Docker for Mac (Beta) –insecure-registry flag

I’m currently testing Docker for Mac (closed beta, Version 1.11.1-beta10) and I’m really impressed so far.

If you need to work with an insecure local registry, you need to do the following

Edit daemon.json and add the insecure registry

Load the edited daemon.json

The virtual machine used by docker for mac (xhyve) needs to be restart,

Done, you should now be able to pull from your insecure registry.

Log management with Graylog & Fluentd

A perfect match -Graylog & Fluentd

In the following post, I’ll describe how to quickly setup a docker multi container environment running Graylog and Fluentd. The result is a comprehensive log management platform that is able to collect log data from distributed applications.

Graylog?

Think of Graylog as an open source alternative to Splunk Enterprise, a log management platform for collecting, indexing, and analyzing both structured and unstructured data . Furthermore, you can configure email alerts for certain events and dashboards to monitor your applications, quickly.

Fluentd?

Fluentd is an open source data collector, an unified logging layer. It decouples data sources from backend systems by providing a unified logging layer in between. If your applications running within Docker containers, you might be interested in the OOTB logging driver for Fluentd.

Why do I need this?

There are a lot of use cases for such a comprehensive log solution. Especially, if log files are getting bigger and are distributed across multiple servers / applications, it can be quite time consuming analysing the logs.

In my case, I’m using a Scala logback Fluentd appender that forwards all log messages of the application to a Fluentd collector running on another server. Each application got it’s own tag like “applicationXY.prod” or “applicationXY.staging“, so we can differenciate the messages later on in Graylog.

The Fluentd collector or “Fluentd to Graylog forwarder” receives and forwards all log messages to Graylog where they got indexed and persisted.

You might wonder why I don’t send the log messages directly to Graylog? Fluentd has many advantages in terms of log  message handling. For example,  Fluentd supports log file or  memory buffering and failovers to handle situations where Graylog or another Fluentd node would go offline. This is what fluentd is really good at. For more information look at the fluentd out_forward or buffer plugin to get an idea of the capabilities.

Ok, ok.. How do I set this up?!

I put a multi docker container environment together, to speed up this process.

First, it builds a custom Fluentd to Graylog forward container, based on the official Fluentd container and a Graylog (gelf) plugin. Then it links it to the official docker all-in-one container for Graylog, which consists of Elasticsearch, mongodb, nginx and Graylog of course :-).

I’d recommend going the easy route and install docker-compose.

Then simply execute following command. This will download the all-in-one container, build the Fluentd-gelf forward container and link it all together.

Now, you should be able to access graylog on [container-IP]:9000 with credentials admin:admin. Go to [container-IP]:9000/system/inputs and launch a new Gelf UDP input with the default settings:

GELF - UDP

Graylog is now listening on port 12201 to receive messages from the Fluentd to Graylog container we built. The container expects messages in the Fluentd format (json) on its TCP input on port 24224 with a tag “gelf.app.XYZ and forwards them to Graylog.

You can now start logging with your Fluentd appender and setting up different streams and dashboards within Graylog by separating the log messages by its “gelf.app.XYZ” tags since they are also forwarded to Graylog.

For more detailed instructions, please check out the Readme.

Fluentd log appenders

Since this is application dependent, here are some links that might help.

 

 

 

 

 

 

techtalk – Redesign 2015

Let’s start into the new year with a completed redesign. During the process I tried to archive following goals:

Make it responsive

Since a third of all my visitors are using a mobile device or tablet, I wanted to provide a better experience especially for smaller displays.

Make it faster

The latest posts were very popular, which lead to a higher server load and long loading time or even complete downtimes. Therefore I tried to improve caching and image optimisations.

Make it more social

The old design barely linked social media profiles. In addition, the valuable comments section was quite hidden and hard to find.

Make it secure

Make techtalk secured by SSL by default. This makes also sense for Google ratings.

Make it covering costs

With approx 100’000 unique visitors last year and a lot of down time I needed to move the site to a non free managed webhosting provider that is faster and hopefully more reliable as well. I decided to put some adwords on the blog for covering those costs.

Make it more widespread

I registered more domains and a SSL certificate. The blog is now reachable under following domains:

Where .me will be the new default domain.