storage in some weird database.
Edits which you make through cockpit and edits which you make through cli are exactly the same edits in same APIs. You do not need to choose one or the over. You can switch from one to the other seamlessly on a command by command basis.
Web UIs are nicer to deal with for simpler tasks. You can use this on your phone easily. Less technical users can be instructed on how to perform simple tasks like remotely powering off a machine.
I installed the latest Fedora Server on my Framework Desktop and noticed that Cockpit was enabled automatically. Overall impression is that its pretty good for getting a quick overview of things and you can certainly do _some_ administration with it, but you run into its limitations pretty fast trying to get any serious work done with it.
It's probably great for those who are new to Linux and want that NAS-like admin web UI to get the basics set up as a stepping-stone before launching deep into the command line.
I had a bad experience with it. We hired a contractor and he
1. insisted on a pre-war version of ubuntu
2. insisted on the cockpit. So you no longer can modify the NFS exports over ssh, you need to connect to this HTTP abomination. Very nice. Always wanted to open more ports on my servers
I used Cockpit for years after I started having issues with my network card in FreeNAS. It's generally very good, though I never really figured out how to graphically swap out a hard disk in a RAID without trashing the data (which happened once).
I suspect that was user error on my end, so if you want a more-or-less no-nonsense way to manager a server, it's certainly worth checking out.
I tried this out about 2 months ago when setting up a new server. I wanted something simpler and less resource heavy as webmin but it was just too simple. Adding questionable, half baked add-ons to get various functions to work just didn't give me the flexibility of webmin.
It is very nice. I hope more apps and options are added as it makes very simple to do some admin tasks.
Want to manage services? No problem, it is very easy. Clear failed and disable? Easy.
Want to see some disks and do admin operations on disks? It does.
Want a simple system monitor? It tracks cpu, ram and more in a pretty interface.
RHEL is dropping old interfaces like cluster management and starting to use Cockpit only.
I just wish Cockpit would replace Hawk2 for cluster management as it is better then the old deprecated cluster manager web interface.
But yes, install Cockpit or keep it installed ready to be use cause one day it saves the day...
- Easy OIDC
- Generally improve the file manager addon
- ncdu-like addon
- interface to create simple systemd services
- more visibility into which commands you can run to do the same thing
Some more love for the updates page. E.g. select a subset of updates to install, be more clear that the last update time could be different if you installed updates via CLI, that kind of thing.
i used to set up webmin for the linux challenged admins so they could do basic tasks. it was nice because you could lock them to specific functions in certain modules and make it difficult for them to break things
It's pretty single-server focused... but there is a 'Multi Host' mode. One instance can use SSH to look at N systems [independently]. This consolidates the Cockpit endpoints you might need to use/ports to open... but doesn't give much in the way of orchestration.
I believe when 'roscas' says this feature was dropped, they're talking about the requirement to enable 'AllowMultiHost'. As far as I know, this is still supported with some risk (according to the latest docs): https://cockpit-project.org/guide/latest/#secondary-auth
I think they dropped multi server managment because it was possible to add a few servers but I guess they drop that one out. You do can logon into a server right on the logon page. That is nice.
I just want to check from my phone how my home server is doing. Maybe someone else gets a perverse pleasure out of catting /proc/meminfo but I don't understand the need to make things more complicated than necessary.
When it evolved a couple years ago to automatically set up the bridge for libvirt correctly, it had arrived. When that thing can set up pushbutton podman apps with decent net and persistence defaults it will be gold.
Would be nice if the landing page had some graphical pictures for a graphical interface...
I tried using this to handle my 10-ish Docker containers, but I ended up using Portainer. Sure, not the same thing, but if someone (like me) thought Cockpit might be nice for managing a small Docker host, this didn't work for me
Going for a shameless plug - I am working on an observability dashboard for Docker Swarm: https://github.com/Radiergummi/cetacean
Also works for a single node cluster. Maybe that’s closer to what you’re looking for.
Hey that’s pretty cool, nice to see someone paying attention to Docker Swarm (it’s nice for simple deployments, like multi-server Compose). You might want to add some screenshots to the docs though.
