Add ability to enable ucp audit logs Allow to configure audit logs, by default - level is "" - means disabled. More details https://docs.mirantis.com/mke/3.7/ops/administer-cluster/mke-audit-logging/logging-levels.html All logs are written to ucp-controller container log. Which is rotated currently as follows - 3 log files at 1Gb each. Related-Prod: https://mirantis.jira.com/browse/PRODX-44797 Change-Id: Ib73b30cf874ae119aef8842ea797de42e50b9a40

commit: 9df830a23d097b0c688dd0c467ba000cfb4151dd [log] [tgz]
author: Mykyta Karpin <mkarpin@mirantis.com> Thu Sep 12 14:25:01 2024 +0200
committer: Mykyta Karpin <mkarpin@mirantis.com> Fri Sep 13 14:13:37 2024 +0000
tree: 34620fc4beba3bfff999cb38c533dad286005dcd
parent: 1f86d904ed0c0218c7ecde75babd925e4b9342ab [diff]
diff --git a/de/heat-templates/fragments/SrvInstancesVM.yaml b/de/heat-templates/fragments/SrvInstancesVM.yaml
index 5a142cb..3ed3a67 100644
--- a/de/heat-templates/fragments/SrvInstancesVM.yaml
+++ b/de/heat-templates/fragments/SrvInstancesVM.yaml

@@ -90,6 +90,9 @@
   k0s_version:
     type: string
     default: ''
+  ucp_audit_log_level:
+    type: string
+    default: ''
 
 resources:
 
@@ -124,6 +127,7 @@
             $kubectl_version: { get_param: kubectl_version }
             $devops_utils_refspec: { get_param: devops_utils_refspec }
             $k0s_version: { get_param: k0s_version }
+            $ucp_audit_log_level: { get_param: ucp_audit_log_level }
 
   inject_files:
     type: "OS::Heat::CloudConfig"

diff --git a/de/heat-templates/scripts/functions.sh b/de/heat-templates/scripts/functions.sh
index 132d975..f3d5e39 100644
--- a/de/heat-templates/scripts/functions.sh
+++ b/de/heat-templates/scripts/functions.sh

@@ -59,6 +59,7 @@
 PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-ens4}
 UCP_MASTER_HOST=${UCP_MASTER_HOST:-${CONTROL_IP_ADDRESS}}
 UCP_IP_ADDRESS=${UCP_IP_ADDRESS:-$CONTROL_IP_ADDRESS}
+UCP_AUDIT_LOG_LEVEL=${UCP_AUDIT_LOG_LEVEL:-''}
 # Change default VXLAN port, need for https://mirantis.jira.com/browse/PRODX-11679
 UCP_DOCKER_SWARM_DATA_PORT=${UCP_DOCKER_SWARM_DATA_PORT:-4789}
 UCP_DOCKER_CALICO_VXLAN_PORT=${UCP_DOCKER_CALICO_VXLAN_PORT:-${UCP_DOCKER_SWARM_DATA_PORT}}
@@ -492,6 +493,9 @@
     ${max_pods}
     ${secure_overlay}
     ${kubelet_custom_flags}
+[audit_log_configuration]
+    level = \"${UCP_AUDIT_LOG_LEVEL}\"
+    support_dump_include_audit_logs = false
 " | docker config create com.docker.ucp.config -
     fi
 }

diff --git a/de/heat-templates/scripts/launch.sh b/de/heat-templates/scripts/launch.sh
index 5a89193..21bd205 100644
--- a/de/heat-templates/scripts/launch.sh
+++ b/de/heat-templates/scripts/launch.sh

@@ -42,6 +42,7 @@
 DOCKER_UCP_IMAGE=${DOCKER_UCP_IMAGE:-$docker_ucp_image}
 BINARY_BASE_URL=${BINARY_BASE_URL:-$binary_base_url}
 UCP_DOCKER_SWARM_DATA_PORT=${UCP_DOCKER_SWARM_DATA_PORT:-$docker_ucp_swarm_data_port}
+UCP_AUDIT_LOG_LEVEL=${UCP_AUDIT_LOG_LEVEL:-$ucp_audit_log_level}
 FLOATING_NETWORK_PREFIXES=${FLOATING_NETWORK_PREFIXES:-$private_floating_network_cidr}
 IRONIC_MT_ENABLED=${IRONIC_MT_ENABLED:-$ironic_mt_enabled}
 

diff --git a/de/heat-templates/top.yaml b/de/heat-templates/top.yaml
index e09fafe..ee7c964 100644
--- a/de/heat-templates/top.yaml
+++ b/de/heat-templates/top.yaml

@@ -239,6 +239,9 @@
   ucp_metadata:
     type: json
     default: {"role":"ucp"}
+  ucp_audit_log_level:
+    type: string
+    default: ""
   master_metadata:
     type: json
     default: {"role":"master"}
@@ -574,6 +577,7 @@
       kubectl_version: { get_param: kubectl_version }
       devops_utils_refspec: { get_param: devops_utils_refspec }
       k0s_version: { get_param: k0s_version }
+      ucp_audit_log_level: { get_param: ucp_audit_log_level }
 
   masters:
     type: OS::Heat::ResourceGroup
commit	9df830a23d097b0c688dd0c467ba000cfb4151dd	[log] [tgz]
author	Mykyta Karpin <mkarpin@mirantis.com>	Thu Sep 12 14:25:01 2024 +0200
committer	Mykyta Karpin <mkarpin@mirantis.com>	Fri Sep 13 14:13:37 2024 +0000
tree	34620fc4beba3bfff999cb38c533dad286005dcd
parent	1f86d904ed0c0218c7ecde75babd925e4b9342ab [diff]