How To install & configure Cockpit Server Manager in CentOS Stream 9

On Oracle Linux systems with non-minimal installations, the cockpit package is included by default. Otherwise, you can manually install Cockpit. In either case, running the following command ensures that the package is installed and is up to date.

$sudo dnf install cockpit

Enable and start the Cockpit service

To enable and start the Cockpit service, so that you can start accessing it immediately and so that it starts automatically after a reboot, run the following command:

$sudo systemctl enable --now cockpit.socket

$sudo systemctl status cockpit

Configure Firewall Rules (Optional)

If you are using a custom firewall profile, or an Oracle Cloud Infrastructure instance, open the firewall port for the web console (9090).

To enable the firewall port for the cockpit service and reload the default firewall service on Oracle Linux, run:

$sudo firewall-cmd --add-service=cockpit --permanent

$sudo firewall-cmd --reload

Logging into Cockpit

Cockpit serves both HTTP and HTTPS requests on port 9090. By default, Cockpit creates self-signed certificates that are used to facilitate HTTPS. If you use the self-signed certificate, when you go to the web console, the browser displays a security exception warning. To avoid having to grant a security exception, install a certificate signed by a certificate authority (CA) in the /etc/cockpit/ws-certs.d directory. The last file (in alphabetical order) with a .cert extension is used.

Cockpit uses a PAM stack located at /etc/pam.d/cockpit to handle authentication of users. Authentication with PAM allows you to log in with a username and password of any system account that has administrator privileges.

To log into Cockpit:

1. In a web browser, go to the Cockpit web console using the hostname or IP address of the system at port 9090 using HTTPS. For example:

https://myserver.example.com:9090

If you are logging in on the local host, you can use:

https://localhost:9090

If you are not using a signed security certificate, a warning that the connection is not private is displayed. To continue, add an exception for the site in the browser.

• Log into Cockpit using a system user account. If the user account has sudo privileges, you can run privileged tasks in the web console. To enable running sudo commands, check the Reuse my password for privileged tasks option. Click Log In. The Cockpit dashboard is displayed.