Merge "Add ability to enable ucp audit logs"
diff --git a/de/heat-templates/fragments/SrvInstancesVM.yaml b/de/heat-templates/fragments/SrvInstancesVM.yaml
index 5a142cb..3ed3a67 100644
--- a/de/heat-templates/fragments/SrvInstancesVM.yaml
+++ b/de/heat-templates/fragments/SrvInstancesVM.yaml
@@ -90,6 +90,9 @@
k0s_version:
type: string
default: ''
+ ucp_audit_log_level:
+ type: string
+ default: ''
resources:
@@ -124,6 +127,7 @@
$kubectl_version: { get_param: kubectl_version }
$devops_utils_refspec: { get_param: devops_utils_refspec }
$k0s_version: { get_param: k0s_version }
+ $ucp_audit_log_level: { get_param: ucp_audit_log_level }
inject_files:
type: "OS::Heat::CloudConfig"
diff --git a/de/heat-templates/scripts/functions.sh b/de/heat-templates/scripts/functions.sh
index 132d975..f3d5e39 100644
--- a/de/heat-templates/scripts/functions.sh
+++ b/de/heat-templates/scripts/functions.sh
@@ -59,6 +59,7 @@
PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-ens4}
UCP_MASTER_HOST=${UCP_MASTER_HOST:-${CONTROL_IP_ADDRESS}}
UCP_IP_ADDRESS=${UCP_IP_ADDRESS:-$CONTROL_IP_ADDRESS}
+UCP_AUDIT_LOG_LEVEL=${UCP_AUDIT_LOG_LEVEL:-''}
# Change default VXLAN port, need for https://mirantis.jira.com/browse/PRODX-11679
UCP_DOCKER_SWARM_DATA_PORT=${UCP_DOCKER_SWARM_DATA_PORT:-4789}
UCP_DOCKER_CALICO_VXLAN_PORT=${UCP_DOCKER_CALICO_VXLAN_PORT:-${UCP_DOCKER_SWARM_DATA_PORT}}
@@ -492,6 +493,9 @@
${max_pods}
${secure_overlay}
${kubelet_custom_flags}
+[audit_log_configuration]
+ level = \"${UCP_AUDIT_LOG_LEVEL}\"
+ support_dump_include_audit_logs = false
" | docker config create com.docker.ucp.config -
fi
}
diff --git a/de/heat-templates/scripts/launch.sh b/de/heat-templates/scripts/launch.sh
index 5a89193..21bd205 100644
--- a/de/heat-templates/scripts/launch.sh
+++ b/de/heat-templates/scripts/launch.sh
@@ -42,6 +42,7 @@
DOCKER_UCP_IMAGE=${DOCKER_UCP_IMAGE:-$docker_ucp_image}
BINARY_BASE_URL=${BINARY_BASE_URL:-$binary_base_url}
UCP_DOCKER_SWARM_DATA_PORT=${UCP_DOCKER_SWARM_DATA_PORT:-$docker_ucp_swarm_data_port}
+UCP_AUDIT_LOG_LEVEL=${UCP_AUDIT_LOG_LEVEL:-$ucp_audit_log_level}
FLOATING_NETWORK_PREFIXES=${FLOATING_NETWORK_PREFIXES:-$private_floating_network_cidr}
IRONIC_MT_ENABLED=${IRONIC_MT_ENABLED:-$ironic_mt_enabled}
diff --git a/de/heat-templates/top.yaml b/de/heat-templates/top.yaml
index e09fafe..ee7c964 100644
--- a/de/heat-templates/top.yaml
+++ b/de/heat-templates/top.yaml
@@ -239,6 +239,9 @@
ucp_metadata:
type: json
default: {"role":"ucp"}
+ ucp_audit_log_level:
+ type: string
+ default: ""
master_metadata:
type: json
default: {"role":"master"}
@@ -574,6 +577,7 @@
kubectl_version: { get_param: kubectl_version }
devops_utils_refspec: { get_param: devops_utils_refspec }
k0s_version: { get_param: k0s_version }
+ ucp_audit_log_level: { get_param: ucp_audit_log_level }
masters:
type: OS::Heat::ResourceGroup