Monitoring with Cockpit

On this post we are going to talk about cockpit how to monitoring and manage your GNU/Linux infrastructure. Based on the official description, Cockpit project is pretty easy to use, install and integrate, you can manage and add servers by ssh credentials to your dashboard, showing logs, monitoring containers(podman/docker), services running, disk usage, etc.

I’ve using it around 1 year, the only thing I cannot see it’s an alert tool or event trigger, maybe for the next release; is developed by RH team and open source, it’s already integrated in some of the GNU/Linux distribution ( RH, debian, ubuntu, fedora, etc).

You can get access by a little web terminal console into the web dashboard, pretty nice if you need to issue something additional on that server, in the other hand, container extension and logger tool are really useful, you can pull, stop, start containers by the web interface. Also you have a Starter Kit package where you can develop your own pages/extensions further info here.

I’m not going to explain how to installed because as far as you can see from the official website it’s pretty simple and well explained for almost all GNU/Linux distros, below I will mention which packages you need/want to install on your master server and clients.

• Server side: assumed you already installed Cockpit and you have access from: https://ip-address-of-machine:9090

  • 1.cockpit-dashboard – little panel where you can see your server integrate on your dashboard (recommended)
  • 2.cockpit-ws – web service GUI(master server).
  • As well you can install the extension named below(Client-side list).

• Client side:

  • 1.cockpit-bridge/stable – allows you relay message and commands from the webfront end to the server
  • 2.cockpit-docker/stable – docker integration container management
  • 3.cockpit-networkmanager/stable – networking management
  • 4.cockpit-packagekit/stable – develop kit
  • 5.cockpit-pcp/stable,stable – framework to gather metrics data about the system
  • 6.cockpit-storaged/stable – to configure and monitor storage, disks, mounts etc.
  • 7.cockpit-system/stable – manage the system’s services from the Cockpit webfront.

Further info or troubleshooting have a look over here.

Cockpit works with polkit, it’s an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes. In order to have full management control from the Cockpit panel by your user, on my case is “pi” check out if you are in the requirement groups recommend here check out “/etc/groups” and “/etc/passwd”.

Them from “/etc/sudoers.d” you need to create a rule to bypass the sudo right to cockpit-bridge, the file have to looks like:

$ sudo cat /etc/sudoers.d/010_pi-nopasswd
pi ALL=(ALL) NOPASSWD: ALL

On that way the “cockpit-bridge” it can run as it needs:

# ps -aux | grep cockpit
pi         421  6.0  0.5 315904 10296 ?        Ssl  10:44   0:04 cockpit-bridge
root       433  0.0  0.1  10156  3832 ?        S    10:44   0:00 /usr/bin/sudo -A cockpit-bridge --privileged
root       434  1.6  1.1 317980 23128 ?        Sl   10:44   0:01 cockpit-bridge --privileged
root       617  0.0  0.0   6144   828 pts/0    S+   10:46   0:00 grep cockpit

In the other hand, if your user doesn’t have the sudo permission, beside you can not perform admin action from Cockpit panel, hence you will see this from the terminal:

$ ps -aux | grep cockpit
pi     32583  0.5  0.5 315236 10312 ?        Ssl  10:34   0:00 cockpit-bridge
pi     32698  0.0  0.0   6144   880 pts/0    S+   10:37   0:00 grep cockpit