Blog posts

Cockpit 136 and 137

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from versions 136 and 137.

Reordered entries in the sidebar menu

As a followup to the new look, the entries in the sidebar menu have now been reordered in a more sensible fashion:

  • System information
  • Logs for troubleshooting
  • Configuring major subsystems: Storage, Networking
  • What’s running: Containers and Virtual Machines
  • Implementation details: Admin accounts, Services/Units

Check out the screenshot below to see how this looks now.

Sidebar order

Storage management is more convenient

In order to make configuring storage more convenient, the Cockpit UI now prevents removing disks from a RAID when removal would lead to data loss due to an insufficient number of remaining volumes in the RAID. Also, when creating a Volume Group (LVM) or adding disk space to a Volume Group, unpartitioned space is now offered as a choice. If selected, Cockpit automatically creates a partition before adding it to the Volume Group. Check out the screenshots below to see how these features look.

Remove RAID disk Add unpartitioned disk

Consider user known_hosts for ssh connections

When managing remote machines, Cockpit now considers known host keys in the user’s ~/.ssh/known_hosts in addition to the system-wide /etc/ssh/ssh_known_hosts. This makes Cockpit behave more like the standard ssh client.

Try it out

Cockpit 137 is available now:

Cockpit 135

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 135.

Redesigned sidebar navigation

The existing page menu took some getting used to for some use cases. It’s now easier to use when connected to multiple hosts and provides the basis for future improvements that will reduce or remove the horizontal menu entries. On systems where the top navigation bar doesn’t have any useful information, such as when there is no Dashboard, the top navigation bar is removed entirely. Check out the screenshot below for a peek at the new sidebar design.

Sidebar navigation

Indicator in top bar shows privilege escalation

On the login page a user can allow Cockpit to use the password for privileged tasks. A new indicator in the top bar shows an unlocked state when these privileges are available and a locked state if they aren’t. The user can click on the indicator in the unlocked state to drop privileges for the rest of the session. In some cases privileges cannot be dropped - among others for root and no-password sudo users - and the indicator will disappear. Check out the video below to see this in action.

Disks are now shown for virtual machines

The expanded information for entries on the Virtual Machines page now contains information on a machine’s disks, such as the device, read only state and for disk images the local file path. Information on disk capacity is only available with more recent versions of libvirt. Check out the screenshot below to see how this looks.

Virtual machine disks

New developer tool can close active Cockpit pages

Once pages in Cockpit, such as Networking or System, are opened they usually stay open in the background, even if they aren’t visible. This is important on most pages to ensure the code can continue interacting with the system in the background, user input isn’t lost, and the page doesn’t have to be reloaded when the user returns to it. For the cases when a user wishes to actually close the page there is a new entry next to Display Language in the user drop down menu, named Active Pages. It only becomes visible when the ALT key is pressed while clicking on the menu dropdown. On some drag enabled browsers it doesn’t work to just use ALT, but any combination involving ALT, such as CTRL+ALT, also works. Check out the screenshot below for a peek.

Active Pages

SSH connections established within the user session

When one Cockpit instance connects to other machines it does so via SSH. Previously these connections were launched from cockpit-ws, the process listening on the network.

As part of making Cockpit mirror standard Linux practices better, SSH connections are now made from within the logged in user session, launched from the cockpit-bridge process. This allows Cockpit to use credentials from the logged in user session while establishing those SSH connections, such as kerberos tickets, the ssh-agent or private keys.

Try it out

Cockpit 135 is available now:

Cockpit 134

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 134.

Login page is now translatable

The majority of Cockpit has long been translatable. Since the login page is a bit of a special case, it required some special attention to make that also play well with the language display settings. Take a look at the video below for a demo. Check out the Zanata link below, it’s very easy to contribute translations to Cockpit. At this time our top 3 translations (>90%) are Polish (pl), Ukranian (uk) and Chinese (zh-CN). Every bit of help here is greatly appreciated and a big thank you to our contributors!

Cockpit translations

Show message of the day on the System page

Cockpit now supports one more feature it was previously missing compared to the command line login: the System page now shows the current message of the day (/etc/motd). When dismissed by clicking on the X close button, the message is hidden until it changes.

Message of the day

Expose fewer system service actions

Cockpit previously exposed systemd unit actions such as Reload or Try Restart which are primarily intended for scripts. The dropdown list now only shows actions which are useful for interactive human usage: Start, Stop, Restart and Reload.

Service actions

Try it out

Cockpit 134 is available now:

Cockpit 133

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 133.

Remotely managed machines are now configured in /etc/cockpit/machines.d

Cockpit plugins, other packages, admins, VM management software, or config management systems like Ansible/puppet/cloud-init might want to pre-configure machines for cockpit. Previously this information was stored in /var/lib/cockpit/machines.json, but now that information is stored in individual json files in /etc/cockpit/machines.d. Existing machines.json files are migrated automatically to the new format. Check out the documentation below for more information on the format and use.

Multiple machines documentation

Packages can register additional bridges

On the server side the cockpit-bridge connects to various system APIs. There are additional bridges for specific tasks that the main cockpit-bridge cannot handle, such as tasks that should be carried out with privilege escalation. These additional bridges can be registered in the bridges section of a package’s manifest.json file. Check out the documentation below for more information on the format and use.

Additional bridges

Split translations into individual packages

Behind the scenes there’s been a lot of work on making translations work more smoothly and future-proof. As part of this the translations have been split into the individual packages, which also means they can be updated per package in the future. Check out the Zanata link below, it’s very easy to contribute translations to Cockpit. At this time our top 3 translations (>90%) are Polish (pl), Ukranian (uk) and Chinese (zh-CN). Every bit of help here is greatly appreciated and a big thank you to our contributors!

Cockpit translations

Try it out

Cockpit 133 is available now:

Cockpit 130, 131 and 132

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 130, 131 and 132.

Kernel dump configuration support added

Kernel crash dump configuration is now possible in Cockpit: view and toggle the status of the kdump service, with hints how to enable if the kernel boot parameters need to be changed. Cockpit shows the amount of reserved memory and setting a path for dumping the kernel on the local filesystem, with a toggle for compressing the crash dumps. Take a look at the video below for a demo.

MAC addresses for ethernet adapters and bonds can be modified

On the Networking page, MAC addresses for ethernet adapters can now be clicked to edit them, starting with NetworkManager version 1.4. For bonds, the MAC addresses are shown and can be edited starting with NetworkManager version 1.6. Take a look at the video below for a demo.

Show session virtual Machines on the machines page

Libvirt differentiates between system virtual machines and session ones, which are tied to the user. In Cockpit all the virtual machines accessible to the logged in user, system and session, are now shown in a combined list.

Session virtual machines

SELinux functionality is now available without setroubleshootd

The SELinux page in Cockpit can do more than just troubleshoot. It was therefore renamed to SELinux and the functionality of toggling between enforcing/permissive mode is now also available even if setroubleshoot-server isn’t installed. This was cause for unexpected behavior on Atomic Host systems without setroubleshoot-server where it’s non-trivial and often undesired to add that package.

SELinux without troubleshooting

Try it out

Cockpit 132 is available now:

Use the packages to install this version of Cockpit. When installing from the tarball, remove /etc/systemd/system/cockpit.service.d/fatal.conf manually afterwards to prevent Cockpit from exiting in rare cases.

Cockpit 128 and 129

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 128 and 129.

Manage remotes and rebasing in OSTree

When working with OSTrees on operating systems like Atomic Host there will often be multiple branches to choose from. For example there may be a beta version of the operating system. Thanks to Peter’s work, Cockpit can now switch between branches and view and activate OSTrees from those branches. Also, Cockpit supports managing multiple remotes and viewing their branches. Remotes are a way of describing where OSTree should pull updates from. Take a look at the video below for a demo.

The subpackage cockpit-dashboard has been split out

The new cockpit-dashboard subpackage contains the dashboard itself and the cockpit-ssh process. Eventually this paves the way for more flexibility regarding authentication processes, but for now cockpit-ws unconditionally depends on cockpit-dashboard, and also requires the identical versions. Nothing changes for those who install the cockpit package. But this allows more flexibility when using Cockpit for specific use cases.

Issues upgrading Cockpit on Debian and Fedora have been fixed

Our packaging changes in recent versions broke upgrading Cockpit on Debian and Fedora. This is fixed now and updates should work properly once again.

On Atomic, sosreport works again

A bug that prevented the diagnostic tool sosreport from working on Atomic systems was fixed. Generating and accessing these diagnostic reports can be very helpful when diagnosing or reporting an issue on the system.

Optionally disable the dependency on libssh

When configuring Cockpit, the option disable-ssh disables building cockpit-ssh and removes the dependency on libssh. This is useful when building on an operating system where libssh is not available.

Try it out

Cockpit 129 is available now:

Cockpit 126 and 127

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 126 and 127.

Show security scan information about container images

Lars did work to show security scan information about container images. The displayed scans happen via the atomic scan tools and the data comes from the OpenSCAP system. Take a look at the video below.

Choose whether password is cached and reused on the login screen

The typical workflow for peforming privileged tasks on a Linux system is to log in as a non-root user and then use sudo or Polkit to escalate privileges.

Stef did work to make Cockpit’s privilege escalation reflect this properly. Cockpit now has an option on the login screen to Reuse my password for privileged tasks. Checking this option automatically performs reuses the login password as necessary to escalate privileges. If you leave this box unchecked then Cockpit will behave exactly as a normal user login without special privileges.

In the future we’ll have a way to enable this option once logged in, and retype your password inside of the logged in session.

Here’s a video which shows how this works:

The remotectl command can now combine certificate and key files

Peter did work to make it easier to use TLS certificate and key files with Cockpit for port 9090. Normally the server certificate(s) and key need to be combined into a single file and placed into the /etc/cockpit/ws-certs.d directory. The remotectl command that comes with Cockpit can now be used to build such a combined file:

remotectl certificate server.pem chain.pem key.pem

Due to this, when Cockpit is deployed as an Openshift Pod it can use certificates provided by Openshift.

Cockpit respects /etc/shells

Martin fixed Cockpit so it only allows the user to log in if the user has a valid shell listed in /etc/shells. In addition bugs on Ubuntu and Debian have been fixed where users were created without valid shells.

Allow renaming of active devices in networking interface

You can now rename network devices like bonds or bridges while they’re active. The change will apply immediately and without any interruption in service.

Rename cockpit-shell to cockpit-system

The cockpit-shell subpackage has been renamed to cockpit-system to better reflect its focus: configuring and troubleshooting the local system.

Kerberos authentication now work even if gss-proxy is in use

Sometimes Kerberos (or GSSAPI) single-sign-on authentication requires multiple round trips to the server. Cockpit now supports this properly, and the end result is that SSO works even when fancy things like GSS-Proxy are in use.

Try it out

Cockpit 127 is available now:

Cockpit 125

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 123, 124 and 125.

Cockpit is now properly translatable

Cockpit is now properly translatable. It was a big task to extract all the translatable strings and make translations work consistently between the browser and installed tools like the bridge.

We now start also run the login user session with a proper locale and LANG environment variables.

You can help translate cockpit in Zanata or if you find text in the frontend that isn’t translatable, then please do report it.

Display Language Dialog

Display OSTree signatures

Peter implement displaying OSTree tree signatures. You can tell where a certain update tree came from and who signed it.

Display Language Dialog

New expandable views for storage partitions

Marius implemented expandable views in the Storage pages. These let you dive into the details of a particular partition without having to navigate away from the page describing where it lives.

Expandable Logical Volumes

Other storage fixes

Marius did work to fix many other storage related bugs. In particular Cockpit now deals properly with passphrases stored for LUKS encrypted devices, and also no longer offers to format read-only block devices.

