Blog posts
Cockpit 120
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from versions 119 and 120.
You’ll notice that we’ve dropped the 0.x from the beginning of the
version numbers. This underscores the fact that Cockpit is stable. We’ve been
regularly releasing functionally stable releases for most of the last year.
Expandable and Filterable Containers and Images
Lars reworked the Containers section of Cockpit. The various images and containers are not expandable inline, and it’s also easy to find a specific image and container by using the filter bar to search for it.
Take a look:
VM Configuration and Monitoring
Marek worked on a new interface in Cockpit for configuring and monitoring
virtual machines running on the current system. This has the ability to
grow into something like the desktop virt-manager tool.
It looks something like this:
Unmanaged Network Devices
Cockpit now shows unmanaged network devices in its listing. You can’t configure them or do much with them, but their presence is acknowledged. This should make troubleshooting non-standard configurations easier.
Sidebar for Physical Volumes in a Volume Group
Marius added a sidebar that shows up on LVM groups or volumes, that shows which physical devices are involved.
Here’s an example:
SSH connections are run in a separate process
When Cockpit connects to an additional server it uses SSH, much like
Ansible or other tools. We now launch a separate cockpit-ssh process
for each outgoing connection to another server.
This lets us isolate the involved code much better, providing security benefits. But it also makes it possible to insert additional logic when embedding Cockpit. It’s possible to put in shims to lookup keys, single-sign-on tokens or keytabs, and so on.
Only connect to remote machines already known to Cockpit
When connecting to additional machines via SSH, Cockpit now refuses to connect to machines it doesn’t have a host key for. This tightens up security and prevents certain reflection attacks.
Fix bugs preventing Logs page from working in Firefox 49
The Logs section of Cockpit failed to function on Firefox 49. This version includes a fix for that.
Add tooltip describing group name in Roles list
When configuring local user accounts, one can assign various roles such as ‘Server Administrator’ to the account. Cockpit now displays the Unix user group that is involved in the role.
From the future
Marius added support for NetworkManager checkpoints. This means that while configuring network interfaces, if a change would cause Cockpit to disconnect, then Cockpit can revert the change and retain connectivity to the system.
This is similar to how a Linux Desktop asks you to click in a dialog if you accept the new screen configuration. Except in the networking case we can test the connectivity automatically.
Try it out
Cockpit 120 is available now:
Cockpit 118
Cockpit is the modern Linux admin interface. There’s usually a release every week, but this time around we were delinquent and it’s been nearly a month.
You’ll notice that we’ve dropped the 0.x from the beginning of the
version numbers. This underscores the fact that Cockpit is stable. We’ve been
regularly releasing functionally stable releases for most of the last year.
And over the last few months we’ve worked hard on identifying stable javascript APIs and protocols for various Cockpit components to consume. We’ll be itemizing these stability guarantees in the documentation shortly.
Timer jobs in systemd
Harish did great work during Google Summer of Code to add support for systemd timers. Timers let users schedule tasks similar to cron jobs. Timers are now listed, and dialogs for defining jobs and their recurring patterns are now included in Cockpit.
Harish detailed his work in a blog post.
Two factor auth on login screen
Peter pulled off a major change to have full PAM conversations supported on the Cockpit login screen. This means you can use two factor authentication dongles or Yubikeys in your login workflow in Cockpit.
In addition, for the next release Stef worked on allowing the user to change expired passwords while logging in, similar to how they would on the console.
Take a look:
Use Webpack to build the Cockpit interface
Most of Cockpit is written in javascript and runs in the browser. This code is now built with Webpack. It’s bundled into single page application bundles per Cockpit component. Among other things, this makes hacking on Cockpit much easier.
The documentation has been updated to show what you need to do to make a change to Cockpit either with Vagrant or on your local machine.
SSH key loading and Docker resources work on Debian
The container resource usage graphs and resource limit dialogs now work properly on Debian. Stef adapted the code to account for the different CGroup layout than Docker uses on Debian.
In addition the SSH key listing code now works on Debian.
Configure Cockpit URLs with an HTTP prefix
The HTTP URLs that Cockpit uses can now have a (mostly) arbitrary prefix
in their path. This is useful in scenarios where Cockpit is proxied by
another application or management console. Use the UrlRoot option
in cockpit.conf.
Components can require a minimum Cockpit version
Cockpit is built from various components that are independently installable and composable. Various components provide network configuration, or storage, or container functionality.
These components can now indicate which part of the base javascript and base
cockpit-bridge they require in order to function. This is
configured in the package manifest.
Try it out
Cockpit 118 is available now:
Cockpit 0.117
Cockpit is the modern Linux admin interface. There’s a new release almost every week. Here are the highlights from this the 0.115, 0.116 and 0.117 releases.
Configure volumes and environment for a Docker container
Vanlos Wang implemented support for configuring volumes and environment variables when running a container in the Cockpit UI. This allows you see what environment variables and volumes an image is pre-configured to have. It then allows the user to define additional environment variables and volumes for the new container, and then commit those changes to a new image if desired.
Take a look:
Setup container and image storage
Marius worked with Dan Walsh and and others to implement a UI for configuring the Docker container and image storage pool. It’s now easy to add additional disks or storage to that pool, or reset it to a clean state.
On some operating systems like Atomic Host, this storage pool is present by default, and elsewhere this container storage pool can be set up.
Relatedly on the command line, checkout the new
atomic storage
sub-command which does the same configuration tasks, that previously had to be configured
with arcane configuration files.
Support for Network Teaming
Marius also added support for configuring network teaming to Cockpit. Network teams are similar to network bonds, in that they combine two network interfaces into one, and involve failover or load balancing modes. But teams have more robust terminology and implementation.
Since teams are a server side feature, this will replace the functionality for defining teams in Linux Desktop control center applications.
Support for configuring bonds in Cockpit will remain for the time being until the team support can be relied upon to completely replace that functionality. Both NetworkManager and Cockpit are involved in this.
Here’s a video demoing the changes:
Pulling images without authentication from the Openshift Registry
The Openshift image registry now supports pulling images without first logging in. It can be configured to allow this on a per-project basis. This allows images to be shared from the registry with a broader audience of developers or image consumers, such as scripts.
Aaron Weitekamp worked on adding support the Registry console to configure projects to allow pulling images without authentication. Here’s a video of those changes:
Don’t allow formatting extended partitions
Cockpit no longer erroneously allows formatting certain partitions, such as extended partitions containing other logical partitions.
Try it out
Cockpit 0.117 is available now:
Cockpit 0.114
Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.114 release.
Test every change on CentOS
Cockpit runs all its tests suites against code before that code is merged, much less becomes part of a release. This isn’t just unit tests, but integration booting of RHEL, Debian, Fedora and Atomic machines.
We now added CentOS to that list. We now boot CentOS 7.x instances many hundreds of times a day to test aspects of the system, and how Cockpit and a given pull request interact with it.
Show SSH host keys and machine ID
The main system info page now shows the local machine ID for easy access.
You can also see the fingerprints of all the SSH host keys.
These are the fingerprints that you would be expected to recognize and/or add to the
known_hosts file when accessing the machine over SSH.
Allow changing the ethernet MTU
You can now change the ethernet maximum transmission unit in the network configuration.
Show intelligent password error messages
When choosing a password Cockpit validates the password using the pwscore tool.
Appropriate and descriptive error messages are now shown when the validation fails:
Red Hat subscription registration options
The Red Hat subscriptions functionality has been enhanced. You can now specify an activation key when registering the system. This key is generated in your organization in such a way that it uniquely identifies whan kind of software should be available on the system.
You can now also specify an organization when registering the system.
From the Future
Marek is working on a new part of the admin interface to list the virtual machines running on the current system. This is the beginnings of a web accessible virt-manager tool:
Try it out
Cockpit 0.114 is available now:
Cockpit 0.113
Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.111 and 0.112 releases.
Display time information for systemd timer jobs
Harish Anand a Google Summer of Code student working on Cockpit, and he’s implementing systemd timers. These are similar to cron jobs, and are a structured way of running a command or other systemd unit at a specific time. Some of his initial work got merged, and you can see it in action here:
Hide Unmanaged Network Interfaces
NetworkManager has the concept of marking certain network interfaces as “unmanaged”.
This is done with a NM_CONTROLLED="no" setting in a file placed in
/etc/sysconfig/network-scripts/. Cockpit now respects the admins wishes and
and hides such interfaces from its Network configuration.
The On/Off switch is also disabled appropriately for unknown interfaces.
Network bonds are created with Active/Backup
When a new network bond is created the Active/Backup mode is used as the default. This is a more common choice for admins, and makes sense to point people in this direction.
Added textual fields to container resource sliders
Users can now type actual amounts in memory megabytes, or CPU shares when starting a container, in addition to being able to use a slider.
Disable tuned correctly when disabling performance profiles
The tuned service needs to be stopped and disabled when choosing the “none”
performance profile. The behavior now lines up with what users expect
using the tuned-adm command line tooling.
From the Future
Lars is working on making the terminal be resizable, so you’re not limited to a small display when working on the machine.
Try it out
Cockpit 0.113 is available now:
Cockpit 0.111
Cockpit is the modern Linux admin interface. There’s a new release every week, although it’s been a while since the release notes were posted. Here are the highlights from this weeks 0.107 through 0.111 releases.
SELinux enforcing policy
You can now temporarily disable SELinux enforcing mode from the SELinux troubleshooting dashboard. This is useful when diagnosing permission issues that you might think are SELinux related.
