How to install Cockpit on CentOS 7

January 9, 2015 — 13 Comments

Being used to have Cockpit in my Fedora 21 Server VMs I decided that having it also on my CentOS machines would be awesome, unfortunately I quickly found that Cockpit was not available in CentOS repositories. Of course I knew that Cockpit comes installed and enabled by default in CentOS 7 Atomic host image so I figured out that those packages had to be hidden in some Atomic related repo.

After looking a bit I finally found in GitHub the sig-atomic-buildscripts repository that belongs to CentOS Project. This repository contains several scripts and files intended to build your own CentOS Atomic host including virt7-testing.repo, the Yum repository file needed for Cockpit.

Clone the GutHub repository.

git clone https://github.com/baude/sig-atomic-buildscripts

Copy virt7-testing.repo file to /etc/yum.repos.d and install Cockpit.

yum install cockpit

Enable Cockpit service.

[root@webtest ~]# systemctl enable cockpit.socket
ln -s '/usr/lib/systemd/system/cockpit.socket' '/etc/systemd/system/sockets.target.wants/cockpit.socket'
[root@webtest ~]#

Add Cockpit to the list of trusted services in FirewallD.

[root@webtest ~]# firewall-cmd --permanent --zone=public --add-service=cockpit
success
[root@webtest ~]#
[root@webtest ~]# firewall-cmd --reload
success
[root@webtest ~]#
[root@webtest ~]# firewall-cmd --list-services
cockpit dhcpv6-client ssh
[root@webtest ~]#

Start Cockpit socket.

systemctl start cockpit.socket

Do no try to access Cockpit yet, there is an issue about running Cockpit on stock CentOS/RHEL 7. To be able to start it we need first to modify the service file to disable SSL.Edit file /usr/lib/systemd/system/cockpit.service and modify ExecStart line to look like this.

ExecStart=/usr/libexec/cockpit-ws --no-tls

I know this procedure will invalidate Cockpit for a production environment in RHEL7 at least for now but this is for my lab environment and I can live with it.

Reload systemd.

systemctl daemon-reload

Restart Cockpit.

systemctl restart cockpit

Access Cockpit web interface, login as root and have fun :-)

Screen Shot 2015-01-09 at 01.57.51

Juanma.

 

13 responses to How to install Cockpit on CentOS 7

  1. 

    Gracias por la pista de donde encontrar el repo. Por cierto a mi me funciona el https sin problema

  2. 

    Instead full download the git repo, you can “wget it”

    wget -O /etc/yum.repos.d/virt7-testing.repo https://github.com/baude/sig-atomic-buildscripts/raw/master/virt7-testing.repo

    Also, as the issue says, it’s better to create a file like /etc/systemd/system/cockpit.service.d/no-tls.conf instead modify the /usr/lib/systemd/system/cockpit.service because otherwise an update will overwrite it. In my tests:

    cat /etc/systemd/system/cockpit.service.d/no-tls.conf
    [Service]
    ExecStart=
    ExecStart=/usr/libexec/cockpit-ws –no-tls

    (because ExecStart doesn’t allow overwrite the /usr/lib/… default without first “clear” it)

    HTH

  3. 

    Don’t forget to add “enabled=1” to virt7-testing.repo

  4. 

    Thanks all for the comments and the useful tips!

  5. 
    Markus Koch May 1, 2015 at 11:23

    After first login create an admin user with uid >= 1000, assign Server and Container admin role to that user.
    Remove –no-tls option or file again and do a “systemctl daemon-reload” and “systemctl reload cockpit”.
    Now you can login with user over ssl. The PAM modules avoid user with users uid<1000 to login.

  6. 

    Is not necessary use virt7-testing repo. The CentOS 7 support the installation of docker and Cockpit without it.

  7. 

    I am trying to configure Cockpit on Rhel 7

    Getting this error in the Log File.

    Sep 23 16:39:06 localhost systemd: Started The Apache HTTP Server.
    Sep 23 16:39:38 localhost cockpit-ws: received invalid HTTP request line
    Sep 23 16:39:38 localhost cockpit-ws: received invalid HTTP request line
    Sep 23 16:39:38 localhost cockpit-ws: received invalid HTTP request line
    Sep 23 16:39:38 localhost cockpit-ws: received invalid HTTP request line
    Sep 23 16:39:38 localhost cockpit-ws: received invalid HTTP request line
    Sep 23 16:39:38 localhost cockpit-ws: received invalid HTTP request line

  8. 

    Hi,
    You wrote

    I know this procedure will invalidate Cockpit for a production environment in RHEL7 at least for now but this is for my lab environment and I can live with it.

    Hmm, but behind a reverse proxy on a secure internal newtork, no TLS is desirable, no? (It centralises the security) The reverse proxy can handle the TLS. (Maybe I’m wrong but I’m setting up cockpit now so if I’m wrong about my assessment of security tell me how I’m wrong. I’m all ears).

    • 

      Hi,

      First of all thanks for your comments.

      In my mind, and from my experience, any non-secure HTTP connection will not be allowed in a production environment.

      That said I agree that your approach can be perfectly valid in as long as Cockpit is keep in a secure trusted zone and is not directly exposed.

  9. 

    Cockpit should be in the CentOS Extras repository, and no need to build it. This is for CentOS 7 and greater only. Just enable that repository and you should be able to yum install cockpit. Then systemctl enable cockpit.service && systemctl start cockpit

  10. 

    I got a conflict on my setup during install : Docker coming from Docker repo instead of Centos repo, Had to install cockpit-docker without the dependencies.

    yum install -y yum-utils
    rpm -Uvh –nodeps $(repoquery –location cockpit-docker)
    yum install -y cockpit

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s