Cockpit Guide #

Cockpit enables you to log in directly to each machine that can expose the 9090 port. If the port cannot be accessed on the particular machine, you can still use Cockpit to administer the machine by using it as a secondary server. For a procedure of adding a server as secondary, refer to Section 3.1.1, “Adding secondary servers”.

Note: A limited number of secondary servers

The number of secondary servers that you can administer from one primary server is limited to 20. If you need to administer more servers, add other primary servers or use another tool for cluster administration.

To log in to the primary server, enter your credentials on the Cockpit login page. To log in to secondary servers, there are two options. You can access secondary machines after logging in to the primary server, or you can access a secondary machine using the Connect to field on the login page.

The graphs on the Storage page display reading and writing data flow to devices. Each device in the graph has a different color. Hover over the displayed data flow peak to identify the device name.

Figure 3: Data flow view #

  

The Filesystems view enables you to create a partition table and to format or mount file systems. You can sort the mounted partition according to Name or Mount point. Click on the particular file system to open the details window.

Figure 4: File systems details #

  

To format the partition, click Format next to the particular partition description to open the format window.

Figure 5: Formatting partitions #

  

You can specify the following details:

After you specify all required details, click Format to proceed.

If a partition is already formatted, you can mount it by clicking Mount. Here you can change the mount point and mount options. To proceed, click Mount.

Use the Storage view to add, edit or delete NFS mounts.

To add an NFS mount point, after clicking on the plus icon, specify the following details:

To edit an NFS mount, click on the particular NFS mount. On the next screen, click Edit and specify the details described in NFS mount details.

The Devices view enables you to add or manage RAIDs.

6.4.1 Creating RAIDs #

  

You can create RAIDs of different levels on your system from the Devices part by selecting the Create RAID device option in the hamburger menu.

Figure 6: Creating RAID device #

  

Enter the following parameters of the RAID:

Name

Enter a unique name of the RAID.

RAID level

Select one of the following RAID levels:

RAID 0

has the data split evenly to two or more disks. Such a solution provides higher performance because you can read data from several disks simultaneously, but does not provide any fault tolerance. You need to have at least 2 disks.

RAID 1

is a mirror. Data are kept in exact copies on several disks. If there is a failure on one disk, you can use data on another disk. Typically, this RAID level uses 2 disks.

RAID 4

provides striping and a dedicated disk for parity. You need to have at least 3 disks.

RAID 5

provides striping, the parity data are distributed on all disks. The minimum number of disks is 3.

RAID 6

provides striping and two parity blocks distributed across disks. The minimum number of disks is 4.

RAID 10

is a combination of striping and mirroring. Each stripe is mirrored to another disk. The minimum number of disks is 4.

Chunk size

The size of chunks. A chunk is the minimum amount of data read or written to each data disk in the array during a single read/write operation.

Disks

Select the disks that should be included in the RAID. The required number of disks depends on the selected RAID level.

Confirm the parameters by clicking Create. The RAID then appears in the Devices part.

6.4.2 Modifying RAIDS #

  

Click the RAID in Devices to open the RAID details view. In the detailed view, you can stop or delete the RAID, add or remove disks and format the device.

Figure 7: RAID details #

  

With some RAID levels, you can switch on the Bitmap option that enables you to synchronize only the changes after a disk is temporarily disconnected. If the Bitmap is off, all data on the disk will be synchronized.

You can remove and add disks in the Disks part. After any change to the array, the system undergoes resynchronization that might take some time. Keep in mind that each RAID level requires a minimum number of disks, therefore, Cockpit does not allow removing the disks that are required by the particular RAID level.

The Content view enables you to create a partition table (either MBR or GPT), format the disks and mount the RAID.

Using Cockpit, you can create thinly provisioned logical volumes or logical block devices. To do so, create a volume group of disks by selecting Create volume group in the hamburger menu in Devices.

Figure 8: Creating a volume group #

  

Enter the volume group name and select disks that will be part of the volume group. Confirm the data with Create. The volume group appears in the Devices view. Now you can create a logical volume (either a block device or a pool of thinly provisioned volumes). To create a logical volume, proceed as follows:

If you created a block logical volume, you need to format the volume by clicking Format and filling the details as described in Formatting partitions parameters.

If you created a pool of thinly provisioned volumes, you can create a thin volume by clicking Create thin volume.

Figure 9: Creating a thinly provisioned volume #

  

Enter a unique name, select the size of the volume, and confirm by clicking Create. You can create several volumes of the particular volume group by clicking Create thin volume again. Format the volumes by clicking Format and filling the details as described in Formatting partitions parameters.

Other actions on a particular volume are available in the three dots menu: Deactivate, Create snapshot or Delete.

Shrinking or growing a volume is available by clicking on Shrink or Grow in the particular volume details. These features are not available for all file systems and volume types.

Important: Firewall and Podman

Using firewall along with Podman may result in missing Podman-related firewall rules after reloading the firewalld service. Therefore, it is recommended to keep the firewall in its default setting (disabled) if you intend to use Podman.

Note: The cockpit service is not included in the public zone

If you turn on the firewall, add the cockpit service to the public zone, otherwise the Cockpit web UI might get disconnected.

The Firewall view enables you turn on the firewall, which is off by default. After turning it on, you can edit firewall rules and zones by clicking Edit rules and zones.

Figure 11: Firewall settings #

  

To add a service to an existing zone, click Add services. Then select a service from the list and confirm with Add services.

If you need to define a zone on top of the currently available zones, click Add zone. In the Add zone window, select Trust level. Each trust level of network connections has a predefined set of included services (the Cockpit service is included in all trust levels). You can also allow addresses from the entire subnet within the particular trust level, or you can define a specific range of allowed IP addresses as a comma-separated list.

Figure 12: Add firewall zone #

  

In the Interfaces part, you can add, modify or delete VLANs, bridges or bond interfaces.

7.2.1 Managing bonds #

  

A bond interface is a combination of several network interfaces into one bond. Depending on the Mode (described further), network bonding can increase performance by increasing the network throughput and bandwidth. Network bonding can also increase fault tolerance by keeping overall connectivity even if some of the bonded interfaces stopped working. To add a bond interface, click Add bond.

Figure 13: Adding a bond #

  

Specify the following parameters of the bond interface:

Name

Enter a unique name of the interface.

Interfaces

Select which network interfaces should be grouped in the bond.

MAC

You can either select a specific MAC address of the underlying interface, or you can use any of the following options:

Permanent

Use the permanent hardware address if the device has a MAC address.

Preserve

During the bond activation, the MAC address is not changed.

Random

A random MAC address is created on each connection attempt.

Stable

Creates a hashed MAC address.

Mode

Keep the default mode or select any of the following modes:

Round Robin

Transfers packets from the first available interface to the last. The mode offers fault tolerance and load balancing.

Active Backup

Only one interface in the bonding is active. If the active interface fails, the backup will be activated.

Balance XOR

Balancing using a transmit hash policy. The default is a modulo device count. To select a different policy, specify the xmit_hash_policy option in the Option field.

Broadcast

Everything is transmitted on all interfaces.

802.3ad Dynamic Link Aggregation

Creates aggregation groups that share the same speed and duplex settings.

Adaptive Transmit Load Balancing

A channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load on each interface.

Adaptive Load Balancing

Includes adaptive transmit load balancing and receive load balancing, no special switch support is required.

Primary

This selection is available only for the Active Backup mode. You can select a particular interface that will be used as primary, while other interfaces in the bond are used as secondary.

Link monitoring

Select the type of link monitoring.

Monitoring interval

Specifies the intervals at which the particular link monitor performs checks. The value is in ms.

Link up delay

Define the time in ms for how long the bond is disabled after a link has been activated. The value should be a multiple of the Monitoring interval value, otherwise it will be rounded to the nearest value. Available only for the MII link monitor.

Link down delay

Define the time in ms for how long the bond is disabled if a link failure has been detected. The value should be a multiple of the Monitoring interval value, otherwise it will be rounded to the nearest value. Available only for the MII link monitor.

Monitoring targets

Specify the list of host IP addresses that you want to monitor. Available only for the ARP link monitor.

To modify or delete a bond interface, click on the particular bond name to open the details. There you can change the parameters of the bond described below.

Figure 14: Modifying a bond #

  

Bond

Select a MAC address from the list.

Connect automatically

The bond connects automatically by default. Uncheck the box to disable the automatic connection.

IPv4 and IPv6

After clicking edit, you can set an IP address and configure a specific DNS, DNS search domain and Routes.

MTU

After clicking edit, you can specify a particular value of the maximum transmission unit in bytes.

Bond

After clicking edit, you can edit the same parameters as when you were creating the bond interface.

7.2.2 Managing bridges #

  

A network bridge is a device that creates a single aggregated network from multiple networks. To create a bridge, click Add bridge.

Figure 15: Adding a bridge #

  

Specify the following:

Name

Specify a unique name of the bridge.

Ports

Select interfaces to be included in the bridge.

