Do you mean LXD and Incus? If so, sort of. Incus is a fork of LXD but it diverged quite a bit and due to the LXD licensing change, Incus can't take anything from LXD but LXD can from Incus. Incus is a community project and is a lot more active. They both use LXC under the hood.
Finding a simple GUI is not going to be easy because everyone has a different definition of what "simple" means. It also depends on what you mean by "review" and
"manage". There were a few web UIs for LXD containers and they were ported or used for Incus containers. Some are still maintained and active.
I personally prefer the command line and find it easier and simpler than using graphical interfaces so don't have a recommendation. When the number of containers and servers becomes large enough to warrant anything else, then that's when automation starts.
Mostly I want a quick glance at the state. I don't really do much using cockpit. It is read only for me and I'm using command line to do anything. I like that cockpit is generally mobile friendly because I can use it remotely as all my machines are on tailscale/headscale.
We do have a cockpit-podman plugin and have added recently some features to simplify management of podman quadlets. (podman quadlets is like a systemd-friendly version of docker compose, which is a good fit for a single server use case)
So if you get onboard with podman, you may get some benefits from the Cockpit UI for it.
But you are right, there are many different container technologies and we haven't catched up with all of them.
I tried using this to handle my 10-ish Docker containers, but I ended up using Portainer. Sure, not the same thing, but if someone (like me) thought Cockpit might be nice for managing a small Docker host, this didn't work for me
Hey that’s pretty cool, nice to see someone paying attention to Docker Swarm (it’s nice for simple deployments, like multi-server Compose). You might want to add some screenshots to the docs though.
Portainer is pretty nice feature wise but even with lowered MTU I still get odd networking related issues (seems like the agent or whatever cannot reach the manager sometimes) but I’ve had those sorts of issues across multiple different clusters, both in cloud and on-prem with single leader setups and across both RPM and DEB only clusters. Weird stuff, otherwise perhaps the most established solution for Docker Swarm.
I ended up on this journey using Dockge. Inoffensive and you can stick your compose files in a directory and manage with git vs. Portainer’s attempt to hide them.
I've used this before in the early days of my Linux SysAdmin work, especially in the homelab.
It's pretty solid, but the limited amount of projects and lack of visibility into the CLI it uses on the backend hinder the ability to translate sysadmin work into tangible Linux skills, so I dumped it at home in favor of straight SSH sessions and some TUI stuff.
That said, if I gotta babysit Linux in an Enterprise without something like Centrify? Yeah, Cockpit is a solid, user-friendly abstraction layer, especially for WinFolks.
Part of the technical assessment I have for hiring new platform engineers involves troubleshooting a service hosted in a headless Linux vm.
Troubleshooting and fluency on the command line are among what I consider core skills. Being able to dig through abstraction layers is not just essential for when things go wrong, they are essential for building infrastructure, and really tells you whether an architecture is fit for purpose.
From a professional perspective, this is a solid question. And yeah, between the basic tool suite (top/cd/ls -l/df -H/grep/pipe '|'/ssh) and some common sysadmin/engie knowledge, I could get by with Linux just fine. "Just fine" doesn't cut it for troubleshooting sludgepipes and Kubernetes though, and my skills with Powershell finally gave me the confidence boost to take CLI/TUI seriously on Linux.
And man, zero regrets. It's nice having an OS not fight me tooth and nail to do shit, even if it means letting me blow my feet off with some commands (which is why, to any junior readers out there, we always start with a snapshot when troubleshooting servers).
Now to finish my mono-compose for my homelab and get back to enjoying the fruits of my labor...
Sure... but, I’ve got decades of experience doing that stuff, just not frequently enough to keep it in my head, these days. I usually want a small project server to just do shit and the less there is between that and booting up a fresh Linux install, the better. For example, I don’t keep firewall command line syntax in my head, but I know what needs to be done, and I always seem to need it with small home projects. I lose nothing by having a trustworthy gui do it. I’d give this a shot. I doubt I’d use it in a professional environment, but that’s not really my use case these days.
