Update 2018 Loggly SSL certificate

[ebr]

• integrate useful fixes from https://github.com/reimert/loggly-docker fork (thanks @reimert!)
  • rsyslog update
  • rsyslog file format update
• update SSL certificate for 2018, expiring 2020-04-10

[ParthGandhi]

Not a fork anymore.

[ebr]

@ParthGandhi good point :)

[ParthGandhi]

Thanks a ton @ebr! I was just about to sit down to do all this myself.

How likely is this to be merged and pushed to dockerhub by the 10th?

Edit: Let me know if you need me to also test this.

[ebr]

@ParthGandhi i'm testing it right now in one of my environments, and it seems fine. but please do test as well - that would be awesome - thanks. brodsky/loggly-docker:latest

( i guess we'll only know for certain after the 10th? ;))

[ParthGandhi]

@ebr tested on one of our staging envs and looks OK.

I'm gonna use your docker image on prod tomorrow if this isn't merged and pushed by then. Let me know if you'd rather i re-host the image on our domain and use that instead.

Thanks again!

[ebr]

@ParthGandhi no worries! I am also planning to deploy my image on prod tomorrow for a client if this isn't merged by then. Feel free to use my dockerhub repo (i have no plans to remove it), or clone into your own - totally up to you. Glad this helps 👍

[ParthGandhi]

@ebr FYI running brodsky/loggly-docker:latest gives:

rsyslogd: not permitted to talk to peer, certificate invalid: GnuTLS returned no specific reason [v8.26.0]
rsyslogd: invalid cert info: peer provided 1 certificate(s). Certificate 1 info: certificate valid from Wed Sep 23 22:56:38 2015 to Tue Apr 10 00:10:47 2018; Certificate public key: RSA; DN: OU=Domain Control Validated,CN=logs-01.loggly.com; Issuer DN: C=US,ST=Arizona,L=Scottsdale,O=Starfield Technologies\, Inc.,OU=http://certs.starfieldtech.com/repository/,CN=Starfield Secure Certificate Authority - G2; SAN:DNSname: logs-01.loggly.com; SAN:DNSname: www.logs-01.loggly.com;  [v8.26.0]
rsyslogd: not permitted to talk to peer, certificate invalid: GnuTLS returned no specific reason [v8.26.0]
rsyslogd: invalid cert info: peer provided 1 certificate(s). Certificate 1 info: certificate valid from Wed Sep 23 22:56:38 2015 to Tue Apr 10 00:10:47 2018; Certificate public key: RSA; DN: OU=Domain Control Validated,CN=logs-01.loggly.com; Issuer DN: C=US,ST=Arizona,L=Scottsdale,O=Starfield Technologies\, Inc.,OU=http://certs.starfieldtech.com/repository/,CN=Starfield Secure Certificate Authority - G2; SAN:DNSname: logs-01.loggly.com; SAN:DNSname: www.logs-01.loggly.com;  [v8.26.0]
rsyslogd: not permitted to talk to peer, certificate invalid: GnuTLS returned no specific reason [v8.26.0]
rsyslogd: invalid cert info: peer provided 1 certificate(s). Certificate 1 info: certificate valid from Wed Sep 23 22:56:38 2015 to Tue Apr 10 00:10:47 2018; Certificate public key: RSA; DN: OU=Domain Control Validated,CN=logs-01.loggly.com; Issuer DN: C=US,ST=Arizona,L=Scottsdale,O=Starfield Technologies\, Inc.,OU=http://certs.starfieldtech.com/repository/,CN=Starfield Secure Certificate Authority - G2; SAN:DNSname: logs-01.loggly.com; SAN:DNSname: www.logs-01.loggly.com;  [v8.26.0]
rsyslogd: not permitted to talk to peer, certificate invalid: GnuTLS returned no specific reason [v8.26.0]
rsyslogd: invalid cert info: peer provided 1 certificate(s). Certificate 1 info: certificate valid from Wed Sep 23 22:56:38 2015 to Tue Apr 10 00:10:47 2018; Certificate public key: RSA; DN: OU=Domain Control Validated,CN=logs-01.loggly.com; Issuer DN: C=US,ST=Arizona,L=Scottsdale,O=Starfield Technologies\, Inc.,OU=http://certs.starfieldtech.com/repository/,CN=Starfield Secure Certificate Authority - G2; SAN:DNSname: logs-01.loggly.com; SAN:DNSname: www.logs-01.loggly.com;  [v8.26.0]
rsyslogd: not permitted to talk to peer, certificate invalid: GnuTLS returned no specific reason [v8.26.0]
rsyslogd: invalid cert info: peer provided 1 certificate(s). Certificate 1 info: certificate valid from Wed Sep 23 22:56:38 2015 to Tue Apr 10 00:10:47 2018; Certificate public key: RSA; DN: OU=Domain Control Validated,CN=logs-01.loggly.com; Issuer DN: C=US,ST=Arizona,L=Scottsdale,O=Starfield Technologies\, Inc.,OU=http://certs.starfieldtech.com/repository/,CN=Starfield Secure Certificate Authority - G2; SAN:DNSname: logs-01.loggly.com; SAN:DNSname: www.logs-01.loggly.com;  [v8.26.0]

but I can successfully use the other tls-tagged image.

EDIT:

Ok, for some reason i'm getting that error sporadically with both images. Restarting often seems to fix it, not entirely sure why - still debugging.

[ebr]

@ParthGandhi I've seen this a few times over the last couple of days, but generally logs are coming in fine. The message looks like the container is hitting an endpoint with an expired cert. I'm going to take a wild guess that someone at Loggly forgot to install the new cert on a few nodes ;)

[Shwetajain148]

Hi @jonathan-short, Are you planning to merge this awesome PR and also taking care of other open issues?

We are eagerly waiting for you response.

[jonathan-short]

Hi all - apologies as I left SendGrid a while back, but hopefully @mikerowan is able to help you...

[Shwetajain148]

Hi @mikerowan, Can you please take care of this PR as well as other open issues? Customers will be good if the open issues and PRs get resolved soon.

Thank you for your support.