-
Notifications
You must be signed in to change notification settings - Fork 35
/
collect-logs-across-alibaba-cloud-accounts.yml
309 lines (301 loc) · 9.53 KB
/
collect-logs-across-alibaba-cloud-accounts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 跨账号ECS日志采集方案:A账号部署,对接B账号ECS,自动化配置日志服务Project、Logstore及采集配置,实现日志统一管理。
en: 'Cross-Account ECS Log Collection Solution: Deployed under Account A, interfacing
with ECS instances in Account B, it automates the configuration of Log Service
Project, Logstore, and collection settings, thereby realizing unified log management.'
Parameters:
ProjectName:
Type: String
Label:
en: SLS project name
zh-cn: SLS日志服务项目名称
Description:
en: |-
The name of the SLS project under Alibaba Cloud account A. <br>
We will create a new Logstore under this SLS Project to store the logs collected from Account B.
zh-cn: 阿里云账号A下日志服务Project名字。我们将会在该日志服务Project下新建一个Logstore,用于存储B账号下采集的日志。
AccountID:
Type: String
Label:
en: The Alibaba cloud account ID of account B.
zh-cn: 阿里云账号B的uid。
Description:
en: The Alibaba cloud account ID of account B.
zh-cn: 阿里云账号B的uid。
RoleName:
Type: String
Label:
en: Name of the role playing account B.
zh-cn: 扮演账号B的角色名称。
Description:
en: Account B needs to provide an authorization role to implement cross-account resource operations.
zh-cn: 账号B需要提供一个授权角色,以实现跨账号资源操作。
EcsInstanceId:
Type: String
Label:
en: The ID of ECS instance under account B
zh-cn: 账号B下的ECS实例Id
Description:
en: The ECS instance ID under account B that needs to collect logs.
zh-cn: 账号B下需要进行日志采集的ECS实例ID。
LogSample:
Type: String
TextArea: true
Label:
en: Sample of log collection
zh-cn: 日志采集样例
Description:
en: |-
Single-line log collection sample<br>
127.0.0.1 - - [10/Sep/2018:12:36:49 +0800] "GET /index.html HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"<br>
Mutiple-line log collection sample<br>
[2018-10-01T10:30:01,000] [INFO] java.lang.Exception: exception happened<br>
at TestPrintStackTrace.f(TestPrintStackTrace.java:3)<br>
at TestPrintStackTrace.g(TestPrintStackTrace.java:7)<br>
at TestPrintStackTrace.main(TestPrintStackTrace.java:16)<br>
zh-cn: |-
单行日志采集样例<br>
127.0.0.1 - - [10/Sep/2018:12:36:49 +0800] "GET /index.html HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"<br>
多行日志采集样例<br>
[2018-10-01T10:30:01,000] [INFO] java.lang.Exception: exception happened<br>
at TestPrintStackTrace.f(TestPrintStackTrace.java:3)<br>
at TestPrintStackTrace.g(TestPrintStackTrace.java:7)<br>
at TestPrintStackTrace.main(TestPrintStackTrace.java:16)<br>
LogPath:
Type: String
Label:
en: The log path.
zh-cn: 日志路径
Description:
en: Set the log path according to the location of the log on the server.
zh-cn: 根据日志在服务器上的位置,设置日志目录
LogFileName:
Type: String
Label:
en: The file name of log.
zh-cn: 日志文件名
Description:
en: Set the file name according to the location of the log on the server.
zh-cn: 根据日志在服务器上的位置,设置日志名称
Resources:
DealAccountStack:
Type: ALIYUN::ROS::Stack
Properties:
TemplateBody:
ROSTemplateFormatVersion: '2015-09-01'
Transform: 'Aliyun::Terraform-v1.2'
Workspace:
main.tf: |-
variable "account_a_id" {
description = <<EOT
{
"Label": {
"zh-cn": "账号A的ID"
}
}
EOT
type = string
}
variable "account_b_id" {
description = <<EOT
{
"Label": {
"zh-cn": "账号B的ID"
}
}
EOT
type = string
}
variable "region" {
description = <<EOT
{
"Label": {
"zh-cn": "账号B的ECS Region。"
}
}
EOT
type = string
}
variable "role_name" {
description = <<EOT
{
"Label": {
"zh-cn": "扮演账号B的RAM角色名称"
}
}
EOT
}
variable "ecs_id" {
description = <<EOT
{
"Label": {
"zh-cn": "账号B的ECS实例ID"
}
}
EOT
}
locals {
role_name = var.role_name
account_id = var.account_b_id
}
# provider
provider "alicloud" {
alias = "account_b"
region = var.region
assume_role {
role_arn = format("acs:ram::%s:role/%s", local.account_id, local.role_name)
session_name = "ros"
session_expiration = 999
}
}
resource "alicloud_ecs_command" "default" {
provider = alicloud.account_b
name = "terraform-example"
command_content = base64encode(format("touch /etc/ilogtail/users/%s && echo \"application_b\" >> /etc/ilogtail/user_defined_id && sed -i \"1a \\\"accept_multi_config\\\": true,\" /usr/local/ilogtail/ilogtail_config.json && /etc/init.d/ilogtaild stop && /etc/init.d/ilogtaild start", var.account_a_id))
description = "terraform-example"
type = "RunShellScript"
working_dir = "/root"
}
resource "alicloud_ecs_invocation" "default" {
provider = alicloud.account_b
command_id = alicloud_ecs_command.default.id
instance_id = [var.ecs_id]
}
Parameters:
account_a_id:
Ref: ALIYUN::TenantId
account_b_id:
Ref: AccountID
region:
Ref: ALIYUN::Region
role_name:
Ref: RoleName
ecs_id:
Ref: EcsInstanceId
SlsIndex:
Type: ALIYUN::SLS::Index
Properties:
ProjectName:
Ref: ProjectName
FullTextIndex:
Enable: true
LogstoreName:
Fn::GetAtt:
- Logstore
- LogstoreName
DependsOn:
- Logstore
Logstore:
Type: ALIYUN::SLS::Logstore
Properties:
ProjectName:
Ref: ProjectName
LogstoreName: logstore-for-account-b
EnableTracking: true
MachineGroup:
Type: ALIYUN::SLS::MachineGroup
Properties:
GroupName: group-b
ProjectName:
Ref: ProjectName
MachineIdentifyType: userdefined
MachineList:
- application_b
DependsOn:
- DealAccountStack
LogtailConfig:
Type: ALIYUN::SLS::LogtailConfig
Properties:
ProjectName:
Ref: ProjectName
LogtailConfigName: logtail-config-one-click-solution
LogstoreName:
Fn::GetAtt:
- Logstore
- LogstoreName
RawConfigData:
configName: logtail-test01
logSample:
Ref: LogSample
inputType: file
outputType: LogService
outputDetail:
logstoreName:
Fn::GetAtt:
- Logstore
- LogstoreName
inputDetail:
discardUnmatch: false
maxDepth: 10
advanced:
tail_size_kb: 1024
blacklist: {}
k8s:
ExternalEnvTag: {}
logPath:
Ref: LogPath
filePattern:
Ref: LogFileName
enableRawLog: false
topicFormat: none
fileEncoding: utf8
adjustTimezone: false
logTimezone: ''
preserve: true
preserveDepth: 1
dockerFile: false
dockerIncludeLabel: {}
dockerExcludeLabel: {}
dockerIncludeEnv: {}
dockerExcludeEnv: {}
logType: common_reg_log
DependsOn:
- Logstore
ApplyConfigToMachineGroup:
Type: ALIYUN::SLS::ApplyConfigToMachineGroup
Properties:
ProjectName:
Ref: ProjectName
ConfigName:
Fn::GetAtt:
- LogtailConfig
- LogtailConfigName
GroupName:
Fn::GetAtt:
- MachineGroup
- GroupName
DependsOn:
- MachineGroup
- LogtailConfig
Outputs:
LogstoreName:
Description:
en: The name of logstore.
zh-cn: 日志库的名称。
Value:
Fn::GetAtt:
- Logstore
- LogstoreName
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- ProjectName
- LogSample
- LogPath
- LogFileName
Label:
default:
en: SLS project info
zh-cn: 日志服务信息
- Parameters:
- AccountID
- RoleName
- EcsInstanceId
Label:
default:
en: Account B info
zh-cn: B账号信息
TemplateTags:
- acs:technical-solution:Storage:跨阿里云账号采集日志-tech_solu_58