42 lines
1.1 KiB
Markdown
42 lines
1.1 KiB
Markdown
|
# Cockpit
|
||
|
|
|
||
|
|
## Purpose
|
||
|
|
|
||
|
|
The Cockpit profile installs browser-based host administration modules for
|
||
|
|
system state, storage, networking, packages, virtual machines, metrics, and
|
||
|
|
support reports. It enables the socket-activated service.
|
||
|
|
|
||
|
|
## Installation and validation
|
||
|
|
|
||
|
|
```bash
|
||
|
|
sudo ./install.sh --cockpit
|
||
|
|
systemctl status cockpit.socket
|
||
|
|
ss -ltnp | grep ':9090'
|
||
|
|
```
|
||
|
|
|
||
|
|
Connect to `https://HOSTNAME:9090`. A browser warning is expected when the
|
||
|
|
default host certificate is not trusted.
|
||
|
|
|
||
|
|
`cockpit-files` is installed when available and skipped with a warning
|
||
|
|
otherwise.
|
||
|
|
|
||
|
|
## Access and firewall
|
||
|
|
|
||
|
|
The Cockpit profile does not change UFW. Explicit toolkit UFW enablement allows
|
||
|
|
TCP 9090, but upstream firewalls and network ACLs remain external concerns.
|
||
|
|
Use normal Linux accounts and review which users may administer the host.
|
||
|
|
|
||
|
|
## Troubleshooting and rollback
|
||
|
|
|
||
|
|
```bash
|
||
|
|
journalctl -u cockpit.socket -u cockpit.service
|
||
|
|
systemctl restart cockpit.socket
|
||
|
|
apt-cache policy cockpit cockpit-machines cockpit-files
|
||
|
|
```
|
||
|
|
|
||
|
|
To disable remote access without removing packages:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
sudo systemctl disable --now cockpit.socket
|
||
|
|
```
|