Blog posts
Cockpit 136 and 137
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from versions 136 and 137.
Reordered entries in the sidebar menu
As a followup to the new look, the entries in the sidebar menu have now been reordered in a more sensible fashion:
- System information
- Logs for troubleshooting
- Configuring major subsystems: Storage, Networking
- What’s running: Containers and Virtual Machines
- Implementation details: Admin accounts, Services/Units
Check out the screenshot below to see how this looks now.
Storage management is more convenient
In order to make configuring storage more convenient, the Cockpit UI now prevents removing disks from a RAID when removal would lead to data loss due to an insufficient number of remaining volumes in the RAID. Also, when creating a Volume Group (LVM) or adding disk space to a Volume Group, unpartitioned space is now offered as a choice. If selected, Cockpit automatically creates a partition before adding it to the Volume Group. Check out the screenshots below to see how these features look.
Consider user known_hosts for ssh connections
When managing remote machines, Cockpit now considers known host keys in the user’s ~/.ssh/known_hosts in addition to
the system-wide /etc/ssh/ssh_known_hosts. This makes Cockpit behave more like the standard ssh client.
Try it out
Cockpit 137 is available now:
Cockpit 135
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 135.
Redesigned sidebar navigation
The existing page menu took some getting used to for some use cases. It’s now easier to use when connected to multiple hosts and provides the basis for future improvements that will reduce or remove the horizontal menu entries. On systems where the top navigation bar doesn’t have any useful information, such as when there is no Dashboard, the top navigation bar is removed entirely. Check out the screenshot below for a peek at the new sidebar design.
Indicator in top bar shows privilege escalation
On the login page a user can allow Cockpit to use the password for privileged tasks. A new indicator in the top bar
shows an unlocked state when these privileges are available and a locked state if they aren’t. The user
can click on the indicator in the unlocked state to drop privileges for the rest of the session. In some cases
privileges cannot be dropped - among others for root and no-password sudo users - and the indicator will disappear.
Check out the video below to see this in action.
Disks are now shown for virtual machines
The expanded information for entries on the Virtual Machines page now contains information on a machine’s disks,
such as the device, read only state and for disk images the local file path. Information on disk capacity is only
available with more recent versions of libvirt. Check out the screenshot below to see how this looks.
New developer tool can close active Cockpit pages
Once pages in Cockpit, such as Networking or System, are opened they usually stay open in the background,
even if they aren’t visible. This is important on most pages to ensure the code can continue interacting with the
system in the background, user input isn’t lost, and the page doesn’t have to be reloaded when the user returns to it.
For the cases when a user wishes to actually close the page there is a new entry next to Display Language in
the user drop down menu, named Active Pages. It only becomes visible when the ALT key is pressed while
clicking on the menu dropdown. On some drag enabled browsers it doesn’t work to just use ALT, but any combination
involving ALT, such as CTRL+ALT, also works. Check out the screenshot below for a peek.
SSH connections established within the user session
When one Cockpit instance connects to other machines it does so via SSH. Previously these connections were launched from cockpit-ws, the process listening on the network.
As part of making Cockpit mirror standard Linux practices better, SSH connections are now made from within the logged in user session, launched from the cockpit-bridge process. This allows Cockpit to use credentials from the logged in user session while establishing those SSH connections, such as kerberos tickets, the ssh-agent or private keys.
Try it out
Cockpit 135 is available now:
Cockpit 134
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 134.
Login page is now translatable
The majority of Cockpit has long been translatable. Since the login page is a bit of a special case, it required some special attention to make that also play well with the language display settings. Take a look at the video below for a demo. Check out the Zanata link below, it’s very easy to contribute translations to Cockpit. At this time our top 3 translations (>90%) are Polish (pl), Ukranian (uk) and Chinese (zh-CN). Every bit of help here is greatly appreciated and a big thank you to our contributors!
Show message of the day on the System page
Cockpit now supports one more feature it was previously missing compared to the command line login: the System
page now shows the current message of the day (/etc/motd). When dismissed by clicking on the X close button,
the message is hidden until it changes.
Expose fewer system service actions
Cockpit previously exposed systemd unit actions such as Reload or Try Restart which are primarily intended for
scripts. The dropdown list now only shows actions which are useful for interactive human usage: Start, Stop,
Restart and Reload.
Try it out
Cockpit 134 is available now:
Cockpit 133
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 133.
Remotely managed machines are now configured in /etc/cockpit/machines.d
Cockpit plugins, other packages, admins, VM management software, or config management systems like
Ansible/puppet/cloud-init might want to pre-configure machines for cockpit. Previously this information
was stored in /var/lib/cockpit/machines.json, but now that information is stored in individual json
files in /etc/cockpit/machines.d. Existing machines.json files are migrated automatically to the new
format. Check out the documentation below for more information on the format and use.
Multiple machines documentation
Packages can register additional bridges
On the server side the cockpit-bridge connects to various system APIs. There are additional bridges for specific
tasks that the main cockpit-bridge cannot handle, such as tasks that should be carried out with privilege
escalation. These additional bridges can be registered in the bridges section of a package’s manifest.json
file. Check out the documentation below for more information on the format and use.
Split translations into individual packages
Behind the scenes there’s been a lot of work on making translations work more smoothly and future-proof. As part of this the translations have been split into the individual packages, which also means they can be updated per package in the future. Check out the Zanata link below, it’s very easy to contribute translations to Cockpit. At this time our top 3 translations (>90%) are Polish (pl), Ukranian (uk) and Chinese (zh-CN). Every bit of help here is greatly appreciated and a big thank you to our contributors!
Try it out
Cockpit 133 is available now:
Cockpit 130, 131 and 132
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 130, 131 and 132.
Kernel dump configuration support added
Kernel crash dump configuration is now possible in Cockpit: view and toggle the status of the kdump service, with hints how to enable if the kernel boot parameters need to be changed. Cockpit shows the amount of reserved memory and setting a path for dumping the kernel on the local filesystem, with a toggle for compressing the crash dumps. Take a look at the video below for a demo.
MAC addresses for ethernet adapters and bonds can be modified
On the Networking page, MAC addresses for ethernet adapters can now be clicked to edit them, starting with NetworkManager version 1.4. For bonds, the MAC addresses are shown and can be edited starting with NetworkManager version 1.6. Take a look at the video below for a demo.
Show session virtual Machines on the machines page
Libvirt differentiates between system virtual machines and session ones, which are tied to the user. In Cockpit all the virtual machines accessible to the logged in user, system and session, are now shown in a combined list.
SELinux functionality is now available without setroubleshootd
The SELinux page in Cockpit can do more than just troubleshoot. It was therefore renamed to SELinux and
the functionality of toggling between enforcing/permissive mode is now also available even if setroubleshoot-server
isn’t installed. This was cause for unexpected behavior on Atomic Host systems without setroubleshoot-server
where it’s non-trivial and often undesired to add that package.
Try it out
Cockpit 132 is available now:
Use the packages to install this version of Cockpit. When installing from the tarball, remove /etc/systemd/system/cockpit.service.d/fatal.conf manually afterwards to prevent Cockpit from exiting in rare cases.
Cockpit 128 and 129
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 128 and 129.
Manage remotes and rebasing in OSTree
When working with OSTrees on operating systems like Atomic Host there will often be multiple branches to choose from. For example there may be a beta version of the operating system. Thanks to Peter’s work, Cockpit can now switch between branches and view and activate OSTrees from those branches. Also, Cockpit supports managing multiple remotes and viewing their branches. Remotes are a way of describing where OSTree should pull updates from. Take a look at the video below for a demo.
The subpackage cockpit-dashboard has been split out
The new cockpit-dashboard subpackage contains the dashboard itself and
the cockpit-ssh process. Eventually this paves the way for more flexibility
regarding authentication processes, but for now cockpit-ws unconditionally
depends on cockpit-dashboard, and also requires the identical versions.
Nothing changes for those who install the cockpit package. But this allows more
flexibility when using Cockpit for specific use cases.
Issues upgrading Cockpit on Debian and Fedora have been fixed
Our packaging changes in recent versions broke upgrading Cockpit on Debian and Fedora. This is fixed now and updates should work properly once again.
On Atomic, sosreport works again
A bug that prevented the diagnostic tool sosreport from working on Atomic systems was fixed. Generating and accessing these diagnostic reports can be very helpful when diagnosing or reporting an issue on the system.
Optionally disable the dependency on libssh
When configuring Cockpit, the option disable-ssh disables building cockpit-ssh and removes the
dependency on libssh. This is useful when building on an operating system where libssh is not available.
Try it out
Cockpit 129 is available now:
Cockpit 126 and 127
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 126 and 127.
Show security scan information about container images
Lars did work to show security scan information about container images. The displayed scans happen via the atomic scan tools and the data comes from the OpenSCAP system. Take a look at the video below.
Choose whether password is cached and reused on the login screen
The typical workflow for peforming privileged tasks on a Linux system is to log in as a non-root user and then use sudo or Polkit to escalate privileges.
Stef did work to make Cockpit’s privilege escalation reflect this properly. Cockpit now has an option on the login screen to Reuse my password for privileged tasks. Checking this option automatically performs reuses the login password as necessary to escalate privileges. If you leave this box unchecked then Cockpit will behave exactly as a normal user login without special privileges.
In the future we’ll have a way to enable this option once logged in, and retype your password inside of the logged in session.
Here’s a video which shows how this works:
The remotectl command can now combine certificate and key files
Peter did work to make it easier to use TLS certificate and key files with
Cockpit for port 9090. Normally the server certificate(s) and key need to be
combined into a single file and placed into the /etc/cockpit/ws-certs.d
directory. The remotectl command that comes with Cockpit can now be
used to build such a combined file:
remotectl certificate server.pem chain.pem key.pem
Due to this, when Cockpit is deployed as an Openshift Pod it can use certificates provided by Openshift.
Cockpit respects /etc/shells
Martin fixed Cockpit so it only allows the user to log in if the user has a
valid shell listed in /etc/shells. In addition bugs on Ubuntu and Debian
have been fixed where users were created without valid shells.
Allow renaming of active devices in networking interface
You can now rename network devices like bonds or bridges while they’re active. The change will apply immediately and without any interruption in service.
Rename cockpit-shell to cockpit-system
The cockpit-shell subpackage has been renamed to cockpit-system to
better reflect its focus: configuring and troubleshooting the local system.
Kerberos authentication now work even if gss-proxy is in use
Sometimes Kerberos (or GSSAPI) single-sign-on authentication requires multiple round trips to the server. Cockpit now supports this properly, and the end result is that SSO works even when fancy things like GSS-Proxy are in use.
Try it out
Cockpit 127 is available now:
Cockpit 125
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 123, 124 and 125.
Cockpit is now properly translatable
Cockpit is now properly translatable. It was a big task to extract all the translatable strings and make translations work consistently between the browser and installed tools like the bridge.
We now start also run the login user session with a proper locale and
LANG environment variables.
You can help translate cockpit in Zanata or if you find text in the frontend that isn’t translatable, then please do report it.
Display OSTree signatures
Peter implement displaying OSTree tree signatures. You can tell where a certain update tree came from and who signed it.
New expandable views for storage partitions
Marius implemented expandable views in the Storage pages. These let you dive into the details of a particular partition without having to navigate away from the page describing where it lives.
Other storage fixes
Marius did work to fix many other storage related bugs. In particular Cockpit now deals properly with passphrases stored for LUKS encrypted devices, and also no longer offers to format read-only block devices.
Full testing on RHEL 7.3, Ubuntu 16.04 and Debian 8 Jessie
The Cockpit project started testing on Cockpit on RHEL 7.3, Ubuntu 16.04 and Debian 8 Jessie along with the operating systems we tested with earlier. These will be part of our usual continuous integration, where we boot thousands or tens of thousands of instances per day to test code changes and contributions.
Marius fixed many bugs we found, and filed operating system bugs in the issue trackers for those operating systems.
You can see the which operating systems we test Cockpit on. There’s no Debian Jessie repository yet, but hopefully we can have that ready as time permits.
System shutdown can be scheduled by date
Fridolin did work a long time ago, so that users could select a specific date and time to schedule a shutdown or reboot of the system. Stef finished that work added tests and it’s now in Cockpit.
Properly terminate user sessions on the Accounts page
The Accounts page now properly terminates user sessions when the Terminate Session button is clicked. We use the correct systemd loginctl commands.
Try it out
Cockpit 125 is available now:
Cockpit 122
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 122
Logging into a system via a Bastion Host
On the Cockpit login screen you can now choose an alternate host to connect to. Cockpit with use SSH to authenticate you against that host, and display the admin interface for that host.
Although browsers cannot use SSH directly to connect to machines or authenticate against them, Cockpit can make this happen. Only one host needs to have Cockpit listen on port 9090 available to browsers over TLS, and other hosts can only have SSH accessible on the usual port 22.
Here’s an example:
Works with UDisks in addition to storaged
storaged is an actively maintained API for configuring storage on a Linux system. It is a fork of the older UDisks. storaged has additional functionality, like LVM, iSCSI and Btrfs and a large number of stability fixes.
However some systems like older RHEL or Ubuntu don’t yet have storaged. Cockpit can now also use the older UDisks to configure storage on a system. A large number of features are disabled, but basic functionality is present.
Explicitly specify javascript dependency versions
Cockpit’s bundles various javascript dependencies in its admin interfaces, such as Patternfly or React. In order to help packagers we’ve now explictly specified the versions of those dependencies. And during development we pull them in using the standard Bower registry.
You can see those versions here.
From the future
Lars has worked on functionality to show the OpenSCAP security scan results
for containers. This uses the usual atomic scan functionality that
you see on Atomic Host.
Try it out
Cockpit 122 is available now:
Cockpit 121
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 121
You’ll notice that we’ve dropped the 0.x from the beginning of the
version numbers. This underscores the fact that Cockpit is stable. We’ve been
regularly releasing functionally stable releases for most of the last year.
Network Configuration Rollback
NetworkManager now has support in its API for detecting whether a network configuration change broke connectivity to the system. Marius did work so that Cockpit can detect this and have NetworkManager rollback the changes that would have caused a remote admin to be disconnected from the system.
This is similar to how a Linux desktop asks you to click in a dialog if you accept the new display configuration. Except in the networking case we can test the connectivity automatically.
Check it out:
Debian Branding
Cockpit now shows proper branding when running on Debian, and uses the logo installed on the system on its login screen.
Fix Kerberos single sign on Debian and Ubuntu
Stef fixed Kerberos single sign on Debian and Ubuntu. More changes are coming in the next release including support for use with gssproxy and expanding support for non-Kerberos GSSAPI authentication mechanisms.
Debugging info for Javascript and CSS
Cockpit now ships proper Javascript and CSS debugging “map” files in its cockpit-debuginfo packages. These make it easier to troubleshoot issues and develop code that runs in Cockpit.
From the future
Peter is adding support for specifying an alternate server to connect to on the login screen.
This completes the story of the “bastion host” which is accessible via a web browser, in effect letting you connect via the Web Browser from the login screen to other machines which only have SSH access available. When using a bastion setup like this you only need a single trusted TLS certificate and the remaining trust is ensured by SSH known host keys.
This feature will be used to implement click-through access to configure a host in projects such as ManageIQ or RHEV.
Try it out
Cockpit 121 is available now: