Blog posts

Cockpit 120

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from versions 119 and 120.

You’ll notice that we’ve dropped the 0.x from the beginning of the version numbers. This underscores the fact that Cockpit is stable. We’ve been regularly releasing functionally stable releases for most of the last year.

Expandable and Filterable Containers and Images

Lars reworked the Containers section of Cockpit. The various images and containers are not expandable inline, and it’s also easy to find a specific image and container by using the filter bar to search for it.

Take a look:

VM Configuration and Monitoring

Marek worked on a new interface in Cockpit for configuring and monitoring virtual machines running on the current system. This has the ability to grow into something like the desktop virt-manager tool.

It looks something like this:

Virtual Machines

Unmanaged Network Devices

Cockpit now shows unmanaged network devices in its listing. You can’t configure them or do much with them, but their presence is acknowledged. This should make troubleshooting non-standard configurations easier.

Marius added a sidebar that shows up on LVM groups or volumes, that shows which physical devices are involved.

Here’s an example:

SSH subprocesses

SSH connections are run in a separate process

When Cockpit connects to an additional server it uses SSH, much like Ansible or other tools. We now launch a separate cockpit-ssh process for each outgoing connection to another server.

This lets us isolate the involved code much better, providing security benefits. But it also makes it possible to insert additional logic when embedding Cockpit. It’s possible to put in shims to lookup keys, single-sign-on tokens or keytabs, and so on.

SSH subprocesses

Only connect to remote machines already known to Cockpit

When connecting to additional machines via SSH, Cockpit now refuses to connect to machines it doesn’t have a host key for. This tightens up security and prevents certain reflection attacks.

Fix bugs preventing Logs page from working in Firefox 49

The Logs section of Cockpit failed to function on Firefox 49. This version includes a fix for that.

Add tooltip describing group name in Roles list

When configuring local user accounts, one can assign various roles such as ‘Server Administrator’ to the account. Cockpit now displays the Unix user group that is involved in the role.

User Unix Group

From the future

Marius added support for NetworkManager checkpoints. This means that while configuring network interfaces, if a change would cause Cockpit to disconnect, then Cockpit can revert the change and retain connectivity to the system.

This is similar to how a Linux Desktop asks you to click in a dialog if you accept the new screen configuration. Except in the networking case we can test the connectivity automatically.

Try it out

Cockpit 120 is available now:

Cockpit 118

Cockpit is the modern Linux admin interface. There’s usually a release every week, but this time around we were delinquent and it’s been nearly a month.

You’ll notice that we’ve dropped the 0.x from the beginning of the version numbers. This underscores the fact that Cockpit is stable. We’ve been regularly releasing functionally stable releases for most of the last year.

And over the last few months we’ve worked hard on identifying stable javascript APIs and protocols for various Cockpit components to consume. We’ll be itemizing these stability guarantees in the documentation shortly.

Timer jobs in systemd

Harish did great work during Google Summer of Code to add support for systemd timers. Timers let users schedule tasks similar to cron jobs. Timers are now listed, and dialogs for defining jobs and their recurring patterns are now included in Cockpit.

Harish detailed his work in a blog post.


Two factor auth on login screen

Peter pulled off a major change to have full PAM conversations supported on the Cockpit login screen. This means you can use two factor authentication dongles or Yubikeys in your login workflow in Cockpit.

In addition, for the next release Stef worked on allowing the user to change expired passwords while logging in, similar to how they would on the console.

Take a look:

Use Webpack to build the Cockpit interface

Most of Cockpit is written in javascript and runs in the browser. This code is now built with Webpack. It’s bundled into single page application bundles per Cockpit component. Among other things, this makes hacking on Cockpit much easier.

The documentation has been updated to show what you need to do to make a change to Cockpit either with Vagrant or on your local machine.

SSH key loading and Docker resources work on Debian

The container resource usage graphs and resource limit dialogs now work properly on Debian. Stef adapted the code to account for the different CGroup layout than Docker uses on Debian.

In addition the SSH key listing code now works on Debian.

Configure Cockpit URLs with an HTTP prefix

The HTTP URLs that Cockpit uses can now have a (mostly) arbitrary prefix in their path. This is useful in scenarios where Cockpit is proxied by another application or management console. Use the UrlRoot option in cockpit.conf.

Components can require a minimum Cockpit version

Cockpit is built from various components that are independently installable and composable. Various components provide network configuration, or storage, or container functionality.

These components can now indicate which part of the base javascript and base cockpit-bridge they require in order to function. This is configured in the package manifest.

Incompatible Cockpit

Try it out

Cockpit 118 is available now:

Cockpit 0.117

Cockpit is the modern Linux admin interface. There’s a new release almost every week. Here are the highlights from this the 0.115, 0.116 and 0.117 releases.

Configure volumes and environment for a Docker container

Vanlos Wang implemented support for configuring volumes and environment variables when running a container in the Cockpit UI. This allows you see what environment variables and volumes an image is pre-configured to have. It then allows the user to define additional environment variables and volumes for the new container, and then commit those changes to a new image if desired.

Take a look:

Setup container and image storage

Marius worked with Dan Walsh and and others to implement a UI for configuring the Docker container and image storage pool. It’s now easy to add additional disks or storage to that pool, or reset it to a clean state.

On some operating systems like Atomic Host, this storage pool is present by default, and elsewhere this container storage pool can be set up.

Relatedly on the command line, checkout the new atomic storage sub-command which does the same configuration tasks, that previously had to be configured with arcane configuration files.

Support for Network Teaming

Marius also added support for configuring network teaming to Cockpit. Network teams are similar to network bonds, in that they combine two network interfaces into one, and involve failover or load balancing modes. But teams have more robust terminology and implementation.

Since teams are a server side feature, this will replace the functionality for defining teams in Linux Desktop control center applications.

Support for configuring bonds in Cockpit will remain for the time being until the team support can be relied upon to completely replace that functionality. Both NetworkManager and Cockpit are involved in this.

Here’s a video demoing the changes:

Pulling images without authentication from the Openshift Registry

The Openshift image registry now supports pulling images without first logging in. It can be configured to allow this on a per-project basis. This allows images to be shared from the registry with a broader audience of developers or image consumers, such as scripts.

Aaron Weitekamp worked on adding support the Registry console to configure projects to allow pulling images without authentication. Here’s a video of those changes:

Don’t allow formatting extended partitions

Cockpit no longer erroneously allows formatting certain partitions, such as extended partitions containing other logical partitions.

Try it out

Cockpit 0.117 is available now:

Cockpit 0.114

Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.114 release.

Test every change on CentOS

Cockpit runs all its tests suites against code before that code is merged, much less becomes part of a release. This isn’t just unit tests, but integration booting of RHEL, Debian, Fedora and Atomic machines.

We now added CentOS to that list. We now boot CentOS 7.x instances many hundreds of times a day to test aspects of the system, and how Cockpit and a given pull request interact with it.

Show SSH host keys and machine ID

The main system info page now shows the local machine ID for easy access.

You can also see the fingerprints of all the SSH host keys. These are the fingerprints that you would be expected to recognize and/or add to the known_hosts file when accessing the machine over SSH.

SSH host keys

Allow changing the ethernet MTU

You can now change the ethernet maximum transmission unit in the network configuration.

Show intelligent password error messages

When choosing a password Cockpit validates the password using the pwscore tool. Appropriate and descriptive error messages are now shown when the validation fails:

pwscore message

Red Hat subscription registration options

The Red Hat subscriptions functionality has been enhanced. You can now specify an activation key when registering the system. This key is generated in your organization in such a way that it uniquely identifies whan kind of software should be available on the system.

You can now also specify an organization when registering the system.

From the Future

Marek is working on a new part of the admin interface to list the virtual machines running on the current system. This is the beginnings of a web accessible virt-manager tool:

pwscore message

Try it out

Cockpit 0.114 is available now:

Cockpit 0.113

Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.111 and 0.112 releases.

Display time information for systemd timer jobs

Harish Anand a Google Summer of Code student working on Cockpit, and he’s implementing systemd timers. These are similar to cron jobs, and are a structured way of running a command or other systemd unit at a specific time. Some of his initial work got merged, and you can see it in action here:

Hide Unmanaged Network Interfaces

NetworkManager has the concept of marking certain network interfaces as “unmanaged”. This is done with a NM_CONTROLLED="no" setting in a file placed in /etc/sysconfig/network-scripts/. Cockpit now respects the admins wishes and and hides such interfaces from its Network configuration.

The On/Off switch is also disabled appropriately for unknown interfaces.

Network bonds are created with Active/Backup

When a new network bond is created the Active/Backup mode is used as the default. This is a more common choice for admins, and makes sense to point people in this direction.

Bond Active/Backup

Added textual fields to container resource sliders

Users can now type actual amounts in memory megabytes, or CPU shares when starting a container, in addition to being able to use a slider.

Resource Slider Text

Disable tuned correctly when disabling performance profiles

The tuned service needs to be stopped and disabled when choosing the “none” performance profile. The behavior now lines up with what users expect using the tuned-adm command line tooling.

From the Future

Lars is working on making the terminal be resizable, so you’re not limited to a small display when working on the machine.

Try it out

Cockpit 0.113 is available now:

Cockpit 0.111

Cockpit is the modern Linux admin interface. There’s a new release every week, although it’s been a while since the release notes were posted. Here are the highlights from this weeks 0.107 through 0.111 releases.

SELinux enforcing policy

You can now temporarily disable SELinux enforcing mode from the SELinux troubleshooting dashboard. This is useful when diagnosing permission issues that you might think are SELinux related.

SELinux Enforcing

Stable Javascript API

Cockpit now has a stable Javascript API for components or plugins to build off of. Various unstable portions were removed from the base1 package in preparation for this. There’s more work going on to help make it easy to build out of tree components or plugins.

GlusterFS in Kubernetes Dashboard

The Kubernetes dashboard now lists Gluster volumes in the dashboard, lets you configure them for pods to use.

GlusterFS Persistent Volumes

Kubernetes pending Persistent Volume Claims

The Kubernetes dashboard lists pods which have outstanding volume claims, and then allows you to fulfill those claims by creating appropriate persistent volumes.

Persistent Volume Claims

Persistent Volume Claims

From the Future

Marius has worked on adding support for Linux network teaming to the Cockpit admin interface. Teaming is a better more coherent way of building a network bond.

Try it out

Cockpit 0.111 is available now:

Cockpit 0.106

Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.106 release.

Stable Cockpit Styles

One of the annoying things about CSS is that when you bring in stylesheets from multiple projects, they can conflict. You have to choose a nomen-clature to namespace your CSS, or nest it appropriately.

We’re stabilizing the internals of Cockpit in the browser, so when folks write plugins, they can count on them working. To make that happen we had to namespace all our own Cockpit specific CSS classes. Most of the styling used in Cockpit come from Patternfly and this change doesn’t affect those styles at all.

Documentation is on the wiki

Container Image Layers

Docker container image layers are now shown much more clearly. It should be clearer to tell which is the base layer, and how the others are layered on top:

Image Layers

Try it out

Cockpit 0.106 is available now:

Cockpit 0.105

Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.105 release.

Strict Content-Security-Policy enforced everywhere

All of the Cockpit components now ship strict Content-Security-Policy. This is like SELinux in your browser, where you declare the kind of things the application is permitted to do and anything else is blocked.

Cockpit now only allows talking to and loading code from the server(s) that it’s running on. Everything else is blocked, including inline scripts, evaluating javascript code, and using inline styles.

Timeout for Cockpit Authentication

Cockpit uses PAM for authenticating local users. It now expects that authentication process to complete within a certain timeout.

More details in this document.

Cluster Users can be Added and Removed from Groups

In the Cluster admin interface, users can be added to groups and remove them with a few clicks. Here’s a short video:

<iframe width=”853” height=”480” src=””frameborder=”0” allowfullscreen></iframe>

Registry Mirroring from Insecure Registries

In the Registry user interface there’s now a checkbox that allows you to choose whether the registry from which you’re mirroring container images is insecure or not.

Insecure Registry option

Deletion of Kubernetes Nodes

In the Cluster admin interface you can now delete Nodes from the cluster, and select which ones to delete. Andreas has also done design work to allow upgrading the node operating system as well as cordoning nodes, which makes them unavailable for scheduling containers.

Deleting Nodes

Try it out

Cockpit 0.105 is available now:

Cockpit 0.104

Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.104 release.

Kubernetes iSCSI Volumes

Peter added support for iSCSI Kubernetes Volumes in the Cockpit Cluster dashboard. When you have container pods that need to store data somewhere, it’s now real easy to configure use an iSCSI initiator. Take a look:

Listing View Expansion

Andreas, Dominik, and I worked on a better listing view pattern. In Cockpit we like to give admins the option to expand data inline, and compare it between multiple entries on the same page. But after feedback from the Patternfly folks we added an explicit expander to do this.

Tagging Docker Images in the Registry

The Atomic Registry and Openshift Registry support mirroring images from another image registry such as the Docker Hub. When the images are mirrored, they are copied and available in your own registry. Cockpit now has support for telling the registry which specific tags you’d like to mirror. And Aaron is adding support for various mirroring options as well.

From the Future

Marius has a working proof of concept that lets you configure where Docker stores container and image data on its host. Take a look at the demo below. Marius adds disks to the container storage pool:

Try it out

Cockpit 0.104 is available now:

Cockpit 0.103

Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.103 release.

Kubernetes connection configuration

When a Kubernetes client wants to access the API of the cluster, it looks for a “kubeconfig” file to tell it how to find the cluster and how to authenticate when accessing the API. The usual location for this file is in the current user’s home directory at the ~/.kube/config file path. If that doesn’t exist, then usually the cluster isn’t available. This applies to both clients like the kubectl command as well as Cockpit’s cluster dashboard.

Cockpit can now prompt for this information, and build this file for you. If it doesn’t exist, then there’s a helpful “Troubleshoot” button to help get this configuration in place.

Upload each Release to an Ubuntu PPA

Each weekly release of Cockpit is now uploaded to an Ubuntu PPA. Here’s how to make use of it:

sudo add-apt-repository ppa:cockpit-project/cockpit
sudo apt-get update
sudo apt-get install cockpit

Remove jQuery Usage from cockpit.js API

As part of stabilizing the internals of Cockpit, we removed jQuery usage from the cockpit.js file. The javascript API itself hasn’t changed, but this change helps to help keep a stable API in the future.

Try it out

Cockpit 0.103 is available now: