Merge 033179b into 211b38e

openshift · Nov 19, 2018 · ebaa4bf · ebaa4bf
2 parents 211b38e + 033179b
commit ebaa4bf
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 1 deletion.
diff --git a/roles/lib_utils/action_plugins/master_check_paths_in_config.py b/roles/lib_utils/action_plugins/master_check_paths_in_config.py
@@ -23,6 +23,7 @@
 
 ITEMS_TO_POP = (
     ('oauthConfig', 'identityProviders'),
+    ('auditConfig', 'auditFilePath'),
 )
 # Create csv string of dot-separated dictionary keys:
 # eg: 'oathConfig.identityProviders, something.else.here'
@@ -48,8 +49,10 @@ def pop_migrated_fields(mastercfg):
         field = mastercfg
         for sub_field in item:
             parent_field = field
+            if sub_field not in field:
+                continue
             field = field[sub_field]
-        parent_field.pop(item[len(item) - 1])
+        parent_field.pop(item[len(item) - 1], None)
 
 
 def do_item_check(val, strings_to_check):

diff --git a/roles/lib_utils/test/test_master_check_paths_in_config.py b/roles/lib_utils/test/test_master_check_paths_in_config.py
@@ -24,6 +24,8 @@ def loaded_config():
         'oauthConfig':
         {'identityProviders':
             ['1', '2', '/this/will/fail']},
+        'auditConfig':
+        {'auditFilePath': "/var/log/origin/audit-ocp.log"},
         'fake_top_item':
         {'fake_item':
             {'fake_item2':

diff --git a/roles/openshift_control_plane/tasks/main.yml b/roles/openshift_control_plane/tasks/main.yml
@@ -52,6 +52,16 @@
     mode: '0750'
   when: not openshift_is_atomic | bool
 
+- name: Create openshift audit log directory
+  file:
+    state: directory
+    path: "/var/log/origin"
+    mode: 0700
+  when:
+  - openshift.master.audit_config is defined
+  - openshift.master.audit_config.auditFilePath is defined
+  - '"/var/log/origin" in openshift.master.audit_config.auditFilePath'
+
 - name: Create the policy file if it does not already exist
   command: >
     {{ openshift_client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig

diff --git a/roles/openshift_control_plane/tasks/static.yml b/roles/openshift_control_plane/tasks/static.yml
@@ -62,6 +62,33 @@
       value: "/etc/origin/kubelet-plugins"
   when: openshift_is_atomic | bool
 
+- name: Add audit volume to master static pod (api)
+  yedit:
+    src: "{{ mktemp.stdout }}/apiserver.yaml"
+    append: true
+    key: spec.volumes
+    value:
+      name: audit-logs
+      hostPath:
+        path: "/var/log/origin"
+  when:
+  - openshift.master.audit_config is defined
+  - openshift.master.audit_config.auditFilePath is defined
+  - '"/var/log/origin" in openshift.master.audit_config.auditFilePath'
+
+- name: Add audit volumeMounts to master static pod (api)
+  yedit:
+    src: "{{ mktemp.stdout }}/apiserver.yaml"
+    append: true
+    key: spec.containers[0].volumeMounts
+    value:
+      mountPath: "/var/log/origin"
+      name: audit-logs
+  when:
+  - openshift.master.audit_config is defined
+  - openshift.master.audit_config.auditFilePath is defined
+  - '"/var/log/origin" in openshift.master.audit_config.auditFilePath'
+
 - name: ensure pod location exists
   file:
     path: "{{ openshift_control_plane_static_pod_location }}"