There are some other third-party tools that do deserve a mention in this chapter and are worth exploring to see the value that they can add for you. It seems that these days, a lot of focus is on GUI applications to help with securing applications and infrastructures. The following utilities will give you a few options that could be pertinent to the environment you are running with the Docker tools.
The dockersh was designed to be used as a login shell replacement on machines that support multiple interactive users. Why is this important? If you remember some of the general security warnings that you have when dealing with Docker containers on a Docker host, you will know that whoever has access to the Docker host has access to all the running containers on this Docker host. With dockersh, you can isolate the use on a per-container basis and only allow users access the containers that you want them to, while maintaining administrative control over the Docker host and keeping the security threshold minimum.
This is an ideal way to help isolate users on a per-container basis, while containers help eliminate the need for SSH by utilizing dockersh, you can remove some of these fears about providing everyone that needs container to access, the access to the Docker host(s) as well. There is a lot of information required to set up and invoke dockersh, therefore, if you are interested, it's recommended to visit the following URL to find more about dockersh, including how to set it up and use it:
DockerUI is a simple way to view what is going on inside your Docker host. The installation of DockerUI is very straightforward and is done by running a simple docker run command in order to get started:
$ docker run -d -p 9000:9000 --privileged -v /var/run/docker.sock:/var/run/docker.sock dockerui/dockerui
To access the DockerUI, you simply open a browser and navigate to the following link:
http://<docker_host_ip>:9000
This opens your DockerUI to the world on port 9000, as shown in the following screenshot:
You can get the general high-level view of your Docker host and its ecosystem and can do things such as manipulate the containers on the Docker host by restarting, stopping, or starting them from a stopped state. DockerUI takes some of the steep learning curve of running command-line items and places them into actions that you perform in a web browser using point and click.
For more information about DockerUI, visit https://github.com/crosbymichael/dockerui.
Shipyard, like DockerUI, allows you to use a GUI web interface to manage various aspects—mainly in your containers—and manipulate them. Shipyard is build on top of Docker Swarm so that you get to utilize the feature set of Docker Swarm, where you can manage multiple hosts and containers instead of having to just focus on one host and its containers at a time.
Using Shipyard is simple and the following curl command re-enters the picture:
$ curl -sSL https://shipyard-project.com/deploy | bash -s
To access the Shipyard once the set up is completed, you can simply open a browser and navigate to the following link:
http://<docker_host_ip>:8080
As we can see in the following screenshot, we can view all the containers on our Docker host:
We can also view all the images that are on our Docker host, as shown in the following screenshot:
We can also control our containers, as seen in the following screenshot:
Shipyard, like DockerUI, allows you to manipulate your Docker hosts and containers, by restarting them, stopping them, starting them from a failed state, or deploying new containers and having them join the Swarm cluster. Shipyard also allows you to view information such as port mapping information that is what port from the host maps to the container. This allows you to get a hold of important information like that when you need it quickly to address any security related issues. Shipyard also has user management where DockerUI lacks such capability.
For more information about Shipyard simply visit the following URLs:
Where do you go when there is an issue that needs to be addressed? Most people will first look at the logs of that application to see if it is outputting any errors. With Logspout, this becomes a much more manageable task with many multiple running containers. With Logspout, you can route all the logs for each and every container to a location of your choice. Then, you could parse these logs in one place. Instead of having to pull the logs from each container and review them individually you can instead have Logspout do that work for you.
Logspout is just as easy to set up as we have seen for other third-party solutions. Simply run the following command on each Docker host to start collecting the logs:
$ docker run --name="logspout" --volume=/var/run/docker.sock:/tmp/docker.sock --publish=127.0.0.1:8000:8080 gliderlabs/logspout
Now that we have all the container logs collected in one area, we need to parse through these logs, but how do we do it?
$ curl http://127.0.0.1:8000/logs
Here's the curl command to the rescue again! Logs get prefixed with the container names and colorized in a manner in order to distinguish the logs. You can replace the loopback (127.0.0.1) address in the docker run invocations with the IP address of the Docker host so that it's easier to connect to in order to be able to get the logs as well as change the port from 8000 to something of your choice. There are also different modules that you can utilize to obtain and collect logs.
For more information about Logspout, visit https://github.com/gliderlabs/logspout.