From bd53ea8112dbeab5a579bf204b235f52c05203c7 Mon Sep 17 00:00:00 2001
From: Josef Karasek <jkarasek@redhat.com>
Date: Tue, 3 Oct 2017 14:17:18 +0200
Subject: Add switch to enable/disable container engine's audit log being
 stored in ES.

If enabled, tho logs are stored in ES' operations index, accesible only by cluster admins.
---
 .../openshift_logging_fluentd/templates/fluentd.j2 | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'roles/openshift_logging_fluentd/templates')

diff --git a/roles/openshift_logging_fluentd/templates/fluentd.j2 b/roles/openshift_logging_fluentd/templates/fluentd.j2
index f286b0656..644b70031 100644
--- a/roles/openshift_logging_fluentd/templates/fluentd.j2
+++ b/roles/openshift_logging_fluentd/templates/fluentd.j2
@@ -172,6 +172,28 @@ spec:
           value: "{{ openshift_logging_fluentd_remote_syslog_payload_key }}"
 {% endif %}
 
+{% if audit_container_engine %}
+        - name: "AUDIT_CONTAINER_ENGINE"
+          value: "{{ audit_container_engine | lower }}"
+{% endif %}
+
+{% if audit_container_engine %}
+        - name: "NODE_NAME"
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+{% endif %}
+
+{% if audit_log_file != '' %}
+        - name: AUDIT_FILE
+          value: "{{ audit_log_file }}"
+{% endif %}
+
+{% if audit_pos_log_file != '' %}
+        - name: AUDIT_POS_FILE
+          value: "{{ audit_pos_log_file }}"
+{% endif %}
+
       volumes:
       - name: runlogjournal
         hostPath:
-- 
cgit v1.2.1