Full testing on RHEL 7.3, Ubuntu 16.04 and Debian 8 Jessie

The Cockpit project started testing on Cockpit on RHEL 7.3, Ubuntu 16.04 and Debian 8 Jessie along with the operating systems we tested with earlier. These will be part of our usual continuous integration, where we boot thousands or tens of thousands of instances per day to test code changes and contributions.

Marius fixed many bugs we found, and filed operating system bugs in the issue trackers for those operating systems.

You can see the which operating systems we test Cockpit on. There’s no Debian Jessie repository yet, but hopefully we can have that ready as time permits.

System shutdown can be scheduled by date

Fridolin did work a long time ago, so that users could select a specific date and time to schedule a shutdown or reboot of the system. Stef finished that work added tests and it’s now in Cockpit.

Expandable Logical Volumes

Properly terminate user sessions on the Accounts page

The Accounts page now properly terminates user sessions when the Terminate Session button is clicked. We use the correct systemd loginctl commands.

Try it out

Cockpit 125 is available now:

Cockpit 122

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 122

Logging into a system via a Bastion Host

On the Cockpit login screen you can now choose an alternate host to connect to. Cockpit with use SSH to authenticate you against that host, and display the admin interface for that host.

Although browsers cannot use SSH directly to connect to machines or authenticate against them, Cockpit can make this happen. Only one host needs to have Cockpit listen on port 9090 available to browsers over TLS, and other hosts can only have SSH accessible on the usual port 22.

Here’s an example:

Works with UDisks in addition to storaged

storaged is an actively maintained API for configuring storage on a Linux system. It is a fork of the older UDisks. storaged has additional functionality, like LVM, iSCSI and Btrfs and a large number of stability fixes.

However some systems like older RHEL or Ubuntu don’t yet have storaged. Cockpit can now also use the older UDisks to configure storage on a system. A large number of features are disabled, but basic functionality is present.

Explicitly specify javascript dependency versions

Cockpit’s bundles various javascript dependencies in its admin interfaces, such as Patternfly or React. In order to help packagers we’ve now explictly specified the versions of those dependencies. And during development we pull them in using the standard Bower registry.

You can see those versions here.

From the future

Lars has worked on functionality to show the OpenSCAP security scan results for containers. This uses the usual atomic scan functionality that you see on Atomic Host.

Virtual Machines

Try it out

Cockpit 122 is available now:

Cockpit 121

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 121

You’ll notice that we’ve dropped the 0.x from the beginning of the version numbers. This underscores the fact that Cockpit is stable. We’ve been regularly releasing functionally stable releases for most of the last year.

Network Configuration Rollback

NetworkManager now has support in its API for detecting whether a network configuration change broke connectivity to the system. Marius did work so that Cockpit can detect this and have NetworkManager rollback the changes that would have caused a remote admin to be disconnected from the system.

This is similar to how a Linux desktop asks you to click in a dialog if you accept the new display configuration. Except in the networking case we can test the connectivity automatically.

Check it out:

Debian Branding

Cockpit now shows proper branding when running on Debian, and uses the logo installed on the system on its login screen.

Virtual Machines

Fix Kerberos single sign on Debian and Ubuntu

Stef fixed Kerberos single sign on Debian and Ubuntu. More changes are coming in the next release including support for use with gssproxy and expanding support for non-Kerberos GSSAPI authentication mechanisms.

Debugging info for Javascript and CSS

Cockpit now ships proper Javascript and CSS debugging “map” files in its cockpit-debuginfo packages. These make it easier to troubleshoot issues and develop code that runs in Cockpit.

From the future

Peter is adding support for specifying an alternate server to connect to on the login screen.

This completes the story of the “bastion host” which is accessible via a web browser, in effect letting you connect via the Web Browser from the login screen to other machines which only have SSH access available. When using a bastion setup like this you only need a single trusted TLS certificate and the remaining trust is ensured by SSH known host keys.

This feature will be used to implement click-through access to configure a host in projects such as ManageIQ or RHEV.

Try it out

Cockpit 121 is available now: