Merge pull request #4383 from ahardin-rh/openshift_master_audit_config

Bug 1447773, Added openshift_master_audit_config information

install_config/master_node_configuration.adoc

@@ -705,6 +705,9 @@ AUDIT: id="5c3b8227-4af9-4322-8a71-542231c3887b" ip="127.0.0.1" method="GET" use
 AUDIT: id="5c3b8227-4af9-4322-8a71-542231c3887b" response="200"
 ----
 
+The `openshift_master_audit_config` variable enables API service auditing. It
+takes an array of the following options:
+
 .Audit Configuration Parameters
 [cols="3a,6a",options="header"]
 |===
@@ -718,19 +721,29 @@ AUDIT: id="5c3b8227-4af9-4322-8a71-542231c3887b" response="200"
 |File path where the requests should be logged to. If not set, logs are printed
 to master logs.
 
-|`MaximumFileRetentionDays`
+|`maximumFileRetentionDays`
 |Specifies maximum number of days to retain old audit log files based on the time
 stamp encoded in their filename.
 
-|`MaximumRetainedFiles`
+|`maximumRetainedFiles`
 |Specifies the maximum number of old audit log files to retain.
 
-|`MaximumFileSizeMegabytes`
+|`maximumFileSizeMegabytes`
 |Specifies maximum size in megabytes of the log file before it gets rotated.
 Defaults to 100MB.
-
 |===
 
+
+.Example Audit Configuration
+----
+auditConfig:
+  auditFilePath: "/var/log/audit-ocp.log"
+  enabled: true
+  maximumFileRetentionDays: 10
+  maximumFileSizeMegabytes: 10
+  maximumRetainedFiles: 10
+----
+
 [[node-configuration-files]]
 
 == Node Configuration Files
@@ -969,15 +982,15 @@ related files in the specified directory:
 
 [options="nowrap"]
 ----
-$ oadm create-node-config \ 
+$ oadm create-node-config \
     --node-dir=/openshift.local.config/node-<node_hostname> \
     --node=<node_hostname> \
     --hostnames=<node_hostname>,<ip_address> \
     --certificate-authority="/path/to/ca.crt" \
     --signer-cert="/path/to/ca.crt" \
-    --signer-key="/path/to/ca.key" 
+    --signer-key="/path/to/ca.key"
     --signer-serial="/path/to/ca.serial.txt"
-    --node-client-certificate-authority="/path/to/ca.crt" 
+    --node-client-certificate-authority="/path/to/ca.crt"
 ----
 
 When creating node configuration files, the `--hostnames` option accepts a
@@ -1027,15 +1040,15 @@ $ openshift start node --config=/openshift.local.config/node-<node_hostname>/nod
 
 |0|Errors and warnings only
 |2|Normal information
-|4|Debugging-level information 
+|4|Debugging-level information
 |6|API-level debugging information (request / response)
 |8|Body-level API debugging information
 |===
 
 You can control which INFO messages are logged by setting the loglevel option in the in *_/etc/sysconfig/atomic-openshift-node_* or *_/etc/sysconfig/atomic-openshift-master_* file. Configuring the logs to collect all messages can lead to large logs that are difficult to interpret and can take up excessive space. Collecting all messages should only be used in debug situations.
 
 [NOTE]
-====	
+====
 Messages with FATAL, ERROR, WARNING and some INFO severities appear in the logs regardless of the log configuration.
 ====
 
@@ -1044,7 +1057,7 @@ You can view logs for the master or the node system using the following command:
 ----
 # journalctl -r -u <journal_name>
 ----
-	
+
 Use the `-r` option to show the newest entries first.
 
 For example:
@@ -1159,5 +1172,3 @@ I0222 round_trippers.go:289] Response Status: 200 OK in 7 mi
 I0222 configgetter.go:127]  using watch cache storage (capacity=1000)
 I0222 controller_utils.go:592] Ignoring inactive pod
 ----
-
-