Which goes to show, experience and maturity changes how people use tools. The person I was responding to was at an earlier maturity stage and realized it was hampering their growth
I am more of a TUI person anyways. I have never found web based server management to be as responsive as TUI, same reason I prefer direct attaching than live tailing on a web tool.
I configure my router through a web interface and not the command line either. It isn’t something I want to mess with on my downtime.
When I was interviewing people on behalf of a client, I was surprised at the number of people who didn't even know what SSH was. This was for a mid-level software developer and not a junior and they all came with glowing resumes.
They all insisted that it was essential to have a CI/CD process but didn't even know what the "CD" part even did. Apparently you just "git push" and the code magically gets on the server. There are many ways to do deployments and a CI/CD process isn't always suitable and can have many forms, in my opinion, but I was happy to discuss any and all. But it's difficult to do that without the basics. As you said, before I was commissioned the platform had no documentation, was crumbling under tech debt and failing constantly so something like getting on the server to at least figure out what's going on was essential.
Gathering and mapping unfamiliar systems is part of that skillset. I’m also looking at being able to think laterally, being able descend abstraction layers, and understanding architectural characteristics and constraints (Roy Fielding’s Dissertation), which will recur at each level of abstraction.
It's neutered and not as full featured, but not bad in a pinch. All of these web admin tools are hacks that call out to shell scripts and whatnot. It requires a lot of conditional behavior and/or vertical integration. "Linux" has no consistent API for control, so its all duct tape. Webmin is the same, tbh (swap perl for whatever cockpit is written in)
I installed the latest Fedora Server on my Framework Desktop and noticed that Cockpit was enabled automatically. Overall impression is that its pretty good for getting a quick overview of things and you can certainly do _some_ administration with it, but you run into its limitations pretty fast trying to get any serious work done with it.
It's probably great for those who are new to Linux and want that NAS-like admin web UI to get the basics set up as a stepping-stone before launching deep into the command line.
Cockpit is great! My NAS (built on a weird “N17” AMD 7840HS laptop processor put into a desktop “server”mITX motherboard by those wizards in China) stuck in a Jonsbo N2 with 5x4TB Samsung 870 evos in ZFS raidz1 is entirely managed by it
I keep meaning to look into making plugins for it, but honestly I’ve barely needed to. Cockpit, the 45drives ZFS plugin fork, and the web terminal have been more than enough for me
My own early sysadmin experience was with Ubuntu eBox and I hated it. Because none of the expected configuration files or commands you would find on Stackoverflow would work on a eBox managed server. You would do configuration through the UI or nothing.
The debugging was also impossible, because logs were not in the expected places and standard grep on log and conf files would give you nothing.
Cockpit is way better than that. Partially because of systemd, but also dbus and other relatively new APIs in the Linux plumbing layer, which finally allowed us to implement consistent and stateless management UI of a system.
I used Cockpit for years after I started having issues with my network card in FreeNAS. It's generally very good, though I never really figured out how to graphically swap out a hard disk in a RAID without trashing the data (which happened once).
I suspect that was user error on my end, so if you want a more-or-less no-nonsense way to manager a server, it's certainly worth checking out.
- Easy OIDC
- Generally improve the file manager addon
- ncdu-like addon
- interface to create simple systemd services
- more visibility into which commands you can run to do the same thing
Some more love for the updates page. E.g. select a subset of updates to install, be more clear that the last update time could be different if you installed updates via CLI, that kind of thing.
I tried this out about 2 months ago when setting up a new server. I wanted something simpler and less resource heavy as webmin but it was just too simple. Adding questionable, half baked add-ons to get various functions to work just didn't give me the flexibility of webmin.
I don't mind UI, but I think it's a bad approach.