There was also Swarmpit but it didn’t really get that much love, sadly: https://github.com/swarmpit/swarmpit/issues/719
Portainer is pretty nice feature wise but even with lowered MTU I still get odd networking related issues (seems like the agent or whatever cannot reach the manager sometimes) but I’ve had those sorts of issues across multiple different clusters, both in cloud and on-prem with single leader setups and across both RPM and DEB only clusters. Weird stuff, otherwise perhaps the most established solution for Docker Swarm.
I don't mind UI, but I think it's a bad approach. Instead of hiding all those complexities of the server behind UI, I would like to see each part of the application teach me how to achieve the same result in CLI. That would be useful for people to teach themselves, because UI comes and goes but basic linux commands - will stay
Comes and goes? Webmin would like a word
I've used this before in the early days of my Linux SysAdmin work, especially in the homelab.
It's pretty solid, but the limited amount of projects and lack of visibility into the CLI it uses on the backend hinder the ability to translate sysadmin work into tangible Linux skills, so I dumped it at home in favor of straight SSH sessions and some TUI stuff.
That said, if I gotta babysit Linux in an Enterprise without something like Centrify? Yeah, Cockpit is a solid, user-friendly abstraction layer, especially for WinFolks.
Part of the technical assessment I have for hiring new platform engineers involves troubleshooting a service hosted in a headless Linux vm.
Troubleshooting and fluency on the command line are among what I consider core skills. Being able to dig through abstraction layers is not just essential for when things go wrong, they are essential for building infrastructure, and really tells you whether an architecture is fit for purpose.
One of my favorite interview questions: "Here are some SSH credentials. What does this system do?"
Sometimes there aren't any docs. Sometimes the docs are wrong. It's important to be able to establish what the actual running situation is.
Ripe for a supply chain attack. What safeguards do they have to protect against one?
Well you can use it via ssh so you don't have to open it up to the Internet directly.
The worst one is password based login it enables
The same that OpenSSL had with thousands of eyeballs looking at its source code for decades.
Aka 0. Security is a theater for the amateurs.
I used Webmin[0] back in the day, I wonder how more recent server web UIs like Cockpit stack up.
[0] https://webmin.com/
It's neutered and not as full featured, but not bad in a pinch. All of these web admin tools are hacks that call out to shell scripts and whatnot. It requires a lot of conditional behavior and/or vertical integration. "Linux" has no consistent API for control, so its all duct tape. Webmin is the same, tbh (swap perl for whatever cockpit is written in)
45Drives uses cockpit as the UI layer of their "Houston" operating system. https://www.45drives.com/community/articles/New-Operating-Sy...
Cockpit is great! My NAS (built on a weird “N17” AMD 7840HS laptop processor put into a desktop “server”mITX motherboard by those wizards in China) stuck in a Jonsbo N2 with 5x4TB Samsung 870 evos in ZFS raidz1 is entirely managed by it
I keep meaning to look into making plugins for it, but honestly I’ve barely needed to. Cockpit, the 45drives ZFS plugin fork, and the web terminal have been more than enough for me
Same here. Using it on two boxes, makes Linux sysadmin work easier.
What is the use case for this over standard command line tools like systemctl, journalctl, top, docker ps?
I use it for certain use cases, where it definitely is more convenient. For example, adding a new user or adding an ssh key for a user or debugging SELinux issues.
The main difference of Cockpit as opposed to more old school visual server administration tools that it doesn't replace standard server management approaches with its own configuration storage in some weird database.
Edits which you make through cockpit and edits which you make through cli are exactly the same edits in same APIs. You do not need to choose one or the over. You can switch from one to the other seamlessly on a command by command basis.
Web UIs are nicer to deal with for simpler tasks. You can use this on your phone easily. Less technical users can be instructed on how to perform simple tasks like remotely powering off a machine.
Is the overhead of such tools, and added attack surface, justified over sshing and issuing a shutdown command though?
What kind of attack are you anticipating? Surely only a fool or a madman would make such a thing publicly accessible.
