Step by step guide to setup ECS running with sumologic-docker-logging-driver

Deprecated: since the ECS support configure "sumologic" logging driver from UI now, please refer to Setup-AWS-ECS-to-deliver-logs-to-SumoLogic-with-Launch-Configuration-settings for new walk-through

Prerequisite

• an AWS account can deploy the ECS cluster
• a SumoLogic account with a HTTP source created. In the following paragraphs, will use URL of https://collectors.sumologic.com/receiver/v1/http/XXXX, you should replace it with the real URL of your HTTP source

Create Task Definition

You can crate your own ECS task definition (e.g. the payload running on a container) with log delivering to sumologic logging driver.

Login to the AWS console, and click "EC2 Container Service" images/ecs/ecs-service.png And then click "Task Definitions" on the sidebar and then "Create new Task Definition" images/ecs/task-def.png Using "Configure via JSON" since we cannot pick up sumolgoic driver on ECS UI images/ecs/json-config.png Use following json to define your task (This is a sample for just printing lines on console. you can replace it with the real task. And be notice the line wrapper if you directly copy from below)

{
    "family": "my-task",
    "containerDefinitions": [
        {
            "name": "hello",
            "image": "ubuntu:latest",
            "cpu": 100,
            "memory": 512,
            "essential": true,
            "entryPoint": [
                "sh",
                "-c"
            ],
            "command": [
                "for i in `seq 1 100`; do echo 'Hello world';sleep 1; done"
            ],
            "logConfiguration": {
                "logDriver": "sumologic",
                "options": {
                    "sumo-url": "https://collectors.sumologic.com/receiver/v1/http/XXXX"
                }
            }
        }
    ]
}

NOTE : if you see some error about 'CSRF' when saving the task definition, you may need to refresh your browser. It's a known UI bug of ECS.

Create ECS Cluster

Now we can create the cluster running the task. Click the "Clusters" on sidebar and "Create Cluster" images/ecs/create-cluster.png And then in the creating UI, configure the cluster settings and put 1 instance at beginning. Since current latest AMI from Amazon (ECS-Optimized Amazon Linux AMI 2017.09.a) is supporting docker API version 1.29, we can just keep using the default ECS AMI. Be notice the SSH key is required for following steps images/ecs/key-pair.png After clicking "Create", the cluster should be created.

Configure the ECS instance

The instance requires extra configuration for sending log to sumologic. These steps need to running on the EC2 instance with SSH.

Add Inbound Rule for SSH

By default, the Security Group created with cluster do not enable the SSH inbound rule. Finding the security group used by the instace and edit the inbound rule with SSH port. images/ecs/ssh-rule.png NOTE : The setting here enable any IP connect to the host with a valid SSH private key. In production environment, you may consider a stricter policy for the security.

SSH to instance

Using your key pair to SSH the instance:

$ ssh -i [.pem] [email protected]

Install sumologic-docker-logging-driver

$ docker plugin install store/sumologic/docker-logging-driver:1.0.2 --alias sumologic --grant-all-permissions

Instruction: https://github.com/SumoLogic/sumologic-docker-logging-driver; Make sure using sumologic as the alias

$ sudo docker plugin ls
ID                  NAME                DESCRIPTION                 ENABLED
1b173ac2700b        sumologic:latest    Sumo Logic logging driver   true

Update ecs configuration with ECS_AVAILABLE_LOGGING_DRIVERS

Edit the configure file of ecs /etc/ecs/ecs.config

$ sudo vi /etc/ecs/ecs.config

Append or modify following line with "sumologic"

ECS_AVAILABLE_LOGGING_DRIVERS=["json-file","awslogs","sumologic"]

Restart ECS service

$ sudo service docker stop
$ sudo service docker start
$ sudo start ecs

The instance should be ready to schedule task now.

NOTE : Repeat these steps if new instance(s) added into the cluster.

Troubleshooting

ECS agent log

$ docker logs -f ecs-agent

Docker Daemon log

$ tail -f /var/log/docker

Running container manually and deliver log to SumoLogic

$ docker run --log-driver=sumologic --log-opt sumo-url=https://collectors.sumologic.com/receiver/v1/http/XXXX -d hello-world

Schedule Task

You can now schedule a task from ECS console. images/ecs/schedule-task.png And the log lines can be queried out on SumoLogic web app now. images/ecs/query-out.png