cockpit客户端安装_如何在Ubuntu 18.04上安装Cockpit

cockpit客户端安装

This article was originally published on Alibaba Cloud. Thank you for supporting the partners who make SitePoint possible.

本文最初发表在阿里云上 。 感谢您支持使SitePoint成为可能的合作伙伴。

Cockpit is a server manager that makes it easy to administer your GNU/Linux servers via a web browser. It makes Linux discoverable, allowing sysadmins to easily perform tasks such as starting containers, storage administration, network configuration, inspecting logs and so on.

Cockpit是一个服务器管理器，可以通过Web浏览器轻松管理GNU / Linux服务器。 它使Linux变得可发现，从而使系统管理员可以轻松地执行任务，例如启动容器，存储管理，网络配置，检查日志等。

Cockpit provides convenient switching between the terminal and the web tool. A service started via Cockpit can be stopped via the terminal. Likewise, if an error occurs in the terminal, it can be seen in the Cockpit journal interface. Using Cockpit you can monitor and administer several servers at the same time. Just add it easily and your server will look after its buddies.

通过Cockpit，可以在终端和Web工具之间方便地进行切换。 通过Cockpit启动的服务可以通过终端停止。 同样，如果终端中发生错误，则可以在Cockpit日志界面中看到该错误。 使用Cockpit，您可以同时监视和管理多台服务器。 只需轻松添加它，您的服务器就会照顾好伙伴。

Cockpit is released under the LGPL v2.1+, and it is available for Redhat, CentOS, Debian, Ubuntu, Atomic, and Arch Linux. Cockpit is compatible and works well with Alibaba Cloud Elastic Compute Service (ECS) servers. In this tutorial, I will be installing Cockpit on an ECS with Ubuntu 18.04 LTS installed on it. Until Ubuntu 18.04 matures and is included in Alibaba Cloud’s library of operating system images, we can upgrade Ubuntu 16.04 to Ubuntu 18.04 by using the do-release-upgrade utility.

Cockpit是在LGPL v2.1 +下发布的，可用于Redhat，CentOS，Debian，Ubuntu，Atomic和Arch Linux。 Cockpit兼容并与阿里云弹性计算服务(ECS)服务器一起很好地工作。 在本教程中，我将在安装了Ubuntu 18.04 LTS的ECS上安装Cockpit。 在Ubuntu 18.04成熟并包含在阿里云的操作系统映像库中之前，我们可以使用do-release-upgrade实用程序将Ubuntu 16.04升级到Ubuntu 18.04 。

先决条件 (Prerequisites)

1. You must have Alibaba Cloud Elastic Compute Service (ECS) activated and verified your valid payment method. If you are a new user, you can get a free account in your Alibaba Cloud account. If you don’t know about how to setup your ECS instance, you can refer to this tutorial or quick-start guide.

   您必须激活阿里云弹性计算服务(ECS)并验证您的有效付款方式。 如果您是新用户，则可以在阿里云帐户中获得一个免费帐户。 如果您不知道如何设置ECS实例，可以参考本教程或快速入门指南 。

2. You should set up your server’s hostname.

   您应该设置服务器的主机名。

3. Access to VNC console in your Alibaba Cloud or SSH client installed in your PC.

   访问您的阿里云中的VNC控制台或安装在PC中的SSH客户端。

After completing the prerequisites, log in as root user with your root username & password via SSH client (e.g. Putty) or VNC console available in your Alibaba Cloud account dashboard.

完成前提条件后，通过SSH客户端(例如Putty)或阿里云帐户信息中心中可用的VNC控制台，以root用户名和密码以root用户身份登录。

在Ubuntu 18.04上安装Cockpit (Install Cockpit on Ubuntu 18.04)

Cockpit is included in Ubuntu 18.04, so you can just use apt command to install it.

Cockpit包含在Ubuntu 18.04中，因此您可以使用apt命令进行安装。

sudo apt update

sudo apt update

Install the Cockpit package.

安装Cockpit软件包。

sudo apt -y install cockpit

sudo apt -y install cockpit

Start and enable the Cockpit.

启动并启用驾驶舱。

sudo systemctl start cockpit.socket
sudo systemctl enable cockpit.socket

与驾驶舱一起工作 (Working with Cockpit)

Once you start the Cockpit service, it will start listening on port 9090. Now, open up your browser and navigate it to below URL.

启动Cockpit服务后，它将开始在端口9090上侦听。现在，打开浏览器并将其导航到以下URL。

https://ip-address:9090

https://ip-address:9090

Cockpit uses a self-signed SSL certificate for secure communication. So, you need to add an exception in your browser to access the Cockpit.

驾驶舱使用自签名SSL证书进行安全通信。 因此，您需要在浏览器中添加一个例外来访问Cockpit。

Log in with your local user account. In my case it is gqadir.

使用您的本地用户帐户登录。 以我为例，它是gqadir。

If the user is a non-privileged user and has sudo access, then tick mark Reuse my password for privileged tasks.

如果该用户是非特权用户，并且具有sudo访问权限，请在“将我的密码用于特权任务”上打勾。

We must now insert our credentials in the related input fields and click on the Log In button. Once logged in we will be redirected to the main cockpit page:

现在，我们必须将凭据插入相关的输入字段中，然后单击“ 登录”按钮。 登录后，我们将被重定向到主座舱页面：

Let’s take a look at it. The main page section shows us some information about the machine we are running on, as the hardware, hostname, operating system and system time. In this case I am running Ubuntu on a virtual machine, therefore the value of the hardware section is QEMU Standard Pc.

让我们来看看它。 主页部分向我们显示了有关正在运行的计算机的一些信息，例如硬件 ， 主机名 ， 操作系统和系统时间 。 在这种情况下，我在虚拟机上运行Ubuntu，因此，硬件部分的值为QEMU Standard Pc 。

We also have a dropdown menu which let us perform a power option on the system as restart or shutdown. On the right we can see some graphs which let us monitoring crucial system activities, in order: CPU and memory usage, disk activity and network traffic.

我们还有一个下拉菜单，可让我们在系统上执行电源选项作为重新启动或关闭。 在右侧，我们可以看到一些图形，这些图形使我们可以按顺序监视​​关键的系统活动：CPU和内存使用率，磁盘活动和网络流量。

日志部分 (The Logs Section)

In the left column menu, just below the system section, we can click on logs to access to the page dedicated to system logs. Here, at the top of the page, we have two nice menus which let us filter the logs by period of time and severity, choosing between problems, notices, warnings and errors.

在系统部分正下方的左列菜单中，我们可以单击日志以访问专用于系统日志的页面。 在此页面的顶部，我们有两个漂亮的菜单，这些菜单使我们可以按时间段和严重性过滤日志，在问题 ， 通知 ， 警告和错误之间进行选择。

To access detailed information about a log message, all we have to do is to click on the corresponding row: we will be redirected to a page containing the log details.

要访问有关日志消息的详细信息，我们要做的就是单击相应的行：我们将被重定向到包含日志详细信息的页面。

储存部 (The Storage Section)

Proceeding further, we have the storage session. Here we have some graphs displaying disks reading and writing activities, and immediately after a status bar indicating the filesystems usage amount. We have also the option to easily add NFS Mounts and Raid Devices.

进一步，我们有存储会话。 在这里，我们有一些图形显示磁盘的读写活动，并且在状态栏后面紧跟着指示文件系统使用量的状态。 我们还可以选择轻松添加NFS挂载和RAID设备 。

We could inspect a specific drive by clicking on the related section on the right in the Drives box: we will also be able to create a new partition table (if some conditions are respected – the disk must not be mounted, for example) on the specified drive: the operation will erase all the data on it.

