diff options
| author | Josef Karasek <jkarasek@redhat.com> | 2017-10-03 14:17:18 +0200 |
|---|---|---|
| committer | Josef Karasek <jkarasek@redhat.com> | 2017-10-11 17:25:26 +0200 |
| commit | bd53ea8112dbeab5a579bf204b235f52c05203c7 (patch) | |
| tree | bed2b21cc893a6162afc6a7f32f9c0427a35b40e /roles/openshift_logging_fluentd | |
| parent | 0db302a8eb8cef17fe20ef651cad6e4cb3308d2b (diff) | |
| download | openshift-bd53ea8112dbeab5a579bf204b235f52c05203c7.tar.gz openshift-bd53ea8112dbeab5a579bf204b235f52c05203c7.tar.bz2 openshift-bd53ea8112dbeab5a579bf204b235f52c05203c7.tar.xz openshift-bd53ea8112dbeab5a579bf204b235f52c05203c7.zip | |
Add switch to enable/disable container engine's audit log being stored in ES.
If enabled, tho logs are stored in ES' operations index, accesible only by cluster admins.
Diffstat (limited to 'roles/openshift_logging_fluentd')
| -rw-r--r-- | roles/openshift_logging_fluentd/defaults/main.yml | 4 | ||||
| -rw-r--r-- | roles/openshift_logging_fluentd/tasks/main.yaml | 4 | ||||
| -rw-r--r-- | roles/openshift_logging_fluentd/templates/fluentd.j2 | 22 |
3 files changed, 29 insertions, 1 deletions
diff --git a/roles/openshift_logging_fluentd/defaults/main.yml b/roles/openshift_logging_fluentd/defaults/main.yml index 82326bdd1..25f7580a4 100644 --- a/roles/openshift_logging_fluentd/defaults/main.yml +++ b/roles/openshift_logging_fluentd/defaults/main.yml @@ -56,3 +56,7 @@ openshift_logging_fluentd_aggregating_passphrase: none #fluentd_secureforward_contents: openshift_logging_fluentd_file_buffer_limit: 1Gi + +# Configure fluentd to tail audit log file and filter out container engine's logs from there +# These logs are then stored in ES operation index +openshift_logging_fluentd_audit_container_engine: False diff --git a/roles/openshift_logging_fluentd/tasks/main.yaml b/roles/openshift_logging_fluentd/tasks/main.yaml index 37960afd1..06bb35dbc 100644 --- a/roles/openshift_logging_fluentd/tasks/main.yaml +++ b/roles/openshift_logging_fluentd/tasks/main.yaml @@ -108,7 +108,6 @@ src: secure-forward.conf dest: "{{ tempdir }}/secure-forward.conf" when: fluentd_secureforward_contents is undefined - changed_when: no - copy: @@ -173,6 +172,9 @@ ops_port: "{{ openshift_logging_fluentd_ops_port }}" fluentd_nodeselector_key: "{{ openshift_logging_fluentd_nodeselector.keys()[0] }}" fluentd_nodeselector_value: "{{ openshift_logging_fluentd_nodeselector.values()[0] }}" + audit_container_engine: "{{ openshift_logging_fluentd_audit_container_engine | default(False) | bool }}" + audit_log_file: "{{ openshift_logging_fluentd_audit_file | default() }}" + audit_pos_log_file: "{{ openshift_logging_fluentd_audit_pos_file | default() }}" check_mode: no changed_when: no diff --git a/roles/openshift_logging_fluentd/templates/fluentd.j2 b/roles/openshift_logging_fluentd/templates/fluentd.j2 index f286b0656..644b70031 100644 --- a/roles/openshift_logging_fluentd/templates/fluentd.j2 +++ b/roles/openshift_logging_fluentd/templates/fluentd.j2 @@ -172,6 +172,28 @@ spec: value: "{{ openshift_logging_fluentd_remote_syslog_payload_key }}" {% endif %} +{% if audit_container_engine %} + - name: "AUDIT_CONTAINER_ENGINE" + value: "{{ audit_container_engine | lower }}" +{% endif %} + +{% if audit_container_engine %} + - name: "NODE_NAME" + valueFrom: + fieldRef: + fieldPath: spec.nodeName +{% endif %} + +{% if audit_log_file != '' %} + - name: AUDIT_FILE + value: "{{ audit_log_file }}" +{% endif %} + +{% if audit_pos_log_file != '' %} + - name: AUDIT_POS_FILE + value: "{{ audit_pos_log_file }}" +{% endif %} + volumes: - name: runlogjournal hostPath: |