Welcome to Centmin Mod Community
Become a Member

Sysadmin Will cockpit work with Centminmod?

Discussion in 'System Administration' started by Sos, Dec 13, 2018.

  1. Sos

    Sos New Member

    15
    2
    3
    Dec 4, 2018
    Ratings:
    +3
    Local Time:
    11:15 PM
    1.15.7
  2. eva2000

    eva2000 Administrator Staff Member

    44,426
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,696
    Local Time:
    3:15 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Honestly haven't tried Cockpit so wouldn't know 100%
     
  3. BamaStangGuy

    BamaStangGuy Premium Member Premium Member

    649
    187
    43
    May 25, 2014
    Ratings:
    +262
    Local Time:
    12:15 AM
    Bump, just to see others experience with this and if it is really worth it.
     
  4. eva2000

    eva2000 Administrator Staff Member

    44,426
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,696
    Local Time:
    3:15 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Just tried Cockpit on Centmin Mod with CentOS 7 Running Cockpit — Cockpit Project - skipping firewalld steps as Centmin Mod uses CSF Firewall and already whitelists the IP of user that installed Centmin Mod so you can access it at yourhostname:9090 or serverip:9090 without needing to open TCP port 9090 or below custom TCP port 9091
    Code (Text):
    cockpit_port=9091
    yum -y install cockpit sos cockpit-dashboard cockpit-storaged
    mkdir -p /etc/systemd/system/cockpit.socket.d/
    echo -e "[Socket]\nListenStream=\nListenStream=$cockpit_port\n" > /etc/systemd/system/cockpit.socket.d/listen.conf
    systemctl daemon-reload
    systemctl enable --now cockpit.socket
    

    But haven't used it enough to comment, just that logging in to cockpit works :)

    edit: looks good so far testing on my VirtualBox based CentOS 7 and CentOS 8 instances. Though not much of a fan of opening up web/gui access to a server as it's just another avenue for server compromise if not managed properly.
     
  5. rdan

    rdan Well-Known Member

    4,940
    1,179
    113
    May 25, 2014
    Ratings:
    +1,787
    Local Time:
    1:15 PM
    Mainline
    10.2
    Not much useful to me, except for this real-time stats on the dashboard.

    upload_2019-9-30_18-5-55.png
     
  6. eva2000

    eva2000 Administrator Staff Member

    44,426
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,696
    Local Time:
    3:15 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Not fan - even has web gui for terminal/SSH access though the scrollbar doesn't seem to work in the terminal so mouse scroll wheel only.

    Example of Cockpit on Centmin Mod with CentOS 7 Running Cockpit — Cockpit Project - skipping firewalld steps as Centmin Mod uses CSF Firewall and already whitelists the IP of user that installed Centmin Mod so you can access it at yourhostname:9090 or serverip:9090 without needing to open TCP port 9090 or below custom TCP port 9091
    Code (Text):
    cockpit_port=9091
    yum -y install cockpit sos cockpit-dashboard cockpit-storaged
    mkdir -p /etc/systemd/system/cockpit.socket.d/
    echo -e "[Socket]\nListenStream=\nListenStream=$cockpit_port\n" > /etc/systemd/system/cockpit.socket.d/listen.conf
    systemctl daemon-reload
    systemctl enable --now cockpit.socket
    


    centos7-cockpit-00.png

    Cockpit's Machines listing of CentOS 7 primary server and added access to CentOS 8 remote server

    centos7-cockpit-01.png centos7-cockpit-02.png

    Cockpit remote server access to CentOS 8 server from CentOS 7 reported YUM updates - looks like CentOS 8 includes a compat-openssl10 YUM package for backwards compatibility to OpenSSL 1.0.2o as some packages may not support CentOS 8's OpenSSL 1.1.1 version. Oh yes playing with Percona MySQL 8 and Remi YUM repositories on CentOS 8 :)

    centos7-cockpit-03.png

    Cockpit web terminal SSH access to CentOS 7 server initial login to Centmin Mod LEMP stack server

    centos7-cockpit-04.png

    Centmin Mod LEMP stack's cminfo top output in web terminal which shows Centmin Mod server statistics :)

    centos7-cockpit-05.png centos7-cockpit-06.png centos7-cockpit-07.png centos7-cockpit-08.png
     
  7. eva2000

    eva2000 Administrator Staff Member

    44,426
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,696
    Local Time:
    3:15 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Yeah I guess depends on what you need in a web gui. I can see web gui based terminal SSH access might come in handy for some folks - though scary to think if not secured properly, you'd be opening up access to hackers or potential compromise of your server ! You can lock it down to a different custom TCP port and IP access I suppose. Or just enable cockpit service via proper SSH access only when you need to and disable/stop cockpit service when you don't need it.

    Actually, thinking about it, it isn't that bad for Centmin Mod LEMP stack servers as by default they use CSF Firewall and it blocks cockpit's default port 9090 from access. When you initially install Centmin Mod LEMP stack, CSF Firewall whitelists the user's ISP ip automatically so you can access cockpit web gui without needing to open port 9090 to the public internet. So I guess you're almost as secure as traditional SSH client access/login seeing as you use same system linux users to login to Cockpit web gui. But danger is some folks to troubleshoot issues are disabling CSF Firewall, which then could open up access - though it shouldn't as CSF Firewall is only place underlying iptables has whitelisted ports.
     
  8. rdan

    rdan Well-Known Member

    4,940
    1,179
    113
    May 25, 2014
    Ratings:
    +1,787
    Local Time:
    1:15 PM
    Mainline
    10.2
    Documentation about this 3?
    Thanks!
     
  9. eva2000

    eva2000 Administrator Staff Member

    44,426
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,696
    Local Time:
    3:15 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    what no google-fu ? :)
     
  10. rdan

    rdan Well-Known Member

    4,940
    1,179
    113
    May 25, 2014
    Ratings:
    +1,787
    Local Time:
    1:15 PM
    Mainline
    10.2
    This is now included on CentOS 8.1 DigitalOcean Image.
    Or maybe included on default CentOS8?
     
  11. eva2000

    eva2000 Administrator Staff Member

    44,426
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,696
    Local Time:
    3:15 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  12. rdan

    rdan Well-Known Member

    4,940
    1,179
    113
    May 25, 2014
    Ratings:
    +1,787
    Local Time:
    1:15 PM
    Mainline
    10.2
    It's default installed on DO Centos 8.1.
     
  13. eva2000

    eva2000 Administrator Staff Member

    44,426
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,696
    Local Time:
    3:15 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    check if yum history list shows cockpit being installed at some point in the life of server or was it baked into the image
    Code (Text):
    yum history list cockpit
     
  14. rdan

    rdan Well-Known Member

    4,940
    1,179
    113
    May 25, 2014
    Ratings:
    +1,787
    Local Time:
    1:15 PM
    Mainline
    10.2
    I already destroy the droplet.
    I will check next time.