Cockpit 0.95 Released

Cockpit releases every week. Here are the highlights from 0.90 through 0.95.

Set CPU performance profile via tuned

Cockpit can now talk to tuned and set the CPU performance profile of the system. Thanks to Ryan Barry for doing the initial prototype, and Jaroslav Škarvada for fixing up tuned to include profile descriptions.

iSCSI initiator support

The iSCSI support that Marius worked on with the storaged folks has finally landed in a Cockpit release. It was waiting on fixes in some dependencies. Have a look:

Support for WebSocket client in cockpit-bridge

In order to better talk to services like Kubernetes or the Atomic Docker Registry we’ve added WebSocket support to the cockpit-bridge. It can now connect to local WebSockets on the system.

But here’s an example of what you can do with that: The demo below shows GTK+ 3 apps running inside of Cockpit. GTK+ 3 supports HTML5 as a display mode, and Cockpit can wrap that in authentication and a real Linux login session:

Debian Source Packages

As a step towards working getting Cockpit into Debian we now create Debian source packages during our continuous delivery process. These end up here for now:

deb-src https://fedorapeople.org/groups/cockpit/debian-unstable ./

Content Security Policy

Because the Cockpit javascript code has as much access to the system as the logged in user, Cockpit needs to make sure that attackers cannot sneak in javascript code into the browser session.

Obviously we do this by escaping HTML output carefully and other best practices. But in addition to that we’ve started to deploy Content Security Policy.

If you’re unfamiliar with Content Security Policy it’s a bit like SELinux for a browser session. It tells the browser we explicitly don’t want to execute any code, styling or other resources that get loaded from Cockpit itself.

We haven’t turned on the strict policy for all of Cockpit yet, and we’re doing it component by component.

Fix cockpit-ws start while reading from /dev/urandom

Previously when there were interruptions during reading from /dev/urandom while starting cockpit-ws, then initialization would fail. This has now been fixed.

OAuth login support

Cockpit now has OAuth login support. It doesn’t exactly work out of the box for logging into a local Linux system, but it can be used to create custom dashboards or containers based on Cockpit components that use OAuth to authenticate.

See the documentation for more info.

Running RHEL QE Tests

When you open a Cockpit pull request, take a look at the test suites that are run against it.

This week we finished work to run the Cockpit RHEL QE tests upstream git pull request. Rather than catching issues on the backend of things, we’ll be ahead of the game.

Vagrant without NFS

Cockpit’s Vagrantfile used to use NFS to keep the git checkout in sync with the image. This caused many folks to have a hard time using Vagrant to hack on Cockpit, so the NFS stuff is now dropped. You can still bring up the vagrant VM as before:

$ sudo vagrant up

And then access Cockpit on https://localhost:9090

However if you make changes to the stuff in the git repo, you need to run an extra vagrant command before the running VM will pick it up:

$ sudo vagrant rsync

See HACKING.md in the git repo for more details.

Try it out

Cockpit 0.95 is available now: