Dockerize Flask app + logs into Splunk

more details: https://medium.com/@nanduni/container-monitoring-using-splunk-3a0971209a16

Section A: configure Docker and Flask App

• 1. install docker-ce

  2. install docker-compose

under main Flask project, place a Dockerfile,

This tells Docker to build an image

• • using Centos 7 base image

  • install PIP and Git

  • copy the core Flask app over to "/opt/maestro" inside the image

  • install PIP modules

  • add user+group

  • open up port 80

  • start any containers based on this image as 'jira-maestro' user

  • if bashing into the container, will login to WORKDIR

  • start the Flask app using the ENTRYPOINT arguments

Dockerfile

FROM centos:7

RUN yum clean expire-cache && yum clean all && \

mkdir /opt/maestro && \

yum -y install python-pip git && \

COPY . /opt/maestro

RUN cd /opt/maestro && pip install -r requirements.txt && \

groupadd jira-maestro && adduser jira-maestro -g jira-maestro && \

chown -R jira-maestro:jira-maestro /opt/maestro && yum clean all && rm -rf /var/cache

EXPOSE 80

USER jira-maestro

WORKDIR /opt/maestro

ENTRYPOINT ["/usr/bin/python", "run_maestro.py"]

create a new directory in main app folder called "docker-scripts"

add new Docker Build script. This will create a new Image with the Flask app, then run a Container and pass the Port and Logging requirements to the container,

docker-build.sh

#!/usr/bin/bash

# Docker build on a local dev box

# Version of Flask App

version="0.1"

# Docker image tag

tag="jira-maestro:dev-$version"

# Maestro port

port=5820

# Splunk Hostname

splunk_host='192.165.2.10'

splunk_token=<INSERT TOKEN>

# current devbox

dev_host=$(hostname)

dev_ip=$(facter networking.ip)

echo "building image locally.."

# cleanup previous builds

docker stop jira-maestro

# remove stopped containers

docker rm -v $(docker ps -aq -f status=exited)

docker rm jira-maestro

# clean up previous images

img_id=$(docker images --format="{{.ID}}" $tag)

[[ $img_id ]] && docker rmi -f $img_id

# remove dangling images

docker rmi $(docker images -f dangling=true -q)

# build image

docker build -t "${tag}" --no-cache=true .

# run container

printf "\n\n----- RUNNING CONTAINER ------"

img_id=$(docker images --format="{{.ID}}" $tag)

id=$(docker run -d \

-p $port:$port \

--add-host $dev_host:$dev_ip \

--log-driver=splunk \

--log-opt splunk-url=https://$splunk_host:8088 \

--log-opt splunk-token=$splunk_token \

--log-opt splunk-insecureskipverify=true \

--log-opt splunk-index=docker \

--log-opt tag="jira-maestro" \

--name jira-maestro $img_id)

run the build ./docker-build.sh

Section B: Start Splunk container, configure HEC Token

docker pull splunk/splunk

docker run -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_USER=root" -p "8000:8000" -p "8088:8088" splunk/splunk

log into Splunk

http://<docker-server>:8000

change the default password

create

settings > Data Inputs > HTTP Event Collector

create a new collector called Docker,