Instead of hiding all those complexities of the server behind UI, I would like to see each part of the application teach me how to achieve the same result in CLI. That would be useful for people to teach themselves, because UI comes and goes but basic linux commands - will stay
I have been using Webmin/Virtualmin for all of my 15-years as a web host. I love it, although it can be a little idiosyncratic in places, once you know how to operate with it, you won’t ever need anything else. It’s never been the most bleeding-edge or fully-featured, but it’s also never fallen behind with security and compatibility updates, and it’s had a surge in new development lately, which is exciting. On a Debian system, it’s always been rock solid for me.
Virtualmin in particular is more targeted towards production web servers, but I think they’re both something of a happy medium between a GUI and the terminal; The interfaces are all pretty explicit about the components you’re interfacing with, and nearly all of them include the ability to pop open the conf files to edit them directly.
The extensive UI isn’t the most flashy or polished, but it’s functional and if you get bored enough (as I did) you can theme the entire thing with a single CSS file (be prepared for a lot of ‘!important’ and other things that will drive UI/X folks nuts), and make it look rather stylish.
The only downside (and this isn’t really a downside for production servers) is it’s opinionated on how some things “should” be configured. It’s not restrictive, per se, but it’s not very tolerant for “coloring outside the lines”. You can run an Apache or Nginx reverse proxy, but if you want to use Caddy or Traefik or something similar, this may not be the admin panel for you.
Myself, I just run Webmin/Virtualmin on my production servers, and use a separate server for Docker and apps, where I’ve used both Cockpit and Portainer, but generally tend to stick with the CLI. The command line will always be the best, most efficient way of interfacing with Linux. Once I’d learned enough to be comfortable, I found it becomes increasingly preferable for most common tasks.
Both can have their place. I'm pretty familiar with the podman cli, but having a dashboard I can access from a bookmark in my browser is handy when I just want a quick overview of everything.
Does anyone else remember when someone ported kill to the DOOM engine? So you could fire up DOOM and kill processes using different guns for different kill levels?
I will not assume any liability for damage caused from running this code. Especially if you are running it as root. In fact, we both know that this will cause damage to the system, and that's why you want to try it. You have been warned.
It is very nice. I hope more apps and options are added as it makes very simple to do some admin tasks.
Want to manage services? No problem, it is very easy. Clear failed and disable? Easy.
Want to see some disks and do admin operations on disks? It does.
Want a simple system monitor? It tracks cpu, ram and more in a pretty interface.
RHEL is dropping old interfaces like cluster management and starting to use Cockpit only.
I just wish Cockpit would replace Hawk2 for cluster management as it is better then the old deprecated cluster manager web interface.
But yes, install Cockpit or keep it installed ready to be use cause one day it saves the day...
I don‘t like the whole idea because it is less secure to have a web browser instead of a standard client. Think what an attacker could do if they take control of the server.
The main difference of Cockpit as opposed to more old school visual server administration tools that it doesn't replace standard server management approaches with its own configuration storage in some weird database.
Edits which you make through cockpit and edits which you make through cli are exactly the same edits in same APIs. You do not need to choose one or the over. You can switch from one to the other seamlessly on a command by command basis.
I use it for certain use cases, where it definitely is more convenient. For example, adding a new user or adding an ssh key for a user or debugging SELinux issues.
Web UIs are nicer to deal with for simpler tasks. You can use this on your phone easily. Less technical users can be instructed on how to perform simple tasks like remotely powering off a machine.
i used to set up webmin for the linux challenged admins so they could do basic tasks. it was nice because you could lock them to specific functions in certain modules and make it difficult for them to break things
It's pretty single-server focused... but there is a 'Multi Host' mode. One instance can use SSH to look at N systems [independently]. This consolidates the Cockpit endpoints you might need to use/ports to open... but doesn't give much in the way of orchestration.
I believe when 'roscas' says this feature was dropped, they're talking about the requirement to enable 'AllowMultiHost'. As far as I know, this is still supported with some risk (according to the latest docs): https://cockpit-project.org/guide/latest/#secondary-auth
I think they dropped multi server managment because it was possible to add a few servers but I guess they drop that one out. You do can logon into a server right on the logon page. That is nice.
I had a bad experience with it. We hired a contractor and he
1. insisted on a pre-war version of ubuntu
2. insisted on the cockpit. So you no longer can modify the NFS exports over ssh, you need to connect to this HTTP abomination. Very nice. Always wanted to open more ports on my servers
As a certified graybeard (just literally graying on my beard now) who now prefers the CLI, I am SO GLAD that tools like this exist. I owe probably all of my high job satisfaction and higher income to the fact that I got to play around with Linux via Ubuntu (and Compiz Fusion via CCSM) and later Webmin and other tools I eventually played around with. I learned so much without realizing I'd be using it later, though IIRC it involved much swearing and gnashing of teeth. It's crazy to think that 20 years later so much of it comes naturally. Though I'm still learning just as much (with just as much swearing at the computer usually) every day.
When it evolved a couple years ago to automatically set up the bridge for libvirt correctly, it had arrived. When that thing can set up pushbutton podman apps with decent net and persistence defaults it will be gold.
I just want to check from my phone how my home server is doing. Maybe someone else gets a perverse pleasure out of catting /proc/meminfo but I don't understand the need to make things more complicated than necessary.
I've come across this before. Maybe a few years ago, but the surface area was too high. How do you navigate your security ?
I have used cockpit and like it. It allows me to quickly see the entirety of my system.
But, it doesn't offer any way to review my incus containers.
So, I tried wolfstack, which was recently listed on HN.
It appears it only supports lxc. I'm surprised, isn't lxc and incus more or less 1:1 synonymous (unless you get into recent more complexities)?
I'm feeling like it is hard to find a simple GUI to just review a system and manage a bunch of containers and VMs.
Do you mean LXD and Incus? If so, sort of. Incus is a fork of LXD but it diverged quite a bit and due to the LXD licensing change, Incus can't take anything from LXD but LXD can from Incus. Incus is a community project and is a lot more active. They both use LXC under the hood.
Finding a simple GUI is not going to be easy because everyone has a different definition of what "simple" means. It also depends on what you mean by "review" and "manage". There were a few web UIs for LXD containers and they were ported or used for Incus containers. Some are still maintained and active.
I personally prefer the command line and find it easier and simpler than using graphical interfaces so don't have a recommendation. When the number of containers and servers becomes large enough to warrant anything else, then that's when automation starts.
Mostly I want a quick glance at the state. I don't really do much using cockpit. It is read only for me and I'm using command line to do anything. I like that cockpit is generally mobile friendly because I can use it remotely as all my machines are on tailscale/headscale.
We do have a cockpit-podman plugin and have added recently some features to simplify management of podman quadlets. (podman quadlets is like a systemd-friendly version of docker compose, which is a good fit for a single server use case)
So if you get onboard with podman, you may get some benefits from the Cockpit UI for it.
But you are right, there are many different container technologies and we haven't catched up with all of them.
I use proxmox. I only use it for a home lab but it's pretty good and all I use are lxc containers.
proxmox
Would be nice if the landing page had some graphical pictures for a graphical interface...
Try https://cockpit-project.org/ :)
Which is fine and all but repos with such sparse README's are not doing themselves any favors.
I tried using this to handle my 10-ish Docker containers, but I ended up using Portainer. Sure, not the same thing, but if someone (like me) thought Cockpit might be nice for managing a small Docker host, this didn't work for me
Going for a shameless plug - I am working on an observability dashboard for Docker Swarm: https://github.com/Radiergummi/cetacean
Also works for a single node cluster. Maybe that’s closer to what you’re looking for.
Hey that’s pretty cool, nice to see someone paying attention to Docker Swarm (it’s nice for simple deployments, like multi-server Compose). You might want to add some screenshots to the docs though.
There was also Swarmpit but it didn’t really get that much love, sadly: https://github.com/swarmpit/swarmpit/issues/719
Portainer is pretty nice feature wise but even with lowered MTU I still get odd networking related issues (seems like the agent or whatever cannot reach the manager sometimes) but I’ve had those sorts of issues across multiple different clusters, both in cloud and on-prem with single leader setups and across both RPM and DEB only clusters. Weird stuff, otherwise perhaps the most established solution for Docker Swarm.
can you please add some screenshots?
I ended up on this journey using Dockge. Inoffensive and you can stick your compose files in a directory and manage with git vs. Portainer’s attempt to hide them.
What you're looking for is Dokploy. It's much better than it's predecessors like Dokku, CapRover, etc.
I was heavily impressed with CapRover 5 years ago, so if you’re right, it’s worth checking this out.
Portainer still needs to be run as rootful container? Then thanks, but no thanks.
I've used this before in the early days of my Linux SysAdmin work, especially in the homelab.
It's pretty solid, but the limited amount of projects and lack of visibility into the CLI it uses on the backend hinder the ability to translate sysadmin work into tangible Linux skills, so I dumped it at home in favor of straight SSH sessions and some TUI stuff.
That said, if I gotta babysit Linux in an Enterprise without something like Centrify? Yeah, Cockpit is a solid, user-friendly abstraction layer, especially for WinFolks.
Part of the technical assessment I have for hiring new platform engineers involves troubleshooting a service hosted in a headless Linux vm.
Troubleshooting and fluency on the command line are among what I consider core skills. Being able to dig through abstraction layers is not just essential for when things go wrong, they are essential for building infrastructure, and really tells you whether an architecture is fit for purpose.
From a professional perspective, this is a solid question. And yeah, between the basic tool suite (top/cd/ls -l/df -H/grep/pipe '|'/ssh) and some common sysadmin/engie knowledge, I could get by with Linux just fine. "Just fine" doesn't cut it for troubleshooting sludgepipes and Kubernetes though, and my skills with Powershell finally gave me the confidence boost to take CLI/TUI seriously on Linux.
And man, zero regrets. It's nice having an OS not fight me tooth and nail to do shit, even if it means letting me blow my feet off with some commands (which is why, to any junior readers out there, we always start with a snapshot when troubleshooting servers).
Now to finish my mono-compose for my homelab and get back to enjoying the fruits of my labor...
Sure... but, I’ve got decades of experience doing that stuff, just not frequently enough to keep it in my head, these days. I usually want a small project server to just do shit and the less there is between that and booting up a fresh Linux install, the better. For example, I don’t keep firewall command line syntax in my head, but I know what needs to be done, and I always seem to need it with small home projects. I lose nothing by having a trustworthy gui do it. I’d give this a shot. I doubt I’d use it in a professional environment, but that’s not really my use case these days.
Which goes to show, experience and maturity changes how people use tools. The person I was responding to was at an earlier maturity stage and realized it was hampering their growth
I am more of a TUI person anyways. I have never found web based server management to be as responsive as TUI, same reason I prefer direct attaching than live tailing on a web tool.
I configure my router through a web interface and not the command line either. It isn’t something I want to mess with on my downtime.
One of my favorite interview questions: "Here are some SSH credentials. What does this system do?"
Sometimes there aren't any docs. Sometimes the docs are wrong. It's important to be able to establish what the actual running situation is.
Mind you, my job title is MD, so I get that luxury.
When I was interviewing people on behalf of a client, I was surprised at the number of people who didn't even know what SSH was. This was for a mid-level software developer and not a junior and they all came with glowing resumes.
They all insisted that it was essential to have a CI/CD process but didn't even know what the "CD" part even did. Apparently you just "git push" and the code magically gets on the server. There are many ways to do deployments and a CI/CD process isn't always suitable and can have many forms, in my opinion, but I was happy to discuss any and all. But it's difficult to do that without the basics. As you said, before I was commissioned the platform had no documentation, was crumbling under tech debt and failing constantly so something like getting on the server to at least figure out what's going on was essential.
Gathering and mapping unfamiliar systems is part of that skillset. I’m also looking at being able to think laterally, being able descend abstraction layers, and understanding architectural characteristics and constraints (Roy Fielding’s Dissertation), which will recur at each level of abstraction.
The very first thing I remove when I install Fedora. It's such a bloat that only takes up space and memory for most people.
It's socket-activated, so doesn't really take up memory unless you actively use it.
Same!
remove cockpit*, install fish shell :-)
I used Webmin[0] back in the day, I wonder how more recent server web UIs like Cockpit stack up.
[0] https://webmin.com/
I looked at this and said "They've made Webmin again."
It's neutered and not as full featured, but not bad in a pinch. All of these web admin tools are hacks that call out to shell scripts and whatnot. It requires a lot of conditional behavior and/or vertical integration. "Linux" has no consistent API for control, so its all duct tape. Webmin is the same, tbh (swap perl for whatever cockpit is written in)
45Drives uses cockpit as the UI layer of their "Houston" operating system. https://www.45drives.com/community/articles/New-Operating-Sy...
Cockpit tends to be less ad-hoc than others ime. Often it'll use dbus on the backend.
It's also socket activated, which is nice.
I installed the latest Fedora Server on my Framework Desktop and noticed that Cockpit was enabled automatically. Overall impression is that its pretty good for getting a quick overview of things and you can certainly do _some_ administration with it, but you run into its limitations pretty fast trying to get any serious work done with it.
It's probably great for those who are new to Linux and want that NAS-like admin web UI to get the basics set up as a stepping-stone before launching deep into the command line.
Cockpit is great! My NAS (built on a weird “N17” AMD 7840HS laptop processor put into a desktop “server”mITX motherboard by those wizards in China) stuck in a Jonsbo N2 with 5x4TB Samsung 870 evos in ZFS raidz1 is entirely managed by it
I keep meaning to look into making plugins for it, but honestly I’ve barely needed to. Cockpit, the 45drives ZFS plugin fork, and the web terminal have been more than enough for me
Same here. Using it on two boxes, makes Linux sysadmin work easier.
Reminds me of cpanel, from the late 1900s: https://en.wikipedia.org/wiki/CPanel
My own early sysadmin experience was with Ubuntu eBox and I hated it. Because none of the expected configuration files or commands you would find on Stackoverflow would work on a eBox managed server. You would do configuration through the UI or nothing.
The debugging was also impossible, because logs were not in the expected places and standard grep on log and conf files would give you nothing.
Cockpit is way better than that. Partially because of systemd, but also dbus and other relatively new APIs in the Linux plumbing layer, which finally allowed us to implement consistent and stateless management UI of a system.
Trigger warning. This is taking me back to when I ran my own "web hosting provider" on a PIII with 128mb of ram back in the early 2000s (I was 13).
Is it worth switching off Komodo to this?
I used Cockpit for years after I started having issues with my network card in FreeNAS. It's generally very good, though I never really figured out how to graphically swap out a hard disk in a RAID without trashing the data (which happened once).
I suspect that was user error on my end, so if you want a more-or-less no-nonsense way to manager a server, it's certainly worth checking out.
Question from a Cockpit PO: if you were to choose one feature to add to the project what that feature would be?
- Easy OIDC - Generally improve the file manager addon - ncdu-like addon - interface to create simple systemd services - more visibility into which commands you can run to do the same thing
Some more love for the updates page. E.g. select a subset of updates to install, be more clear that the last update time could be different if you installed updates via CLI, that kind of thing.
A streamlined way to control "systemctl --user ..." without needing root auth.
Incus support.
I tried this out about 2 months ago when setting up a new server. I wanted something simpler and less resource heavy as webmin but it was just too simple. Adding questionable, half baked add-ons to get various functions to work just didn't give me the flexibility of webmin.
I don't mind UI, but I think it's a bad approach. Instead of hiding all those complexities of the server behind UI, I would like to see each part of the application teach me how to achieve the same result in CLI. That would be useful for people to teach themselves, because UI comes and goes but basic linux commands - will stay
Comes and goes? Webmin would like a word
I have been using Webmin/Virtualmin for all of my 15-years as a web host. I love it, although it can be a little idiosyncratic in places, once you know how to operate with it, you won’t ever need anything else. It’s never been the most bleeding-edge or fully-featured, but it’s also never fallen behind with security and compatibility updates, and it’s had a surge in new development lately, which is exciting. On a Debian system, it’s always been rock solid for me.
Virtualmin in particular is more targeted towards production web servers, but I think they’re both something of a happy medium between a GUI and the terminal; The interfaces are all pretty explicit about the components you’re interfacing with, and nearly all of them include the ability to pop open the conf files to edit them directly.
The extensive UI isn’t the most flashy or polished, but it’s functional and if you get bored enough (as I did) you can theme the entire thing with a single CSS file (be prepared for a lot of ‘!important’ and other things that will drive UI/X folks nuts), and make it look rather stylish.
The only downside (and this isn’t really a downside for production servers) is it’s opinionated on how some things “should” be configured. It’s not restrictive, per se, but it’s not very tolerant for “coloring outside the lines”. You can run an Apache or Nginx reverse proxy, but if you want to use Caddy or Traefik or something similar, this may not be the admin panel for you.
Myself, I just run Webmin/Virtualmin on my production servers, and use a separate server for Docker and apps, where I’ve used both Cockpit and Portainer, but generally tend to stick with the CLI. The command line will always be the best, most efficient way of interfacing with Linux. Once I’d learned enough to be comfortable, I found it becomes increasingly preferable for most common tasks.
Both can have their place. I'm pretty familiar with the podman cli, but having a dashboard I can access from a bookmark in my browser is handy when I just want a quick overview of everything.
Does anyone else remember when someone ported kill to the DOOM engine? So you could fire up DOOM and kill processes using different guns for different kill levels?
I don't know why but this reminded me of that.
I need to know more about this.
Probably [1], [2]
[1] https://psdoom.sourceforge.net/ [2] https://psdoom.sourceforge.net/screenshots.html
Thanks. I like the spirit of this.
I will not assume any liability for damage caused from running this code. Especially if you are running it as root. In fact, we both know that this will cause damage to the system, and that's why you want to try it. You have been warned.
It is very nice. I hope more apps and options are added as it makes very simple to do some admin tasks. Want to manage services? No problem, it is very easy. Clear failed and disable? Easy. Want to see some disks and do admin operations on disks? It does. Want a simple system monitor? It tracks cpu, ram and more in a pretty interface. RHEL is dropping old interfaces like cluster management and starting to use Cockpit only. I just wish Cockpit would replace Hawk2 for cluster management as it is better then the old deprecated cluster manager web interface. But yes, install Cockpit or keep it installed ready to be use cause one day it saves the day...
I don‘t like the whole idea because it is less secure to have a web browser instead of a standard client. Think what an attacker could do if they take control of the server.
Me too, I set up a WG tunnel to access this.
Uhhh what? If they take control of the server they have control over the box.
What is the use case for this over standard command line tools like systemctl, journalctl, top, docker ps?
The main difference of Cockpit as opposed to more old school visual server administration tools that it doesn't replace standard server management approaches with its own configuration storage in some weird database.
Edits which you make through cockpit and edits which you make through cli are exactly the same edits in same APIs. You do not need to choose one or the over. You can switch from one to the other seamlessly on a command by command basis.
Sometimes I like a web page to bring information to me rather than having to go on a command line use those tools to find the data I want. YMMV.
I use it for certain use cases, where it definitely is more convenient. For example, adding a new user or adding an ssh key for a user or debugging SELinux issues.
Web UIs are nicer to deal with for simpler tasks. You can use this on your phone easily. Less technical users can be instructed on how to perform simple tasks like remotely powering off a machine.
Is the overhead of such tools, and added attack surface, justified over sshing and issuing a shutdown command though?
What kind of attack are you anticipating? Surely only a fool or a madman would make such a thing publicly accessible.
You can just run it via ssh anyway....
I use this in my homelab. I really appreciate the systemd logging functionality in Cockpit.
It’s miles away from like Webmin, which I used god knows how long ago.
Ripe for a supply chain attack. What safeguards do they have to protect against one?
Well you can use it via ssh so you don't have to open it up to the Internet directly.
The same that OpenSSL had with thousands of eyeballs looking at its source code for decades.
Aka 0. Security is a theater for the amateurs.
The worst one is password based login it enables
I used to have this, but it takes up so much resources. not fit for small servers.
Interesting. This looks nice. Made me think of webmin which I used... years ago.
Went to look and webmin's changed. Pretty crazy.
i used to set up webmin for the linux challenged admins so they could do basic tasks. it was nice because you could lock them to specific functions in certain modules and make it difficult for them to break things
yeah! I had some things through there early on when I was building sites. I had some custom scripts that could also be triggered by the users.
Sooooo.... webmin?
Does this work well with fleets? I remember looking at this early on it seemed fairly single-server focused.
It's pretty single-server focused... but there is a 'Multi Host' mode. One instance can use SSH to look at N systems [independently]. This consolidates the Cockpit endpoints you might need to use/ports to open... but doesn't give much in the way of orchestration.
I believe when 'roscas' says this feature was dropped, they're talking about the requirement to enable 'AllowMultiHost'. As far as I know, this is still supported with some risk (according to the latest docs): https://cockpit-project.org/guide/latest/#secondary-auth
I think they dropped multi server managment because it was possible to add a few servers but I guess they drop that one out. You do can logon into a server right on the logon page. That is nice.
Red Hat wants you to use Ansible for that.
Red Hat wants you to use Satellite for that, which uses Ansible but also does other things based around package management.
I had a bad experience with it. We hired a contractor and he
1. insisted on a pre-war version of ubuntu
2. insisted on the cockpit. So you no longer can modify the NFS exports over ssh, you need to connect to this HTTP abomination. Very nice. Always wanted to open more ports on my servers
> 1. insisted on a pre-war version of ubuntu
Which war?
Sounds like you had a bad experience with a contractor.
But does it work on a Gibson??
cockpit has a great virtualization interface, in my opinion this alone makes it a better "buy" than truenas for a home server.
As a certified graybeard (just literally graying on my beard now) who now prefers the CLI, I am SO GLAD that tools like this exist. I owe probably all of my high job satisfaction and higher income to the fact that I got to play around with Linux via Ubuntu (and Compiz Fusion via CCSM) and later Webmin and other tools I eventually played around with. I learned so much without realizing I'd be using it later, though IIRC it involved much swearing and gnashing of teeth. It's crazy to think that 20 years later so much of it comes naturally. Though I'm still learning just as much (with just as much swearing at the computer usually) every day.
When it evolved a couple years ago to automatically set up the bridge for libvirt correctly, it had arrived. When that thing can set up pushbutton podman apps with decent net and persistence defaults it will be gold.
the opinion you didn't ask for:
avoid admin UIs... at best they make you lazy, at worst a security nightmare
I just want to check from my phone how my home server is doing. Maybe someone else gets a perverse pleasure out of catting /proc/meminfo but I don't understand the need to make things more complicated than necessary.
If you want people to self-host, this is a gateway to that.
And those who are actually curious will look into what it's doing under the hood.
Everyone has to start somewhere.
Very well done. For me cockpit is more than enough a mainstream proxmox