Home / Cockpit

Cockpit Web Console

Remote management, packageless sessions, HA cluster management, and VM administration.

Overview

Cockpit is a web-based server management interface. RHEL 10 includes Cockpit with enhanced features for cluster management and virtualization.

# Install Cockpit
sudo dnf install -y cockpit

# Enable and start
sudo systemctl enable --now cockpit.socket

# Open firewall
sudo firewall-cmd --permanent --add-service=cockpit
sudo firewall-cmd --reload

# Access at https://server:9090
# Login with system user credentials

Cockpit Packages

# Install additional Cockpit modules
sudo dnf install -y \
  cockpit-packagekit \
  cockpit-storaged \
  cockpit-machines \
  cockpit-podman \
  cockpit-sosreport

# HA cluster management
sudo dnf install -y cockpit-ha-cluster

# Reload after installing packages
sudo systemctl try-restart cockpit.socket

Packageless Sessions (RHEL 10)

RHEL 10 Cockpit supports packageless sessions, allowing you to connect to a remote host over SSH without installing Cockpit packages on it.

# Packageless mode connects over SSH without installing Cockpit on the remote host.
# Use with cockpit-ws for proxy/fleet access
sudo dnf install -y cockpit-ws
sudo systemctl enable --now cockpit-ws

HA Cluster Management

# Install HA cluster packages
sudo dnf install -y cockpit-ha-cluster pacemaker corosync pcs

# Configure PCS (Pacemaker/Corosync Configuration System)
sudo passwd hacluster

# On each cluster node, enable and start pcsd
sudo systemctl enable --now pcsd

# Authorize nodes to communicate
sudo pcs cluster auth node1 node2 node3

# Create cluster
sudo pcs cluster setup --name mycluster node1 node2 node3

# Start cluster on all nodes
sudo pcs cluster start --all
sudo pcs cluster enable --all

Virtual Machines

Cockpit Machines module provides a web UI for managing KVM/Libvirt VMs.

# Install required packages
sudo dnf install -y cockpit-machines libvirt-daemon qemu-kvm

# Start modular libvirt daemons
for drv in qemu network nodedev nwfilter secret storage interface; do
  systemctl start virt${drv}d{,-ro,-admin}.socket
done

# Cockpit Machines uses Polkit for authorization
# No group membership needed

# Access via https://server:9090/machines

Cockpit Security

# Restrict access to specific network
sudo firewall-cmd --permanent --zone=trusted --add-service=cockpit
sudo firewall-cmd --permanent --zone=trusted --add-source=10.0.0.0/8
sudo firewall-cmd --reload

# Configure TLS (cockpit uses self-signed cert by default)
# Place custom cert and key:
# /etc/cockpit/ws-certs.d/01-custom.cert

# Limit cockpit access via Polkit rules or sudoers
📚 Reference

Cockpit Project · RHEL 10 Cockpit Guide