Wednesday, August 13, 2014

D-Bus is powerful IPC

Cockpit is heavily built around DBus. We send DBus over our WebSocket transport, and marshal them in JSON.

DBus is powerful, with lots of capabilities. Not all projects use all of these, but so many of these capabilities are what allow Cockpit to implement its UI.

  • Method Call Transactions
  • Object Oriented
  • Efficient Signalling
  • Properties and notifications
  • Race free watching of entire Object trees for changes
  • Broadcasting
  • Discovery
  • Introspection
  • Policy
  • Activation
  • Synchronization
  • Type-safe Marshalling
  • Caller Credentials
  • Security
  • Debug Monitoring
  • File Descriptor Passing
  • Language agnostic
  • Network transparency
  • No trust required
  • High-level error concept
  • Adhoc type definitions
Lennart goes into these further in a kdbus talk, as well as some of the weaknesses of DBus.

Tuesday, June 24, 2014

Cockpit has Docker pull support

Cockpit 0.12 now has support for pulling Docker images from the Docker registry.


Unfortunately Docker doesn't have support for cancelling the pull of an image. So that sort of hampers the UI a bit. At least for now.

Friday, June 20, 2014

Cockpit Simple Networking Configuration

Cockpit 0.11 now has an all new simple Networking UI. Still some work to do, but it's coming together. You can see it here:


Monday, May 5, 2014

How to join Active Directory domains with a One Time Password

realmd and adcli allow you to join a domain with a one time password.

That is: a domain administrator can prepare a one time password, and that one time password can later be used (usually by someone else) to join a specific computer to the domain.

FreeIPA supports this natively. But adcli also accomplishes this for Active Directory domains. People have been asking how that happens.

Each computer in an Active Directory domain has a computer account. Each computer account has a computer password. Normally this password is randomly generated while joining the domain.

When you choose the Reset Password option in the Active Directory UI, this password is set to a predictable string, which is just the computer account name in lower case (ie: samAccountName without the dollar sign).


Since computer accounts can (by default) change their own account passwords, reseting a computer account allows anyone to claim the computer account, by changing its password from this known password to a generated one.

realmd takes advantage of the above, and will automatically join a domain if the relevant computer account has been reset.

In addition adcli has a preset-computer mode which allows an administrator to generate a new computer account, and set its paswsord to a one time use password.

$ adcli preset-computer --domain=ad.example.com \
--one-time-password=ThisIsthe1xPass computer1.example.com
Password for Administrator@AD.EXAMPLE.COM:
computer-name: COMPUTER1

This one time password can later be used with realmd to have it join the computer account, like so:

$ hostname
computer1.example.com
$ realm join --one-time-password=ThisIsthe1xPass ad.example.com

Or you can use this one time password with kickstart, as shown here:


Friday, April 25, 2014

Cockpit does Docker

Here's a short video showing how Cockpit manages Docker containers. Cockpit is in RHEL branding here, but it's basically the same thing as you get from cockpit-project.org



This UI is going to be refined somewhat, but it's nice to see things coming together.

Tuesday, April 22, 2014

Cockpit has a terminal

Cockpit 0.5 now has a nice terminal in a web browser. AKA term.js is awesome.


Thursday, February 13, 2014

Introducing Cockpit

Gave a talk at DevConf in Brno about the project a bunch of us have been working on: Cockpit. It's a UI for Linux Servers. Currently in the prototype stage...


Hopefully there'll be a video of the talk available soon. You can try out the Cockpit prototype in Fedora like so:

 # yum install --enablerepo=updates-testing cockpit
 # setenforce 0 # issue 200
 # systemctl enable cockpit-ws.socket
 $ xdg-open http://localhost:21064

Don't run this on a system you care about (yet). Sorry about the certificate warning. Groan ... I know ... working on that.

Needless to say I'm excited about where this is going...