我们可以通过单击“ 驱动器”框中右侧的相关部分来检查特定的驱动器 ：我们还将能够在驱动器上创建一个新的分区表(如果满足某些条件，例如，不得安装磁盘)。指定的驱动器：该操作将擦除其上的所有数据。

网络部分 (The Network Section)

In the section dedicated to network monitoring and administration, it’s possible to observe graphs about sent and received packets for each interface, and network activity in general. Details about an interface, such as its MAC address are visible by clicking on an interface row: here we also have the chance to enable or disable said interface. It’s also possible to easily add a bond, a bridge or a vlan using the dedicated buttons. On the bottom of the page the network logs are shown.

在专门用于网络监视和管理的部分中，可以观察有关每个接口的已发送和已接收数据包以及总体网络活动的图表。 通过单击接口行，可以看到有关接口的详细信息(例如其MAC地址) ：在这里，我们还可以启用或禁用该接口。 也可以使用专用按钮轻松添加bond ， bridge或vlan 。 在页面底部显示网络日志。

帐户和服务科 (The Accounts and Services Sections)

The last two available sections are about accounts and services management. In the former we can very easily create, delete or obtain information about the users available on the system. By clicking on a specific user section we will have the option to change its password, lock its account and even add authorized public ssh keys:

最后两个可用部分是有关帐户和服务管理的。 在前者中，我们可以非常轻松地创建，删除或获取有关系统上可用用户的信息。 通过单击特定的用户部分，我们可以选择更改其密码，锁定其帐户，甚至添加授权的公共ssh密钥 ：

In the services section, we will be presented with an overview of system daemons and targets. The web interface grants us the ability to start, stop, enable or disable each service, showing us its current state. Thanks to cockpit, we can also easily manage systemd targets (the equivalent of classic system runlevels), sockets and timers.

在服务部分，我们将向您提供系统守护程序和目标的概述。 Web界面使我们能够启动，停止，启用或禁用每个服务，从而向我们显示其当前状态。 多亏了cockpit，我们还可以轻松管理系统目标 (相当于经典系统运行级别)， 套接字和计时器 。

Let’s now look at how we can configure Cockpit for our applications.

现在让我们看一下如何为应用程序配置Cockpit。

1.座舱配置文件– cockpit.conf (1. Cockpit Configuration File – cockpit.conf)

Cockpit can be configured via /etc/cockpit/cockpit.conf. That file has an INI file syntax and thus contains key / value pairs, grouped into topical groups. See the examples below for details.

可以通过/etc/cockpit/cockpit.conf来配置/etc/cockpit/cockpit.conf 。 该文件具有INI文件语法，因此包含分为主题组的键/值对。 有关详细信息，请参见下面的示例。

Note: The port that cockpit listens on cannot be changed in this file. To change the port change the systemd cockpit.socket file.

注意：在此文件中不能更改座舱监听的端口。 要更改端口，请更改systemd cockpit.socket文件。

网络服务 (WebService)

Origins

起源

By default, cockpit will not accept crossdomain websocket connections. Use this setting to allow access from alternate domains. Origins should include scheme, host and port, if necessary.

默认情况下，座舱将不接受跨域Websocket连接。 使用此设置可以允许来自备用域的访问。 必要时，来源应包括方案，主机和端口。

[WebService]
 Origins = https://somedomain1.com  
 https://somedomain2.com:9090

ProtocolHeader

协议头

Configure cockpit to look at the contents of this header to determine if a connection is using tls. This should only be used when cockpit is behind a reverse proxy, and care should be taken to make sure that incoming requests cannot set this header.

配置座舱以查看此标头的内容，以确定连接是否正在使用tls。 仅当驾驶舱位于反向代理之后时才应使用此选项，并且应注意确保传入请求不能设置此标头。

[WebService]
 ProtocolHeader = X-Forwarded-Proto

LoginTitle

登录标题

Set the browser title for the login screen.

设置登录屏幕的浏览器标题。

LoginTo

登录到

When set to true the Connect to option on the login screen is visible and allows logging into another server. If this option is not specified then it will be automatically detected based on whether the cockpit-ssh process is available or not.

