diff options
| author | Jason DeTiberus <jdetiber@redhat.com> | 2016-07-13 12:20:09 -0400 |
|---|---|---|
| committer | Jason DeTiberus <jdetiber@redhat.com> | 2016-07-13 17:40:19 -0400 |
| commit | 0fc1c77cc0dcbf314b34a957d150d4aced7fe8ed (patch) | |
| tree | 1015a3d9f07f6b54ca526d95b0860d10f64344d5 | |
| parent | a9870821719dfe28cd4b58dfe2709c39dc9cf4c9 (diff) | |
| download | openshift-0fc1c77cc0dcbf314b34a957d150d4aced7fe8ed.tar.gz openshift-0fc1c77cc0dcbf314b34a957d150d4aced7fe8ed.tar.bz2 openshift-0fc1c77cc0dcbf314b34a957d150d4aced7fe8ed.tar.xz openshift-0fc1c77cc0dcbf314b34a957d150d4aced7fe8ed.zip | |
[master] add support for setting auditConfig
| -rw-r--r-- | inventory/byo/hosts.origin.example | 3 | ||||
| -rw-r--r-- | inventory/byo/hosts.ose.example | 3 | ||||
| -rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 3 | ||||
| -rw-r--r-- | roles/openshift_master_facts/tasks/main.yml | 1 |
4 files changed, 10 insertions, 0 deletions
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 3ac70a035..d22b976e5 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -436,6 +436,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} #openshift_node_env_vars={"ENABLE_HTTP2": "true"} +# Enable API service auditing, available as of 1.3 +#openshift_master_audit_config={"basicAuditEnabled": true} + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 4c0737cb7..47c7eebfc 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -430,6 +430,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} #openshift_node_env_vars={"ENABLE_HTTP2": "true"} +# Enable API service auditing, available as of 3.2 +#openshift_master_audit_config={"basicAuditEnabled": true} + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 17a10ae71..b18a42e32 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -39,6 +39,9 @@ assetConfig: maxRequestsInFlight: 0 requestTimeoutSeconds: 0 {% if openshift_master_ha | bool %} +{% if openshift.master.audit_config | default(none) is not none and openshift.common.version_gte_3_2_or_1_2 | bool %} +auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }} +{% endif %} controllerLeaseTTL: {{ openshift.master.controller_lease_ttl | default('30') }} {% endif %} controllers: '*' diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 3aba774e5..17c31ec05 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -79,3 +79,4 @@ max_requests_inflight: "{{ openshift_master_max_requests_inflight | default(None) }}" api_env_vars: "{{ openshift_master_api_env_vars | default(None) }}" controllers_env_vars: "{{ openshift_master_controllers_env_vars | default(None) }}" + audit_config: "{{ openshift_master_audit_config | default(None) }}" |