Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

Cockpit: Your entrypoint to the Containers Management World

November 15, 2016
Alessandro Arrichiello
Related topics:
ContainersLinux
Related products:
Red Hat Enterprise Linux

Share:

    Containers are one of the top trend today. Starting working or playing with them could be really hard also if you've well understood the theory at their base.

    With this article I'll try to show you some useful tips and tricks to start into containers world, thanks also to the great web interface provided by the Cockpit project.

    cockpit--capture-15-cockpit-project-http___cockpit-project-org_

    Cockpit overview

    Cockpit is an interactive server admin interface.  You'll find below some a of its great features:

    • Cockpit comes “out of the box” ready for the admin to interact with the system immediately, without installing stuff, configuring access controls, making choices, etc.
    • Cockpit has (as near as makes no difference) zero memory and process footprint on the server when not in use. The job of a server is not to show a pretty UI to admins, but to serve stuff to others. Cockpit starts on demand via socket activation and exits when not in use.
    • Cockpit does not take over your server in such a way that you can then only perform further configuration in Cockpit.
    • Cockpit itself does not have a predefined template or state for the server that it then imposes on the server. It is imperative configuration rather than declarative configuration.
    • Cockpit dynamically updates itself to reflect the current state of the server, within a time frame of a few seconds.
    • Cockpit is firewall friendly: it opens one port for browser connections: by default that is 9090.
    • Cockpit can look different on different operating systems, because it’s the UI for the OS, and not a external tool.
    • Cockpit is pluggable: it allows others to add additional UI pieces.

    Cockpit docker

    Cockpit can manage containers via docker. This functionality is present in the Cockpit docker package.

    Cockpit communicates with docker via its API via the /var/run/docker.sock unix socket. The docker API is root equivalent, and on a properly configured system, only root can access the docker API. If the currently logged in user is not root then Cockpit will try to escalate the user's privileges via Polkit or sudo before connecting to the socket.

    Alternatively you may create a docker unix group. Anyone in that docker group can then access the docker API, and gain root privileges on the system.

    Cockpit version

    Cockpit project is highly under development, to follow this how-to without incurring in to issue I suggest you to start at least from version 0.117. Starting from this version, it was introduced docker-storage feature. You'll find this version from Fedora 24 and RHEL 7.3.

    Cockpit Installation

    You've two methods for running cockpit on your system:

    1. Standard installation through package manager
    2. Containerized version (for Atomic Host)

    I know, this may sound weird: a running container that actually manage other containers. But it works well!

    Prerequisites

    Following this how-to requires you to have a working docker daemon running on your system.

    Cockpit Installation via Package Manager

    The installation is quite simple, as any other standard package.

    On Fedora you can install it via dnf:

    # dnf install cockpit cockpit-docker

    On RHEL7 via yum:

    # subscription-manager repos --enable rhel-7-server-extras-rpms
    # yum install cockpit cockpit-docker

    After that you can easily enable and start the cockpit service:

    # systemctl enable cockpit.service
    # systemctl start cockpit.service
    

    Cockpit Container on Atomic Host

    Cockpit container for docker is available through the standard docker's distribution channel: DockerHub.

    Supposing you've already configured (as required in prerequisite section) docker, you can pull and run a Cockpit containerized daemon via:

    # atomic run docker.io/cockpit/ws

    In case you're on Red Hat Atomic Host system, you can use the container provided by Red Hat Registry: "rhel7/cockpit-ws":

    # atomic run registry.access.redhat.com/rhel7/cockpit-ws

     

    Cockpit First Login and Containers plugin

    Once started, Cockpit Web Service listens by default on the host port 9090. Browse to address https://server_ip:9090

    Please note: In the next steps I'll proceed using a Red Hat Enterprise Linux 7.3 system.

    You can find below the login page, you can easily access it with any available user in the host:

    cockpit-1-rhel73test-local-https___192-168-121-43_9090_

    I'll proceed with root login, but as I wrote before you'll be able any other user with the right privileges for interacting with docker.

    cockpit-capture-2-system-192-168-121-43-https___192-168-121-43_9090_system

    As you can see, the welcome page reports various performance infos on the running system.

    Without entering in details of all the many Cockpit's features, just click on "Containers" link on the left bar.

    cockpit-capture-4-containers-192-168-121-43-https___192-168-121-43_9090_docker

    The Containers page shows an overview of the current docker's state.

    You have in this page all the features you need for managing your containers: managing docker formatted images and containers. In the next section I'll show you a real use case example.

     

    WordPress Example Deployment

    In this section I'll show you how to manage a WordPress deployment with two containers:

    • Web server -> wordpress:latest
    • MariaDB server -> mariadb:latest

    First of all we need to get these two docker formatted images. We can search for them through the "Get new image" button and submitting keywords: "wordpress" first and "mariadb" then.

    cockpit-capture-7-containers-192-168-121-43-https___192-168-121-43_9090_docker

    At end of downloads you'll find the list of images under the respective frame:

    cockpit-capture-8-containers-192-168-121-43-https___192-168-121-43_9090_docker

    We're ready to launch them, anyway we need one further step before: creating persistent volumes to attach at running containers.

    Access to the running system and create two folder under /mnt/pv:

    # mkdir -p /mnt/pv/wordpress
    # mkdir -p /mnt/pv/mariadb

    Now click on the "Play" button on the mariadb's docker image row and start filling the form's required field.

    cockpit-capture-10-containers-192-168-121-43-https___192-168-121-43_9090_docker

    • Uncheck the "Expose container ports" checkbox (we don't need to expose mariadb port, this container should be connected only to the webserver)
    • Add another value/row under the default volume's row (leaving the first as-is): "/var/lib/mysql:Z" -> "/mnt/pv/mariadb"
      • We need to create a new value/raw because we need to inform docker that we're using SELinux and we want it set the right SELinux context just before attaching the volume to the container (this is why we've added ":Z" to the "mysql" path)
      • In case you've disabled SELinux you can skip the second value/row adding
    • Add all the required container's environment variables:
      • MYSQL_ROOT_PASSWORD
      • MYSQL_DATABASE
      • MYSQL_USER
      • MYSQL_PASSWORD
    • Restart policy: always

    At the end we'll see a row under the Running Containers frame, after clicking on it, we'll see a detailed overview of the running container:

    cockpit-capture-11-containers-192-168-121-43_-https___192-168-121-43_9090_docker

    We can now proceed running the second container: wordpress. Press the "Play" button and start compiling the form requested values.

    cockpit-capture-12-containers-192-168-121-43-https___192-168-121-43_9090_docker

    • Check the "Link to another container" checkbox, select the name of the mariadb container and give it an alias ("mariadb" for example)
    • Expose container port "80" -> "8080"
    • Add another value/row under the default volume's row (leaving the first un-edited): "/var/www/html:Z" -> "/mnt/pv/wordpress"
      • We need to create a new value/raw because we need to inform docker that we're using SELinux and we want it set the right SELinux context just before attaching the volume to the container (this is why we've added ":Z" to the "mysql" path)
      • In case you've disabled SELinux you can skip the second value/row adding
    • Add all the required container's environment variables:WORDPRESS_DB_HOST -> mariadb
      • WORDPRESS_DB_USER -> wordpress       (Chosen during the configuration of the mariadb container)
      • WORDPRESS_DB_PASSWORD -> *****    (Chosen during the configuration of the mariadb container)
      • WORDPRESS_DB_NAME -> wordpress      (Chosen during the configuration of the mariadb container)
    • Restart policy: always

    At the end we'll see a new row under the Running Containers frame, after clicking on it, we'll see a detailed overview of the running container:

    cockpit-capture-13-containers-192-168-121-43_-https___192-168-121-43_9090_docker

    As you can see all should worked fine, the wordpress container is running.

    Let's check if the persistent volumes are currently used by containers:

    # ls /mnt/pv/
     mariadb/ wordpress/
    
    # ls /mnt/pv/mariadb/
     aria_log.00000001 aria_log_control ibdata1 ib_logfile0 ib_logfile1 multi-master.info mysql performance_schema tc.log wordpress
    
    # ls /mnt/pv/wordpress/
     index.php readme.html wp-admin wp-comments-post.php wp-config-sample.php wp-cron.php wp-links-opml.php wp-login.php wp-settings.php wp-trackback.php
     license.txt wp-activate.php wp-blog-header.php wp-config.php wp-content wp-includes wp-load.php wp-mail.php wp-signup.php xmlrpc.php

     

    We can try browsing to the url: http://your_server_ip:8080, you should see a webpage like the following:

    cockpit-capture-14-wordpress-installation-http___192-168-121-43_8080_wp-admin_install-php

    If you see the welcome page of WordPress, all is ok and your containerized LAMP is working fine!

    Doubts or troubles? Comment!

     

    About Alessandro

    Alessandro

    Alessandro Arrichiello is a Platform Consultant for Red Hat Inc. He has a passion for GNU/Linux systems, that began at age 14 and continues today.
    He worked with tools for automating Enterprise IT: configuration management and continuous integration through virtual platforms.
    He's now working on distributed cloud environment involving PaaS (OpenShift), IaaS (OpenStack) and Processes Management (CloudForms),
    Containers building, instances creation, HA services management, workflows build.

     
    Last updated: September 8, 2023

    Recent Posts

    • How to run AI models in cloud development environments

    • How Trilio secures OpenShift virtual machines and containers

    • How to implement observability with Node.js and Llama Stack

    • How to encrypt RHEL images for Azure confidential VMs

    • How to manage RHEL virtual machines with Podman Desktop

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue