hugocosme

Monitor Docker container logs with AWS CloudWatch

In this post, we are going to see how to monitor docker logs from AWS Cloudwatch logs. Docker supports different logging drivers one of which is awslogs

For this excersice, Docker container need NOT be running on EC2. We can send docker logs from anywhere to AWS.

Prerequisite

• Ubuntu 14.04
• Docker version 1.12 and above

hugocosme

NextGen Connect (formerly known as Mirth Connect) Server Setup

Create a VM running Ubuntu. Use a modern version.

Great thanks for the original guide: https://gist.github.com/jgautsch/9157402

# Update Ubuntu
sudo apt-get update

# Upgrade Ubuntu
sudo aptitude upgrade

hugocosme

#!/bin/bash -e
#########################################################################################
##how to use:                                                                         ###
##download the script "docker-cleaner.sh" adjust the permissions with chmod + x       ###
##and then execute the script passing the name or ID of the container as a parameter. ###
##Eg "./docker-cleaner.sh container-name"                                             ###
#########################################################################################

if [[ -z $1 ]]; then
    echo "No container specified"

hugocosme

#!/bin/bash
match_max 1000000
set timeout -1
echo $SERVER
expect << EOF
spawn /opt/forticlient-sslvpn/64bit/forticlientsslvpn_cli --server $SERVER --vpnuser $USER --keepalive
expect "Password for VPN:"
send -- "$PASS\r"
#send -- "\r"
set timeout -1

hugocosme

#!/bin/bash

# Forticlient SSL VPN Client launching script utilizing expect.

# --------------------------------------------
# CONFIGURATION

# If empty - script will take some simple logic to locate appropriate binary.
FORTICLIENT_PATH="/opt/forticlient-sslvpn/64bit/forticlientsslvpn_cli"

hugocosme

#!/usr/bin/expect
spawn "/opt/forticlient-sslvpn/64bit/helper/setup"
    expect "By typing"
    send "Y\r"

hugocosme

hostname elliot-01
echo elliot-01 > /etc/hostname
bash
curl -fsSL https://get.docker.com | bash
docker version
docker ps
echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
apt-get update
apt-get install kubelet kubectl kubeadm

hugocosme

curl --include \
     --no-buffer \
     --header "Connection: Upgrade" \
     --header "Upgrade: websocket" \
     --header "Host: example.com:80" \
     --header "Origin: http://example.com:80" \
     --header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \
     --header "Sec-WebSocket-Version: 13" \
     http://example.com:80/

hugocosme

GKE IAM Roles

On GKE, there's an interesting overlap between what the IAM roles grant you for Kubernetes clusters. In general, the roles in the tables below line up with each other, but there are some strange exceptions. In each of the tables below are the results of a diff between related IAM roles (only the container.* permissions are included in these results).

Project Owner	GKE Admin
	container.hostServiceAgent.use

Project Editor	GKE Developer

hugocosme

Enable Docker Remote API with TLS client verification

Docker's Remote API can be secured via TLS and client certificate verification.
First of all you need a few certificates and keys:

• CA certificate
• Server certificate
• Server key
• Client certificate
• Client key

Create certificate files