Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com / Administering SUSE ALP Dolomite using Cockpit

Administering SUSE ALP Dolomite using Cockpit

Publication Date: 26 Feb 2024
TOPIC

From basic system overview, over storage management to keeping your system up to date, Cockpit enables you to perform a number of administration tasks in a convenient way.

INTENTION

This articles is intended to provide a complete overview of tasks that can be performed from the Cockpit web interface.

REQUIREMENTS

To fully administer the system using Cockpit, you must either enable the root access or create a non-root user with sudo privileges. Find more information in https://documentation.suse.com/alp/dolomite/html/alp-dolomite/concept-alp-deployment.html#alp-pre-deployment-considerations-root-ssh-login

1 About Cockpit

Cockpit is a Web-based graphical interface that enables you to manage most administration tasks from one place. You do not need to create credentials for Cockpit as, by default, Cockpit uses the same credentials that you use to log in to your server. Cockpit uses APIs that already exist on the system without adding a layer to the system.

Cockpit enables you to perform the following tasks:

  • download container images and run containers

  • update the server

  • inspect and change network settings

  • manage user accounts

  • view system logs

  • inspect and interact with systemd services

  • use a terminal on a remote server in your web browser

Tip
Tip

To extend Cockpit's functionality, you can enhance it with new applications available at https://cockpit-project.org/applications.html.

2 Installing Cockpit

2.1 Introduction

Cockpit is included in the delivered pre-built images by default, or can be installed if you are installing your own instances manually by installing the cockpit-ws package. Reboot afterwards to apply the changes.

> sudo transactional-update pkg install cockpit-ws

2.2 Installing additional Cockpit plugins

Though Cockpit is present in the pre-built images, not all its plugins are installed by default. You can install them manually by installing the alp_cockpit pattern as described below.

Tip
Tip

You can also use the following command in case Cockpit is not installed on your system.

  1. Install the pattern:

    # transactional-update pkg install -t pattern alp_cockpit
  2. Reboot your machine to switch to the latest snapshot.

  3. If the Cockpit instance is intended to serve as a primary one, you need to enable the Cockpit socket in systemd by running:

    # systemctl enable --now cockpit.socket

    After running the command, the server exposes the default 9090 port and systemd starts the cockpit-ws service that listens on the 9090 port.

  4. In case you have enabled the firewall, proceed as follows:

    1. Open the firewall for Cockpit

      # firewall-cmd --permanent --zone=public --add-service=cockpit
    2. Reload the firewall configuration by running:

      # firewall-cmd --reload
  5. Now you can access the Cockpit Web interface by opening the following address in your Web browser:

    https://IP_ADDRESS_OF_MACHINE:9090

3 Authentication

Tip
Tip: Access Cockpit as a non-privileged user

It is a good practice to create a non-privileged user account—preferably during ALP Dolomite deployment—and primarily log in as such user. The same applies to logging in to Cockpit. If you need Administrative access in Cockpit, click Limited access in the top right menu and unlock it by entering root password. Refer to https://documentation.suse.com/alp/dolomite/html/alp-dolomite/concept-alp-deployment.html#alp-pre-deployment-considerations-root-ssh-login for details about root access.

Cockpit enables you to log in directly to each machine that can expose the 9090 port. This machine is sometimes referred to as the primary server. It is the primary server that runs the cockpit-ws through which connections to additional servers are established.

If the port cannot be accessed on the particular machine, you can still use Cockpit to administer the machine by using it as a secondary server. For a procedure of adding a server as secondary, refer to Procedure 2, “Adding a server as secondary”.

Note
Note: A limited number of secondary servers

The number of secondary servers that you can administer from one primary server is limited to 20. If you need to administer more servers, add other primary servers or use another tool for cluster administration.

3.1 Logging in to the primary server directly

Whenever you have a direct network access to the 9090 port, you can directly log in to the server using your credentials. To do so, follow the Procedure 1, “Logging in to the primary server”.

Note
Note: No dedicated credentials for Cockpit needed.

By default, the access is controlled by a Cockpit-specific PAM stack located at /etc/pam.d/cockpit. The default configuration allows logging in with the same user names and passwords that are used for any local account on the system.

Procedure 1: Logging in to the primary server
  1. Go to the Cockpit login page by opening the following address in a browser:

    https://IP_ADDRESS_OF_MACHINE:9090
  2. Enter the credentials.

3.2 Logging in to secondary servers

If your machine does not have a direct access to the 9090 port, you can use this machine as a secondary server. Bear in mind that the machine needs to have Cockpit installed.

There are two ways of logging in to a secondary server: you can log in to a secondary server directly or you can use the primary server.

3.2.1 Logging in to secondary servers directly

You can log in to any secondary server without logging in to the primary server first. This solution can be useful when you do not have credentials for the primary server. The primary server will be used as a bridge, and you will be connected to the secondary server using SSH.

To connect to the secondary server, proceed as follows:

  1. Go to the Cockpit login page by opening the following address in a browser:

    https://IP_ADDRESS_OF_MACHINE:9090
  2. Fill in the credentials for the secondary server.

  3. Expand Other options on the login screen.

  4. Fill in the IP address of the secondary server.

  5. Proceed by clicking Login.

  6. If you are trying to log in for the first time, you are asked to verify the fingerprint. After this, click Accept and connect.

3.2.2 Accessing secondary servers from the primary server

If you have credentials for the primary server, you can access secondary servers from the primary one. Bear in mind that you have to add the secondary servers first as described in Procedure 2, “Adding a server as secondary”.

Procedure 2: Adding a server as secondary
  1. Log in to the primary server using the account with the system administrator role.

  2. Click the USERNAME@HOSTNAME in the upper-left corner.

  3. Click Add new host.

  4. Fill in the host identification and optionally user name that will be used to log in to the server. You can assign a color to the machine. When the details are complete, click Add.

  5. Verify a fingerprint on the server you want to add. If the fingerprint matches or if you have not set up the SSH connection, click Accept and connect to proceed.

  6. Fill in the password and, if needed, check Automatic login. Cockpit will generate a new SSH key for the user, and next time you will be logged in automatically.

3.3 Switching to the administration mode

By default, a regular user can log in to Cockpit with limited access that does not enable the user to perform administration tasks like managing user accounts, updating the system, and so on.

To switch to administrative access, proceed as follows:

  1. Click the Limited access button.

  2. Fill in the root password.

  3. Click Authenticate to confirm.

To turn off administrative mode, proceed as follows:

  1. Click Administrative access.

  2. To confirm, click Limit access.

4 Configuring servers using Cockpit

Using the Cockpit Overview part, you can perform changes to the default server configuration or the configuration you provided during the manual installation. In this part, you can change the host name or change the system date or time zone.

4.1 Changing the sever host name

To change the host name, proceed as follows:

Procedure 3: Changing host name
  1. Navigate to the Overview page.

  2. In the Configuration part, click edit.

  3. Fill in the following:

    • Pretty host name—a user-defined free-form host name

    • Real host name—the name of the device in the network

4.2 Changing the system time or time zone

To change the system time or time zone, proceed as follows:

Procedure 4: Changing system time or time zone
  1. Navigate to the Overview page.

  2. Click the System time value.

  3. In the pop-up window you can change the following:

    • Time zone—the value set during the manual installation or, in case of raw images, set to UTC.

    • Set time—by default, NTP is used for time synchronization. You can set the time manually or, if you defined alternative NTP servers, you can use those NTP servers for time synchronization.

5 Filtering logs

After navigating to the Logs page, Cockpit shows system logs according to the default or previously selected view criteria. To change the logs view, you need to adjust the log filters as described further.

You can filter the logs according to the following criteria:

Note
Note: The filter criteria are combined

Bear in mind that when changing any of the time, priority or identifier criteria, the other ones are still applied. For example, if you change the time criterion to Last 24 hours, the priority and identifier criteria remain the same.

5.1 Filtering according to time

To filter the logs according to a specific time, you can choose from the following values:

Current boot

Displays logs for the current boot only. The Resume button enables continuous refreshing of currently displayed logs.

Previous boot

Displays logs relevant to the previous boot.

Last 24 hours

Displays logs that were recorded within the last 24 hours.

Last 7 days

Displays logs that were recorded within the last 7 days.

5.2 Filtering according to priority

The standard syslog severity levels are used (sorted from most to least severe):

Only emergency

The system is unusable. This is a panic condition.

Alert and above

This log requires your immediate action.

Critical and above

Failures in primary systems. You should correct the problem immediately.

Error and above

Not an urgent error but should be handled within a specific time.

Warning and above

Not an error but indicates that an error might occur if no action is taken.

Notice and above

Unusual events that are not errors. No immediate actions are required.

Info and above

Normal operational messages that serve as a confirmation that the system is working properly.

Debug and above

These messages are used just to debug the system.

5.3 Logs filters

You can refine the logs view here according to the following criteria:

Since

Logs for the specified date or newer will be displayed. You can specify the time in the following way:

  • using the absolute date in the format YYYY-MM-DD

  • using any of the terms: yesterday, today, tomorrow and now

  • using relative time by prefixing the value with - or + and specifying units. You can use the following units: seconds or s, minutes or min, hours or h, days or d, weeks or w, months or m, and years or y.

Until

Logs for the specified date or older will be displayed. You can specify the time in the following way:

  • using the absolute date in the format YYYY-MM-DD

  • using any of the terms: yesterday, today, tomorrow and now

  • using relative time by prefixing the value with - or + and specifying units. You can use the following units: seconds or s, minutes or min, hours or h, days or d, weeks or w, months or m, and years or y.

Boot

Enter an integer: 0 means the current boot, -1 is for the previous boot, 1 for the first boot, 2 for the second, etc.

Unit

Specify a systemd unit for which you want to display logs. Use one of the formats:

  • _SYSTEMD_UNIT=NAME.service

  • COREDUMP_UNIT=NAME.service

  • UNIT=NAME.service

Free-form search

Enter a string that you want to find in the log messages. You can also use PERL-compatible regular expressions. Alternatively, you can filter messages according to message log fields in the format FIELD=VALUE. For example, CODE_LINE=349 displays logs with this value.

6 Managing networking

After clicking Networking, you can view traffic on your system, manage firewall, manage network interfaces, or view network logs.

6.1 Managing firewall rules and zones

Cockpit enables you to create new zones or update the existing ones. In the firewall settings, you can add services to a zone or allow access to ports.

Note
Note: Cockpit service is mandatory

Do not remove the Cockpit service from the default firewall zone as the Cockpit service may get blocked, and you may get disconnected from the server.

6.1.1 Adding firewall zones

The public zone is the default firewall zone. To add a new zone, proceed as follows:

Procedure 5: Adding new firewall zones
  1. Navigate to the Networking page.

  2. Click Edit rules and zones.

  3. Click Add zone.

  4. Select Trust level. Each trust level of network connections has a predefined set of included services (the Cockpit service is included in all trust levels).

  5. Define allowed addresses within the zone. Select one of the values:

    • Entire subnet to allow all addresses in the subnet.

    • Range—a comma-separated list of IP addresses with the routing prefix, for example, 192.0.2.0/24, 2001:db8::/32.

  6. Proceed with Add zone.

6.1.2 Adding allowed services and ports to a zone

You can add services to an existing firewall zone as described below:

Procedure 6: Adding services to a firewall zone
  1. Navigate to the Networking page.

  2. Click Edit rules and zones.

  3. Click Add services.

  4. To add a service, check Services and select the services from the list.

  5. To allow custom ports, check Custom ports and specify the port value for UDP and/or TCP. You can assign an identifier to this port.

  6. To confirm the changes, click Add services or Add ports, respectively.

6.2 About network bonds

A bond interface is a combination of several network interfaces into one bond. Depending on the Mode (described further), network bonding can improve performance by increasing the network throughput and bandwidth. Network bonding can also increase fault tolerance by keeping overall connectivity even if some of the bonded interfaces stopped working.

6.2.1 Managing bonds

6.2.1.1 Adding bonds

To add a bond, proceed as follows:

  1. Navigate to the Networking page.

  2. Click Add bond.

  3. Specify the following parameters of the bond interface:

    Name

    Enter a unique name of the interface.

    Interfaces

    Select which network interfaces should be grouped in the bond.

    MAC

    You can either select a specific MAC address of the underlying interface, or you can use any of the following options:

    Permanent

    Use the permanent hardware address if the device has a MAC address.

    Preserve

    During the bond activation, the MAC address is not changed.

    Random

    A random MAC address is created on each connection attempt.

    Stable

    Creates a hashed MAC address.

    Mode

    Keep the default mode or select any of the following modes:

    Round Robin

    Transfers packets from the first available interface to the last. The mode offers fault tolerance and load balancing.

    Active Backup

    Only one interface in the bonding is active. If the active interface fails, the backup will be activated.

    Balance XOR

    Balancing using a transmit hash policy. The default is a modulo device count. To select a different policy, specify the xmit_hash_policy option in the Option field.

    Broadcast

    Everything is transmitted on all interfaces.

    802.3ad Dynamic Link Aggregation

    Creates aggregation groups that share the same speed and duplex settings.

    Adaptive Transmit Load Balancing

    A channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load on each interface.

    Adaptive Load Balancing

    Includes adaptive transmit load balancing and receive load balancing, no special switch support is required.

    Primary

    This selection is available only for the Active Backup mode. You can select a particular interface that will be used as primary, while other interfaces in the bond are used as secondary.

    Link monitoring

    Select the type of link monitoring.

    Monitoring interval

    Specifies the intervals at which the particular link monitor performs checks. The value is in ms.

    Link up delay

    Define the time in ms for how long the bond is disabled after a link has been activated. The value should be a multiple of the Monitoring interval value, otherwise it will be rounded to the nearest value. Available only for the MII link monitor.

    Link down delay

    Define the time in ms for how long the bond is disabled if a link failure has been detected. The value should be a multiple of the Monitoring interval value, otherwise it will be rounded to the nearest value. Available only for the MII link monitor.

    Monitoring targets

    Specify the list of host IP addresses that you want to monitor. Available only for the ARP link monitor.

  4. Proceed with Apply.

6.2.1.2 Modifying bonds

To modify a bond, proceed as follows:

  1. Navigate to the Networking page.

  2. Click on the particular bond name to open the details.

  3. You can modify the following bond parameters:

    Bond

    Select a MAC address from the list.

    Connect automatically

    The bond connects automatically by default. Uncheck the box to disable the automatic connection.

    IPv4 and IPv6

    After clicking edit, you can set an IP address and configure a specific DNS, DNS search domain and Routes.

    MTU

    After clicking edit, you can specify a particular value of the maximum transmission unit in bytes.

    Bond

    After clicking edit, you can edit the same parameters as when you were creating the bond interface.

6.3 Managing network bridges

A network bridge is a device that creates a single aggregated network from multiple networks.

6.3.1 Creating network bridges

To create a network bridge, proceed as follows:

  1. Navigate to the Networking page.

  2. In the Interfaces view, click Add bridge.

  3. Specify the following:

    Name

    Specify a unique name of the bridge.

    Ports

    Select interfaces to be included in the bridge.

    Spanning tree protocol (STP)

    STP is a network protocol used for Ethernet networks that prevents bridge loops by setting a preferred link whenever network switches are connected with several links. This preferred link is used for all Ethernet traffic unless it fails. In that case, a redundant link is used instead. For details regarding STP, see STP.

    If you enable the STP protocol, you can edit the following settings:

    STP priority

    The lower the priority, the higher the probability of the switch to become the root switch.

    STP forward delay

    Specify the time spent in the listening and learning state (in seconds). The default value is 15 s, but you can use any value between 4 and 30 s.

    STP hello time

    Specify the time between each bridge protocol data unit (BDPU) that is sent on a port (in seconds). The default value is 2 s, but the recommended range is 1 to 10 s.

    STP maximum message age

    Specify the maximum length of time that passes before a bridge port saves its configuration BPDU information.

6.3.2 Modifying or deleting existing bridges

To modify or delete a bridge, proceed as follows:

  1. Navigate to the Networking page.

  2. In the Interfaces view, click the bridge name to open the details.

  3. There you can delete the bridge by clicking Delete, or modify it by changing any of the following details:

    General

    The bridge connects automatically by default. To disable the automatic connection, uncheck the option.

    IPv4 and IPv6

    After clicking edit, you can set the IP address and configure a specific DNS, DNS search domain and Routes.

    Bridge

    By clicking edit, you can edit all parameters of the bridge.

6.4 Managing VLANs using Cockpit

A virtual local area network is a logical subnetwork that groups devices from different physical LANs.

6.4.1 Creating virtual local area network

To add a VLAN, proceed as follows:

  1. Navigate to the Networking page.

  2. In the Interfaces view, click Add VLAN.

  3. Fill in the VLAN details:

    Parent

    Select the parent network interface.

    VLAN ID

    Specify an ID in the range 1–4094.

    Name

    Enter the name of the VLAN.

6.4.2 Modifying or deleting existing VLANs

To modify or delete an existing VLAN, proceed as follows:

  1. Navigate to the Networking page.

  2. In the Interface view, click the VLAN name.

  3. Either delete the VLAN by clicking Delete, or change any of the VLAN details:

    Parent

    Select the parent network interface.

    VLAN ID

    Specify an ID in the range 1–4094.

    Name

    Enter the name of the VLAN.

7 Working with containers

After the first login to Cockpit, you need to start Podman. Keep the default check box selected to start Podman automatically on each boot.

The Podman containers page enables you to pull images from registries and manage your container. You can also filter the view by entering a filter criterion into the filter field.

7.1 Getting container images

To start a container, you need a container image. To get a container image, proceed as follows:

  1. Navigate to the Podman containers page.

  2. In the Images view, select under the three-dots menu Download new image.

  3. Select the Owner to define who can see the downloaded image. The System restricts the image visibility for users with administrative access. Image downloaded under the User owner is visible to the regular user and also for all other users with the administrative access.

  4. Choose a preferred image registry or proceed with All registries.

  5. Define the Tag. The default value is latest.

  6. Fill in the image name or description in the Search for field to start the search.

    Cockpit suggests possible images according to the entered name, registry and tag.

  7. Select the desired image and click Download.

7.2 Managing containers using Cockpit

7.2.1 Running new containers from images

Note
Note: Image required to run a container

To run a container, you need a container image, either pulled by using Cockpit or by Podman. For details about Podman, refer to the Podman guide.

To run a new container from an image, proceed as follows:

  1. Navigate to the Podman containers page.

  2. In the Images view, click Show images.

  3. Click Create container next to the image you want to use.

  4. In the Create container window, enter the container details as described below. Bear in mind that some options are available only for system administrators.

    In the Details tab, enter the following details:

    Owner

    Select whether the container will be visible only for users with sudo privileges by selecting system. The user defines that the container is visible to privileged users and regular users.

    Name

    Specify a unique name for the container.

    Pull the latest image

    If selected, the latest image version is pulled before the container is started.

    Command

    You can specify a command to run in the container.

    With terminal

    Select the option to have access to the container using a terminal. If not selected, the container will be in the detached state.

    Memory limit

    You can limit maximum memory consumption of the container by checking the box and specifying the limit.

    CPU shares

    Specify the weight of the container to use CPU time. The default weight is 1024. The weight applies only if containers are under high load. If the tasks in one container are idle, other containers may use its CPU time.

    If you have four containers, two of them have CPU shares of 512 and the other two have 1024. Thus, under high load, the containers with lower CPU shares get only 16,5% of CPU time, while those with 1024 CPU shares get 33% of CPU time.

    Restart policy

    Specify when the container is restarted after it exits.

    In the Integration tab, you can enter the following parameters:

    Port mapping

    After you click the Add port mapping button, specify the host IP address, the host port to map the container port onto, the container port and select the protocol. If you do not set the host IP address or set the value to 0.0.0.0, the port is bound to ALL host IP addresses. If you omit the host port, a random one is used for the mapping.

    Volumes

    This field maps a path in a container onto a path on the host machine. Fill in the host path, the container path and select the SELinux label.

    The SELinux label private defines that the volume is accessible only from the particular container. The shared label means that all containers can access the volume.

    Environment variables

    To define envrionment variables in the container, click Add variable and fill in Key and Value. You can enter multiple variables by adding more lines.

    In the Health check tab, you can set a time period of commands triggering to check the status of the container. Fill in the following parameters:

    Command

    Specify the command that is triggered to check the container status.

    Interval

    Specify the interval of checks in seconds.

    Timeout

    The maximum time in seconds to wait before the interval is considered failed.

    Start period

    The time interval after the container is started when the health check is not performed.

    Retries

    Specify how many times the check can be performed before the status is considered as unhealthy.

    When unhealthy

    Select the action to take after a container is considered unhealthy.

  5. To create the container, click Create or Create and run to create and start the container.

7.2.2 Further actions with running containers

Under the three-dots menu, you can perform the following actions:

  • delete the container

  • pause the container

  • commit changes performed to the container, for example, installing packages to the container

  • checkpoint the container—write the state of the container to disk and stop the container

  • restart the container, either by regular Restart, where processes running inside the container are stopped, or by Force restart, where the processes are killed, and you may lose data

  • stop the container, either by regular Stop, Force stop or Checkpoint. When using Checkpoint, the state of all processes in the container is written to the disk, and after the next start, the container is restored to the same point before stopping.

By expanding the container details, you can access the container's terminal in the Console tab and view its information in other tabs. tab and view the container information in corresponding tabs.

8 Users administration

The Cockpit Accounts screen enables you to administer user accounts and groups.

Note
Note: Users administration only for server administrators

Only users with Administrative access can edit other users.

Using the Accounts Cockpit screen, you can perform the following tasks:

8.1 Creating user accounts using Cockpit

Cockpit enables you to add users to a running system and assign system administrator privileges to accounts.

To add a new user to the system, proceed as follows:

  1. Navigate to the Accounts page.

  2. Click Create new account to open the window that enables you to add a new user.

  3. Fill in the user account details. You can assign a different home directory to the user in the drop-down Home directory menu. If you do not specify a directory, the standard /home/USERNAME path is used.

    If you select Disallow password authentication, the user will have to use an authentication method other than filling in password, for example, SSH login.

  4. Click Create to confirm the account.

  5. To add an SSH key to the account, you need to modify the account as described in Section 8.2, “Modifying existing user accounts”.

8.2 Modifying existing user accounts

In the editing form, you can add an SSH key to an account, set a password, assign the sudo privileges, or lock an account.

To modify a user account, proceed as follows:

  1. Navigate to the Accounts page.

  2. Click the account you want to modify.

  3. In the user details view, you can perform the following actions:

    Delete the user

    Click Delete to remove the user from the system.

    Terminate user's session

    By clicking Terminate session, you can log a particular user out of the system.

    Assign groups to the user

    In the Groups drop-down menu, you can assign groups to the user.

    Manage access to the account

    You can set a date when the account will expire. The default is to never expire.

    You can disallow the user to use their password to log in. The user then must use a different method of authentication.

    Manage the user's password

    Click Set password to set a new password for the account.

    By clicking Force change, the user will have to change the password on the next login.

    Click edit to set whether or when the password expires.

    Add SSH key

    You can add an SSH key for passwordless authentication via SSH. Click Add key, paste the contents of the public SSH key and confirm it by clicking Add.

8.3 Creating user groups

To create a user group, proceed as follows:

  1. Navigate to the Accounts page.

  2. Click Create new group.

  3. Enter a unique name of the group and specify or leave the default one.

    Note
    Note

    The already existing group ID cannot be overwritten. Group IDs under 1000 are usually reserved for system accounts, services, and so on. If you create a group with an ID less than 1000, the group cannot be later deleted using Cockpit.

9 Managing services

The following sections describe how to start, stop and restart a service, target, socket, timer or path.

9.1 Managing systemd units

To manage a systemd unit, proceed as follows:

  1. Click the Services page.

  2. Select the appropriate tab (System services, Targets, Sockets, Timers or Paths).

  3. Click the unit you want to administer.

  4. In the unit details, you can view relations to other systemd units, the status of the unit, or you can perform the following actions that can be found in the three-dot menu:

    • Start if the unit is not running

    • Restart the running unit

    • Stop the running unit

    • Disallow running—that will stop the service permanently including all its dependencies. Keep in mind that the dependent service can be used by other units, and disallowing the unit may cause serious troubles for the system.

9.2 Creating new timers

systemd timers help you to automate recurring tasks. A systemd timer can control triggering of systemd services and handling of events.

Note
Note: Overriding existing timers

The default set of systemd timers is stored in /usr/lib/systemd. If you create a timer with already existing names, the default unit file is not overwritten, but a new one is created in /etc/systemd/system/ that overrides the default unit file. To restore the timer to the default one, delete the timer unit file in /etc/systemd/system/.

If you try to create a timer that already exists in the /etc/systemd/system/ directory, the unit file will be overwritten, and the previous changes are lost.

To create a systemd timer using Cockpit, proceed as follows:

  1. Navigate to Services.

  2. In the Timers tab, click Create timer.

  3. Fill in the details:

    Name

    The name of the timer that will be used in the unit name and in the service unit name as well. For example, specifying the name example will create the following unit files: /etc/systemd/system/example.timer and /etc/systemd/system/example.service.

    Description

    You can provide a short description of the timer.

    Command

    The command to be invoked when the timer is triggered.

    Trigger

    The timer can be triggered each time you reboot your machine or at a specific time. For the After system boot option, you can define the delay of the service invocation. For the At specific time option, specify when the service should be invoked.

10 Updates and snapshots

You can use Cockpit to search for new system updates and then apply them directly from the Web interface. On top of that, Cockpit enables you to perform a rollback to a previous snapshot.

Important
Important: No system updates without registering your system

If your system is not registered, the updates are not available and the check for updates fails. Therefore, register your system to view available updates.

Note
Note: Snapshots and updates management only for system administrators

Only users with the Server administrator role can update the system or perform a rollback to another snapshot.

Cockpit enables you to update your ALP Dolomite instance or perform a rollback from the Software Updates menu.

10.1 Updating ALP Dolomite using Cockpit

To update your system, proceed as follows:

  1. Navigate to the Software Updates page.

  2. Click Check for Updates to get a list of new package updates and patches available for your system. We recommend installing the patches marked as important as soon as possible.

  3. Now you can update your system either with immediate reboot, or the reboot might be postponed:

    1. Click Update and Reboot to apply patches and updates. After the update is complete, your system will be restarted and will boot into the new snapshot.

    2. To postpone reboot after the update, select Update without Reboot from the three-dot menu. Bear in mind that you need to reboot the system to activate the snapshot with updates. If you perform further changes without rebooting the system beforehand, a new snapshot will be created from the same point as the snapshots with updates. Therefore, the new snapshot will not include the updates.

10.2 Performing rollbacks

To perform a rollback of your system, proceed as follows:

  1. Navigate to the Software Updates page.

  2. Click Rollback and Reboot, or Rollback without Reboot in the three-dot menu next to the snapshot you want to perform a rollback to.

After rebooting the system, the snapshot you rolled back to will be set as active. Do not make any changes (install updates, packages, etc.) before rebooting your system as the snapshot you rolled back to is not active. Any changes performed before you reboot your system will start from the currently active snapshot.