设置为true时，登录屏幕上的“连接到”选项可见，并允许登录到另一台服务器。 如果未指定此选项，则将根据是否可以使用cockpit-ssh进程来自动检测到它。

RequireHost

RequireHost

When set to true cockpit will require users to use the Connect to option to specify the host to log into.

设置为true时，座舱将要求用户使用“连接到”选项来指定要登录的主机。

MaxStartups

MaxStartups

Same as the sshd configuration option by the same name. Specifies the maximum number of concurrent login attempts allowed. Additional connections will be dropped until authentication succeeds or the connections are closed. Defaults to 10.

与sshd配置选项相同，但名称相同。 指定允许的最大并发登录尝试次数。 其他连接将被丢弃，直到身份验证成功或连接关闭。 默认为10

Alternatively, random early drop can be enabled by specifying the three colon separated values start:rate:full (e.g. “10:30:60”). Cockpit will start refusing authentication attempts with a probability of rate/100 (30%) if there are currently start (10) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches full (60).

或者，可以通过指定三个冒号分隔的值start：rate：full (例如“ 10:30:60”)来启用随机提前删除。 座舱将开始拒绝认证尝试用率/ 100(30％)的概率，如果有当前正在开始 (10)未认证的连接。 如果未认证的连接数已满 (60)，则概率呈线性增加，并且所有连接尝试都将被拒绝。

AllowUnencrypted

允许未加密

If true, cockpit will accept unencrypted HTTP connections. Otherwise, it redirects all HTTP connections to HTTPS. Exceptions are connections from localhost and for certain URLs (like /ping ). Defaults to false.

如果为true，则cockpit将​​接受未加密的HTTP连接。 否则，它将所有HTTP连接重定向到HTTPS。 来自本地主机和某些URL(例如/ ping )的连接是例外。 默认为false。

UrlRoot

网址根

The root URL where you will be serving cockpit. When provided cockpit will expect all requests to be prefixed with the given url. This is mostly useful when you are using cockpit behind a reverse proxy, such as nginx. /cockpit/ and /cockpit+ are reserved and should not be used. For example /cockpit-new/ is ok. /cockpit/ and /cockpit+new/ are not.

您将在座舱中服务的根URL。 如果提供了座舱，则将期望所有请求都以给定的url作为前缀。 当您在反向代理(例如nginx)后面使用座舱时，这最有用。 / cockpit /和/ cockpit +是保留的，不应使用。 例如/ cockpit-new /是可以的。 / cockpit /和/ cockpit + new /不是。

记录 (Log)

Fatal

致命

The kind of log messages in the bridge to treat as fatal. Separate multiple values with spaces. Relevant values are: criticals and warnings.

桥中的那种日志消息被视为致命的。 用空格分隔多个值。 相关值是：严重和警告。

OAuth (OAuth)

Cockpit can be configured to support the implicit grant OAuth authorization flow. When successful the resulting oauth token will be passed to cockpit-ws using the Bearer auth-scheme. For a login to be successful, cockpit will also need to be configured to verify and allow Bearer tokens.

可以将驾驶舱配置为支持隐式授予OAuth授权流程。 成功后，将使用Bearer auth-scheme将所得的oauth令牌传递到cockpit-ws。 为了成功登录，还需要将座舱配置为验证并允许Bearer令牌。

URL

网址

This is the url that cockpit will redirect the users browser to when it needs to obtain an oauth token. Cockpit will add a redirect_uri parameter to the url with the location of where the oauth provider should redirect to once a token has been obtained.

这是cockpit在需要获取oauth令牌时会将用户浏览器重定向到的URL。 Cockpit将​​在URL中添加一个redirect_uri参数，以及获得令牌后oauth提供者应重定向到的位置。

ErrorParam

错误参数

When an oauth provider redirects a user back to cockpit, look for this parameter in the querystring or fragment portion of the url to find an error message. When not provided it will default to error_description.

当oauth提供者将用户重定向回座舱时，请在URL的querystring或fragment部分中查找此参数以查找错误消息。 如果未提供，则默认为error_description 。

TokenParam

令牌参数

When an oauth provider redirects a user back to cockpit, look for this parameter in the querystring or fragment portion of the url to find the access token. When not provided it will default to access_token.

当oauth提供者将用户重定向回座舱时，请在URL的查询字符串或片段部分中查找此参数以查找访问令牌。 如果未提供，则默认为access_token 。

2.座舱Web服务– cockpit-ws (2. Cockpit Web Service – cockpit-ws)

The cockpit-ws program is the web service component used for communication between the browser application and various configuration tools and services like cockpit-bridge(8).

cockpit-ws程序是Web服务组件，用于在浏览器应用程序与各种配置工具和服务(例如cockpit-bridge(8))之间进行通信。

Users or administrators should never need to start this program as it automatically started by systemd(1) on bootup.

用户或管理员永远不需要启动该程序，因为它是在启动时由systemd(1)自动启动的。

cockpit-ws [--help] [--port PORT] [--no-tls] [--local-ssh] [--address ADDRESS]

cockpit-ws [--help] [--port PORT] [--no-tls] [--local-ssh] [--address ADDRESS]

运输安全 (Transport Security)

To specify the TLS certificate the web service should use, simply drop a file with the extension .cert in the /etc/cockpit/ws-certs.d directory. If there are multiple files in this directory, then the highest priority one is chosen after sorting.

要指定Web服务应使用的TLS证书，只需将扩展名为.cert的文件放在/etc/cockpit/ws-certs.d目录中。 如果此目录中有多个文件，则排序后将选择优先级最高的文件。

The .cert file should contain at least two OpenSSL style PEM blocks. First one or more BEGIN CERTIFICATE blocks for the server certificate and intermediate certificate authorities and a last one containing a BEGIN PRIVATE KEY or similar. The key may not be encrypted.

.cert文件应至少包含两个OpenSSL样式的PEM块。 服务器证书和中间证书颁发机构的第一个或多个BEGIN CERTIFICATE块，最后一个包含BEGIN PRIVATE KEY或类似证书的块。 密钥可能未加密。

If there is no TLS certificate, a self-signed certificate is automatically generated using openssl and stored in the 0-self-signed.cert file.

如果没有TLS证书，则使用openssl自动生成自签名证书，并将其存储在0-self-signed.cert文件中。

When enrolling into a FreeIPA domain, an SSL certificate is requested from the IPA server and stored in 10-ipa.cert.

当注册到FreeIPA域时，会向IPA服务器请求SSL证书并将其存储在10-ipa.cert中 。

To check which certificate cockpit-ws will use, run the following command.

要检查cockpit-ws将使用哪个证书，请运行以下命令。

$ sudo remotectl certificate

$ sudo remotectl certificate

If using certmonger to manage certificates, following command can be used to automatically prepare concatenated .cert file:

如果使用certmonger管理证书，则可以使用以下命令自动准备级联的.cert文件：

CERT_FILE=/etc/pki/tls/certs/$(hostname).pem
 KEY_FILE=/etc/pki/tls/private/$(hostname).key

 getcert request -f ${CERT_FILE} -k ${KEY_FILE} -D $(hostname --fqdn) –
 C "sed -n w/etc/cockpit/ws-certs.d/50-from-certmonger.cert 
 ${CERT_FILE} ${KEY_FILE}"

超时 (Timeout)

When started via systemd(1) then cockpit-ws will exit after 90 seconds if nobody logs in, or after the last user is disconnected.

通过systemd(1)启动时，如果没有人登录，则在90秒后或最后一个用户断开连接后，cockpit-ws将退出。

选件 (Options)

环境 (Environment)

The cockpit-ws process will use the XDG_CONFIG_DIRS environment variable from the XDG basedir spec to find its cockpit.conf(5) configuration file.

cockpit-ws进程将使用基于XDG的ir规范中的XDG_CONFIG_DIRS环境变量来查找其cockpit.conf(5)配置文件。

In addition the XDG_DATA_DIRS environment variable from the XDG basedir spec can be used to override the location to serve static files from. These are the files that are served to a non-logged in user.

此外，基于XDG的规范中的XDG_DATA_DIRS环境变量可用于覆盖从中提供静态文件的位置。 这些是提供给未登录用户的文件。

3.远程访问配置– remotectl (3. Remote Access Configuration – remotectl)

The remotectl program will configure remote access to the system. Currently it manages cockpit’s SSL certificate.

remotectl程序将配置对系统的远程访问。 目前，它管理驾驶舱的SSL证书。

remotectl {COMMAND} [OPTIONS...]

remotectl {COMMAND} [OPTIONS...]

指令 (Commands)

Certificate

证书

Manage Cockpit’s SSL certificate. If used without options will check if cockpit has a valid certificate without making any changes.

管理驾驶舱的SSL证书。 如果不带选项使用，则将检查驾驶舱是否具有有效证书，而不进行任何更改。

–ensure Ensure that a certificate exists and can be loaded. Certificate will be created if it does not already exist.

–确保确保证书存在并且可以加载。 如果证书不存在，将创建该证书。

–user username The unix user that should own the certificate. Only takes effect if used with –ensure.

–user username应该拥有证书的Unix用户。 仅在与–ensure一起使用时才生效 。

–group groupname The unix group that should read the certificate. Only takes effect if used with –ensure.

–group groupname应该读取证书的UNIX组。 仅在与–ensure一起使用时才生效 。

If any additional arguments are given, they are treated as files that should be combined to create a certificate file. If the combined files validate, they will be saved in the appropriate location using the name of the first file given with the extension changed to .cert. For example:

如果提供了任何其他参数，则将它们视为应组合以创建证书文件的文件。 如果合并的文件通过验证，它们将使用扩展名更改为.cert的第一个文件的名称保存在适当的位置。 例如：

remotectl certificate server.pem chain.pem key.pem

remotectl certificate server.pem chain.pem key.pem

will result in server.cert. If server.cert already exists it will be overwritten.

将导致server.cert 。 如果server.cert已经存在，它将被覆盖。

选件 (Options)

4.驾驶舱主桥–驾驶舱桥 (4. Cockpit Host Bridge – cockpit-bridge)

The cockpit-bridge program is used by Cockpit to relay messages and commands from the Web front end to the server. Among other things it relays DBus, and spawns processes on behalf of the Web user interface.

Cockpit使用cockpit-bridge程序将消息和命令从Web前端中继到服务器。 除其他外，它中继DBus，并代表Web用户界面生成进程。

This program is not routinely run by users or administrators. It is in the $PATH so that Cockpit can find it when connecting between hosts. However there are some diagnostics available when running from the command line.

用户或管理员通常不会运行此程序。 它位于$ PATH中，以便Cockpit在主机之间连接时可以找到它。 但是，从命令行运行时，可以使用一些诊断程序。

cockpit-bridge [--help] [--packages]

cockpit-bridge [--help] [--packages]

选件 (Options)

结论 (Conclusion)

Although not a full substitute for the command line, Cockpit gives us the opportunity to have a nice graphical overview of the core components and overall status of a machine. Multiple machines can be managed, by adding them to the main Cockpit server, that is the machine on which the service it’s running on. Daily tasks are easily accomplished through the web interface we just took a tour of: try it, it could make your life easier!

尽管不能完全替代命令行，但Cockpit使我们有机会获得有关核心组件和计算机总体状态的漂亮图形概述。 通过将多台计算机添加到主Cockpit服务器(即运行其服务的计算机)，可以对其进行管理。 通过我们刚刚浏览过的Web界面，可以轻松完成日常任务：尝试一下，它可以使您的生活更轻松！

翻译自: https://www.sitepoint.com/how-to-install-cockpit-on-ubuntu-18-04/

cockpit客户端安装