diff options
| -rw-r--r-- | inventory/byo/hosts.origin.example | 3 | ||||
| -rw-r--r-- | inventory/byo/hosts.ose.example | 3 | ||||
| -rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 3 | ||||
| -rw-r--r-- | roles/openshift_master_facts/tasks/main.yml | 1 |
4 files changed, 10 insertions, 0 deletions
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 121a2e81e..5bfb451c5 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -460,6 +460,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} #openshift_node_env_vars={"ENABLE_HTTP2": "true"} +# Enable API service auditing, available as of 1.3 +#openshift_master_audit_config={"basicAuditEnabled": true} + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index ae95e8de7..96a9db30d 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -454,6 +454,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} #openshift_node_env_vars={"ENABLE_HTTP2": "true"} +# Enable API service auditing, available as of 3.2 +#openshift_master_audit_config={"basicAuditEnabled": true} + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 17a10ae71..b18a42e32 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -39,6 +39,9 @@ assetConfig: maxRequestsInFlight: 0 requestTimeoutSeconds: 0 {% if openshift_master_ha | bool %} +{% if openshift.master.audit_config | default(none) is not none and openshift.common.version_gte_3_2_or_1_2 | bool %} +auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }} +{% endif %} controllerLeaseTTL: {{ openshift.master.controller_lease_ttl | default('30') }} {% endif %} controllers: '*' diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 3aba774e5..17c31ec05 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -79,3 +79,4 @@ max_requests_inflight: "{{ openshift_master_max_requests_inflight | default(None) }}" api_env_vars: "{{ openshift_master_api_env_vars | default(None) }}" controllers_env_vars: "{{ openshift_master_controllers_env_vars | default(None) }}" + audit_config: "{{ openshift_master_audit_config | default(None) }}" |