You can just run it via ssh anyway....
I installed the latest Fedora Server on my Framework Desktop and noticed that Cockpit was enabled automatically. Overall impression is that its pretty good for getting a quick overview of things and you can certainly do _some_ administration with it, but you run into its limitations pretty fast trying to get any serious work done with it.
It's probably great for those who are new to Linux and want that NAS-like admin web UI to get the basics set up as a stepping-stone before launching deep into the command line.
I had a bad experience with it. We hired a contractor and he
1. insisted on a pre-war version of ubuntu
2. insisted on the cockpit. So you no longer can modify the NFS exports over ssh, you need to connect to this HTTP abomination. Very nice. Always wanted to open more ports on my servers
Sounds like you had a bad experience with a contractor.
I used Cockpit for years after I started having issues with my network card in FreeNAS. It's generally very good, though I never really figured out how to graphically swap out a hard disk in a RAID without trashing the data (which happened once).
I suspect that was user error on my end, so if you want a more-or-less no-nonsense way to manager a server, it's certainly worth checking out.
I tried this out about 2 months ago when setting up a new server. I wanted something simpler and less resource heavy as webmin but it was just too simple. Adding questionable, half baked add-ons to get various functions to work just didn't give me the flexibility of webmin.
It is very nice. I hope more apps and options are added as it makes very simple to do some admin tasks. Want to manage services? No problem, it is very easy. Clear failed and disable? Easy. Want to see some disks and do admin operations on disks? It does. Want a simple system monitor? It tracks cpu, ram and more in a pretty interface. RHEL is dropping old interfaces like cluster management and starting to use Cockpit only. I just wish Cockpit would replace Hawk2 for cluster management as it is better then the old deprecated cluster manager web interface. But yes, install Cockpit or keep it installed ready to be use cause one day it saves the day...
Question from a Cockpit PO: if you were to choose one feature to add to the project what that feature would be?
- Easy OIDC - Generally improve the file manager addon - ncdu-like addon - interface to create simple systemd services - more visibility into which commands you can run to do the same thing
Some more love for the updates page. E.g. select a subset of updates to install, be more clear that the last update time could be different if you installed updates via CLI, that kind of thing.
A streamlined way to control "systemctl --user ..." without needing root auth.
Interesting. This looks nice. Made me think of webmin which I used... years ago.
Went to look and webmin's changed. Pretty crazy.
i used to set up webmin for the linux challenged admins so they could do basic tasks. it was nice because you could lock them to specific functions in certain modules and make it difficult for them to break things
yeah! I had some things through there early on when I was building sites. I had some custom scripts that could also be triggered by the users.
Does this work well with fleets? I remember looking at this early on it seemed fairly single-server focused.
It's pretty single-server focused... but there is a 'Multi Host' mode. One instance can use SSH to look at N systems [independently]. This consolidates the Cockpit endpoints you might need to use/ports to open... but doesn't give much in the way of orchestration.
I believe when 'roscas' says this feature was dropped, they're talking about the requirement to enable 'AllowMultiHost'. As far as I know, this is still supported with some risk (according to the latest docs): https://cockpit-project.org/guide/latest/#secondary-auth
I think they dropped multi server managment because it was possible to add a few servers but I guess they drop that one out. You do can logon into a server right on the logon page. That is nice.
Red Hat wants you to use Ansible for that.
[delayed]
cockpit has a great virtualization interface, in my opinion this alone makes it a better "buy" than truenas for a home server.
Very well done. For me cockpit is more than enough a mainstream proxmox
the opinion you didn't ask for:
avoid admin UIs... at best they make you lazy, at worst a security nightmare
I just want to check from my phone how my home server is doing. Maybe someone else gets a perverse pleasure out of catting /proc/meminfo but I don't understand the need to make things more complicated than necessary.
If you want people to self-host, this is a gateway to that.
When it evolved a couple years ago to automatically set up the bridge for libvirt correctly, it had arrived. When that thing can set up pushbutton podman apps with decent net and persistence defaults it will be gold.