Spanning tree protocol (STP)

STP is a network protocol used for Ethernet networks that prevents bridge loops by setting a preferred link whenever network switches are connected with several links. This preferred link is used for all Ethernet traffic unless it fails. In that case, a redundant link is used instead. For details regarding STP, see STP.

If you enable the STP protocol, you can edit the following settings:

STP priority

the lower the priority, the higher the probability of the switch to become the root switch.

STP forward delay

Specify the time spent in the listening and learning state (in seconds). The default value is 15 s, but you can use any value between 4 and 30 s.

STP hello time

Specify the time between each bridge protocol data unit (BDPU) that is sent on a port (in seconds). The default value is 2 s, but the recommended range is 1 to 10 s.

STP maximum message age

Specify the maximum length of time that passes before a bridge port saves its configuration BPDU information.

To modify or delete a bridge, click the bridge name to open the details.

Figure 16: Modifying a bridge #

  

There you can edit the following details:

General

The bridge connects automatically by default. To disable the automatic connection, uncheck the option.

IPv4 and IPv6

After clicking edit, you can set the IP address and configure a specific DNS, DNS search domain and Routes.

Bridge

By clicking edit, you can edit all parameters of the bridge.

7.2.3 Managing VLANs #

  

A virtual local area network is a logical subnetwork that groups devices from different physical LANs.

To create a VLAN, click Add VLAN and select the parent interface, assign an ID number and provide a name for the VLAN.

Figure 17: Adding VLAN #

  

To modify or delete a VLAN, click the VLAN name.

Figure 18: Adding VLAN #

  

To start a container, you need a container image. Click Get new image to open a search box for images.

In the search box:

Cockpit suggests possible images according to the entered name, registry and tag. Select the desired image and click Download.

Figure 20: Getting images #

  

Note: Adding custom registry

SLE Micro comes with a predefined set of registries. If you need to use a custom registry, configure Cockpit to display them. Add the custom registry to the file /etc/containers/registries.conf to the registries list. For example, you can add registry.example to the list as follows:

registries = ["registry.opensuse.org", "docker.io", "registry.example"]

Tip: Pulling images using Podman

You can also get container images using Podman by running the podman pull command. For details, refer to Podman Guide.

After you get an image, you can start a container based on that image by clicking the button next to the image information.

Figure 21: Running a container #

  

In the Run image window, enter the container details as described below.

Figure 22: Container details #

  

After expanding the container details, you can perform the following tasks:

Click Create new account to open the window that enables you to add a new user. Fill in the user's login and/or full name and password, then confirm the form by clicking Create.

To add authorized SSH keys for the new user or set the Server administrator role, edit the already created account by clicking on it. For details, refer to Section 9.2, “Modifying accounts”.

After clicking the user icon in the Accounts page, the user details view opens, and you can edit the user.

Figure 24: User details #

  

In the user's details view, you can perform the following actions.

To create a new timer, click Create timer in the Timers tab. Fill in the details described below in the opened Create timer window.

Figure 26: Creating timers #

  

Note: Overriding existing timers

The default set of systemd timers is stored in /usr/lib/systemd. If you create a timer with already existing names, the default unit file is not overwritten, but a new one is created in /etc/systemd/system/ that overrides the default unit file. If you want to restore the timer to the default one, delete the timer unit file in /etc/systemd/system/.

If you try to create a timer that already exists in the /etc/systemd/system/ directory, the unit file will be overwritten, and the previous changes are lost.

Click Check for Updates to get a list of new package updates and patches available for your system. You can view each package update or patch information by clicking the blue icon next to the package update/patch. It is recommended to install the patches marked as important as soon as possible.

To apply the updates and patches, click Update and Reboot. The equivalent of the transactional-update up command is called, and a new snapshot of your system is created. After the update completes successfully, your system will be rebooted and the new snapshot set as default.

You can postpone the reboot of your system after the update process by selecting Update without Reboot from the three dots menu. Bear in mind that you need to reboot the system to activate the snapshot with updates. If you perform further changes without rebooting the system beforehand, a new snapshot will be created from the same point as the snapshots with updates. Therefore, the new snapshot will not include the updates.

You can also update SLE Micro using CLI. For details, refer to Section 3.1, “transactional-update usage”.

In Snapshots & Updates you can perform a rollback to one of older snapshots by clicking Rollback and Reboot, or Rollback without Reboot in threedots menu.

After rebooting the system, the snapshot you rolled back to will be set as active. Do not make any changes (install updates, packages, etc.) before rebooting your system, as the snapshot you rolled back to is not active. Any changes performed before you reboot your system will start from the currently active snapshot.

For a system rollback procedure performed using CLI, refer to Section 3.3, “System rollback”.