Stable Javascript API
Cockpit now has a stable Javascript API for components or plugins to build off of. Various unstable portions were removed from the base1 package in preparation for this. There’s more work going on to help make it easy to build out of tree components or plugins.
GlusterFS in Kubernetes Dashboard
The Kubernetes dashboard now lists Gluster volumes in the dashboard, lets you configure them for pods to use.
Kubernetes pending Persistent Volume Claims
The Kubernetes dashboard lists pods which have outstanding volume claims, and then allows you to fulfill those claims by creating appropriate persistent volumes.
From the Future
Marius has worked on adding support for Linux network teaming to the Cockpit admin interface. Teaming is a better more coherent way of building a network bond.
Try it out
Cockpit 0.111 is available now:
Cockpit 0.106
Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.106 release.
Stable Cockpit Styles
One of the annoying things about CSS is that when you bring in stylesheets from multiple projects, they can conflict. You have to choose a nomen-clature to namespace your CSS, or nest it appropriately.
We’re stabilizing the internals of Cockpit in the browser, so when folks write plugins, they can count on them working. To make that happen we had to namespace all our own Cockpit specific CSS classes. Most of the styling used in Cockpit come from Patternfly and this change doesn’t affect those styles at all.
Container Image Layers
Docker container image layers are now shown much more clearly. It should be clearer to tell which is the base layer, and how the others are layered on top:
Try it out
Cockpit 0.106 is available now:
Cockpit 0.105
Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.105 release.
Strict Content-Security-Policy enforced everywhere
All of the Cockpit components now ship strict Content-Security-Policy. This is like SELinux in your browser, where you declare the kind of things the application is permitted to do and anything else is blocked.
Cockpit now only allows talking to and loading code from the server(s) that it’s running on. Everything else is blocked, including inline scripts, evaluating javascript code, and using inline styles.
Timeout for Cockpit Authentication
Cockpit uses PAM for authenticating local users. It now expects that authentication process to complete within a certain timeout.
More details in this document.
Cluster Users can be Added and Removed from Groups
In the Cluster admin interface, users can be added to groups and remove them with a few clicks. Here’s a short video:
<iframe width=”853” height=”480” src=”https://www.youtube.com/embed/TzvqNj9VywM”frameborder=”0” allowfullscreen></iframe>
Registry Mirroring from Insecure Registries
In the Registry user interface there’s now a checkbox that allows you to choose whether the registry from which you’re mirroring container images is insecure or not.
Deletion of Kubernetes Nodes
In the Cluster admin interface you can now delete Nodes from the cluster, and select which ones to delete. Andreas has also done design work to allow upgrading the node operating system as well as cordoning nodes, which makes them unavailable for scheduling containers.
Try it out
Cockpit 0.105 is available now:
Cockpit 0.104
Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.104 release.
Kubernetes iSCSI Volumes
Peter added support for iSCSI Kubernetes Volumes in the Cockpit Cluster dashboard. When you have container pods that need to store data somewhere, it’s now real easy to configure use an iSCSI initiator. Take a look:
Listing View Expansion
Andreas, Dominik, and I worked on a better listing view pattern. In Cockpit we like to give admins the option to expand data inline, and compare it between multiple entries on the same page. But after feedback from the Patternfly folks we added an explicit expander to do this.
Tagging Docker Images in the Registry
The Atomic Registry and Openshift Registry support mirroring images from another image registry such as the Docker Hub. When the images are mirrored, they are copied and available in your own registry. Cockpit now has support for telling the registry which specific tags you’d like to mirror. And Aaron is adding support for various mirroring options as well.
From the Future
Marius has a working proof of concept that lets you configure where Docker stores container and image data on its host. Take a look at the demo below. Marius adds disks to the container storage pool:
Try it out
Cockpit 0.104 is available now:
Cockpit 0.103
Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.103 release.
Kubernetes connection configuration
When a Kubernetes client wants to access the API of the cluster, it looks for a “kubeconfig” file to tell it how to find the cluster and how to authenticate when accessing the API. The usual location for this file is in the current user’s home directory at the ~/.kube/config file path. If that doesn’t exist, then usually the cluster isn’t available. This applies to both clients like the kubectl command as well as Cockpit’s cluster dashboard.
Cockpit can now prompt for this information, and build this file for you. If it doesn’t exist, then there’s a helpful “Troubleshoot” button to help get this configuration in place.
Upload each Release to an Ubuntu PPA
Each weekly release of Cockpit is now uploaded to an Ubuntu PPA. Here’s how to make use of it:
sudo add-apt-repository ppa:cockpit-project/cockpit
sudo apt-get update
sudo apt-get install cockpit
Remove jQuery Usage from cockpit.js API
As part of stabilizing the internals of Cockpit, we removed jQuery usage from the cockpit.js file. The javascript API itself hasn’t changed, but this change helps to help keep a stable API in the future.
Try it out
Cockpit 0.103 is available now: