Get the most out of your Centmin Mod LEMP stack
Become a Member

Sysadmin Will cockpit work with Centminmod?

Discussion in 'System Administration' started by Sos, Dec 13, 2018.

Tags:
  1. Sos

    Sos New Member

    15
    2
    3
    Dec 4, 2018
    Ratings:
    +3
    Local Time:
    12:44 PM
    1.15.7
  2. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,601
    Local Time:
    4:44 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Honestly haven't tried Cockpit so wouldn't know 100%
     
  3. BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    1:44 PM
    Bump, just to see others experience with this and if it is really worth it.
     
  4. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,601
    Local Time:
    4:44 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Just tried Cockpit on Centmin Mod with CentOS 7 Running Cockpit — Cockpit Project - skipping firewalld steps as Centmin Mod uses CSF Firewall and already whitelists the IP of user that installed Centmin Mod so you can access it at yourhostname:9090 or serverip:9090 without needing to open TCP port 9090 or below custom TCP port 9091
    Code (Text):
    cockpit_port=9091
    yum -y install cockpit sos cockpit-dashboard cockpit-storaged
    mkdir -p /etc/systemd/system/cockpit.socket.d/
    echo -e "[Socket]\nListenStream=\nListenStream=$cockpit_port\n" > /etc/systemd/system/cockpit.socket.d/listen.conf
    systemctl daemon-reload
    systemctl enable --now cockpit.socket
    

    But haven't used it enough to comment, just that logging in to cockpit works :)

    edit: looks good so far testing on my VirtualBox based CentOS 7 and CentOS 8 instances. Though not much of a fan of opening up web/gui access to a server as it's just another avenue for server compromise if not managed properly.
     
  5. rdan

    rdan Well-Known Member

    5,438
    1,396
    113
    May 25, 2014
    Ratings:
    +2,184
    Local Time:
    2:44 AM
    Mainline
    10.2
    Not much useful to me, except for this real-time stats on the dashboard.

    upload_2019-9-30_18-5-55.png
     
  6. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,601
    Local Time:
    4:44 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Not fan - even has web gui for terminal/SSH access though the scrollbar doesn't seem to work in the terminal so mouse scroll wheel only.

    Example of Cockpit on Centmin Mod with CentOS 7 Running Cockpit — Cockpit Project - skipping firewalld steps as Centmin Mod uses CSF Firewall and already whitelists the IP of user that installed Centmin Mod so you can access it at yourhostname:9090 or serverip:9090 without needing to open TCP port 9090 or below custom TCP port 9091
    Code (Text):
    cockpit_port=9091
    yum -y install cockpit sos cockpit-dashboard cockpit-storaged
    mkdir -p /etc/systemd/system/cockpit.socket.d/
    echo -e "[Socket]\nListenStream=\nListenStream=$cockpit_port\n" > /etc/systemd/system/cockpit.socket.d/listen.conf
    systemctl daemon-reload
    systemctl enable --now cockpit.socket
    


    centos7-cockpit-00.png

    Cockpit's Machines listing of CentOS 7 primary server and added access to CentOS 8 remote server

    centos7-cockpit-01.png centos7-cockpit-02.png

    Cockpit remote server access to CentOS 8 server from CentOS 7 reported YUM updates - looks like CentOS 8 includes a compat-openssl10 YUM package for backwards compatibility to OpenSSL 1.0.2o as some packages may not support CentOS 8's OpenSSL 1.1.1 version. Oh yes playing with Percona MySQL 8 and Remi YUM repositories on CentOS 8 :)

    centos7-cockpit-03.png

    Cockpit web terminal SSH access to CentOS 7 server initial login to Centmin Mod LEMP stack server

    centos7-cockpit-04.png

    Centmin Mod LEMP stack's cminfo top output in web terminal which shows Centmin Mod server statistics :)

    centos7-cockpit-05.png centos7-cockpit-06.png centos7-cockpit-07.png centos7-cockpit-08.png
     
  7. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,601
    Local Time:
    4:44 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah I guess depends on what you need in a web gui. I can see web gui based terminal SSH access might come in handy for some folks - though scary to think if not secured properly, you'd be opening up access to hackers or potential compromise of your server ! You can lock it down to a different custom TCP port and IP access I suppose. Or just enable cockpit service via proper SSH access only when you need to and disable/stop cockpit service when you don't need it.

    Actually, thinking about it, it isn't that bad for Centmin Mod LEMP stack servers as by default they use CSF Firewall and it blocks cockpit's default port 9090 from access. When you initially install Centmin Mod LEMP stack, CSF Firewall whitelists the user's ISP ip automatically so you can access cockpit web gui without needing to open port 9090 to the public internet. So I guess you're almost as secure as traditional SSH client access/login seeing as you use same system linux users to login to Cockpit web gui. But danger is some folks to troubleshoot issues are disabling CSF Firewall, which then could open up access - though it shouldn't as CSF Firewall is only place underlying iptables has whitelisted ports.
     
  8. rdan

    rdan Well-Known Member

    5,438
    1,396
    113
    May 25, 2014
    Ratings:
    +2,184
    Local Time:
    2:44 AM
    Mainline
    10.2
    Documentation about this 3?
    Thanks!
     
  9. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,601
    Local Time:
    4:44 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what no google-fu ? :)
     
  10. rdan

    rdan Well-Known Member

    5,438
    1,396
    113
    May 25, 2014
    Ratings:
    +2,184
    Local Time:
    2:44 AM
    Mainline
    10.2
    This is now included on CentOS 8.1 DigitalOcean Image.
    Or maybe included on default CentOS8?
     
  11. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,601
    Local Time:
    4:44 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  12. rdan

    rdan Well-Known Member

    5,438
    1,396
    113
    May 25, 2014
    Ratings:
    +2,184
    Local Time:
    2:44 AM
    Mainline
    10.2
    It's default installed on DO Centos 8.1.
     
  13. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,601
    Local Time:
    4:44 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    check if yum history list shows cockpit being installed at some point in the life of server or was it baked into the image
    Code (Text):
    yum history list cockpit
     
  14. rdan

    rdan Well-Known Member

    5,438
    1,396
    113
    May 25, 2014
    Ratings:
    +2,184
    Local Time:
    2:44 AM
    Mainline
    10.2
    I already destroy the droplet.
    I will check next time.
     
  15. rdan

    rdan Well-Known Member

    5,438
    1,396
    113
    May 25, 2014
    Ratings:
    +2,184
    Local Time:
    2:44 AM
    Mainline
    10.2
    A nice to have as I have my Hetrixtools free plan full already.

    upload_2022-11-15_19-28-16.png

    The best thing is it's free, realtime and only run when you open the webUI.
     
  16. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,601
    Local Time:
    4:44 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Indeed :)
     
  17. rdan

    rdan Well-Known Member

    5,438
    1,396
    113
    May 25, 2014
    Ratings:
    +2,184
    Local Time:
    2:44 AM
    Mainline
    10.2
    Oh with more other things like it monitor for updates, be able to update from the cockpit.
    And show some Load Spike (shows all the logs during that specific period), which I don't see much on free monitoring tools.

    upload_2022-11-16_17-47-10.png
     
  18. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,601
    Local Time:
    4:44 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Revisiting RHEL Cockpit for EL8+ and even trying to add my own Cockpit plugins for Centmin Mod pages - I can see probably adding some Centmin Mod routines to Cockpit for a GUI control panel of sorts one day - not anytime soon though :)

    Example on AlmaLinux 8.9 KVM VPS with Cockpit enabled + Centmin Mod custom plugin page which only has a button for cminfo command to output a summary of Centmin Mod LEMP stack installed software, nginx vhosts, pure-ftpd accounts, php-fpm config etc.

    cockpit-centminmod-cminfo-01.png
    cockpit-centminmod-cminfo-03.png

    Cockpit native SSH terminal

    cockpit-centminmod-cminfo-02.png

    System Overview

    cockpit-centminmod-system-overview-01.png

    Nginx service info and history

    cockpit-centminmod-system-service-nginx-01.png

    Yum updates

    cockpit-centminmod-yum-updates-01.png

    cockpit-centminmod-yum-updates-02.png

    cockpit-centminmod-yum-updates-04.png
     
    Last edited: Dec 7, 2023