tmornini/userdata.bash

## userdata.bash
#!/bin/bash -x

exec > /tmp/user-data.log 2>&1

mkdir -p /var/spool/rsyslog

(
  mkdir -p /etc/rsyslog.d/keys/ca.d
  cd /etc/rsyslog.d/keys/ca.d
  curl -O https://logdog.loggly.com/media/logs-01.loggly.com_sha12.crt
  chmod 500 *.crt
)

cat > /etc/rsyslog.d/22-loggly.conf <<'RSYSLOG_CONFIG'
################# BEGIN RSYSLOG CONFIG FILE #########################

$template LogglyFormat,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %syslogtag:R,ERE,7,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end% %syslogtag:R,ERE,3,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%-%syslogtag:R,ERE,4,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end% %syslogtag:R,ERE,8,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end% %syslogtag:R,ERE,5,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end% [TOKEN@41058 tag=\\"%syslogtag:R,ERE,1,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%\\" tag=\\"%syslogtag:R,ERE,2,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%\\"]%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\\n"

#                                                     docker/subledger/ci/ecs-v2-117-v2-queue-main-fe9480c4a681a5990900/9b9fad23c64a[9671]:
# TAG        product=        %syslogtag:R,ERE,1,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# TAG        environment=    %syslogtag:R,ERE,2,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# %APP-NAME% task_name=      %syslogtag:R,ERE,3,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# %APP-NAME% task_version=   %syslogtag:R,ERE,4,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# %MSGID%    container_name= %syslogtag:R,ERE,5,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# ignored    synthetic_id=   %syslogtag:R,ERE,6,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# %HOSTNAME% container_id=   %syslogtag:R,ERE,7,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
# %PROCID%   pid=            %syslogtag:R,ERE,8,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%

# Setup disk assisted queues
$WorkDirectory /var/spool/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1     # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g       # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
$ActionQueueType LinkedList       # run asynchronously
$ActionResumeRetryCount -1        # infinite retries if host is down

# RsyslogGnuTLS
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/logs-01.loggly.com_sha12.crt
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.loggly.com
*.* @@logs-01.loggly.com:6514;LogglyFormat

################# END RSYSLOG CONFIG FILE #########################
RSYSLOG_CONFIG

service rsyslog restart

cat >> /etc/sysconfig/docker <<'DOCKER_LOG_CONFIG'
OPTIONS="$OPTIONS --log-driver=syslog --log-opt syslog-facility=local0 --log-opt tag=product/environment/{{.Name}}/{{.ID}}"
DOCKER_LOG_CONFIG

service docker restart
start ecs
	#!/bin/bash -x

	exec > /tmp/user-data.log 2>&1

	mkdir -p /var/spool/rsyslog

	(
	mkdir -p /etc/rsyslog.d/keys/ca.d
	cd /etc/rsyslog.d/keys/ca.d
	curl -O https://logdog.loggly.com/media/logs-01.loggly.com_sha12.crt
	chmod 500 *.crt
	)

	cat > /etc/rsyslog.d/22-loggly.conf <<'RSYSLOG_CONFIG'
	################# BEGIN RSYSLOG CONFIG FILE #########################

	$template LogglyFormat,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %syslogtag:R,ERE,7,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end% %syslogtag:R,ERE,3,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%-%syslogtag:R,ERE,4,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end% %syslogtag:R,ERE,8,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end% %syslogtag:R,ERE,5,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end% [TOKEN@41058 tag=\\"%syslogtag:R,ERE,1,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%\\" tag=\\"%syslogtag:R,ERE,2,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%\\"]%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\\n"

	# docker/subledger/ci/ecs-v2-117-v2-queue-main-fe9480c4a681a5990900/9b9fad23c64a[9671]:
	# TAG product= %syslogtag:R,ERE,1,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
	# TAG environment= %syslogtag:R,ERE,2,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
	# %APP-NAME% task_name= %syslogtag:R,ERE,3,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
	# %APP-NAME% task_version= %syslogtag:R,ERE,4,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
	# %MSGID% container_name= %syslogtag:R,ERE,5,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
	# ignored synthetic_id= %syslogtag:R,ERE,6,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
	# %HOSTNAME% container_id= %syslogtag:R,ERE,7,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%
	# %PROCID% pid= %syslogtag:R,ERE,8,BLANK:docker/([^/]+)/([^/]+)/ecs-([^-]+)-([^-]+)-([^-]+)-([^/]+)/([^\\[]+)\\[([0-9]+)\\]:--end%

	# Setup disk assisted queues
	$WorkDirectory /var/spool/rsyslog # where to place spool files
	$ActionQueueFileName fwdRule1 # unique name prefix for spool files
	$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
	$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
	$ActionQueueType LinkedList # run asynchronously
	$ActionResumeRetryCount -1 # infinite retries if host is down

	# RsyslogGnuTLS
	$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/logs-01.loggly.com_sha12.crt
	$ActionSendStreamDriver gtls
	$ActionSendStreamDriverMode 1
	$ActionSendStreamDriverAuthMode x509/name
	$ActionSendStreamDriverPermittedPeer *.loggly.com
	. @@logs-01.loggly.com:6514;LogglyFormat

	################# END RSYSLOG CONFIG FILE #########################
	RSYSLOG_CONFIG

	service rsyslog restart

	cat >> /etc/sysconfig/docker <<'DOCKER_LOG_CONFIG'
	OPTIONS="$OPTIONS --log-driver=syslog --log-opt syslog-facility=local0 --log-opt tag=product/environment/{{.Name}}/{{.ID}}"
	DOCKER_LOG_CONFIG

	service docker restart
	start ecs