From bd53ea8112dbeab5a579bf204b235f52c05203c7 Mon Sep 17 00:00:00 2001
From: Josef Karasek <jkarasek@redhat.com>
Date: Tue, 3 Oct 2017 14:17:18 +0200
Subject: Add switch to enable/disable container engine's audit log being
 stored in ES.

If enabled, tho logs are stored in ES' operations index, accesible only by cluster admins.
---
 roles/openshift_logging_fluentd/tasks/main.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'roles/openshift_logging_fluentd/tasks/main.yaml')

diff --git a/roles/openshift_logging_fluentd/tasks/main.yaml b/roles/openshift_logging_fluentd/tasks/main.yaml
index 37960afd1..06bb35dbc 100644
--- a/roles/openshift_logging_fluentd/tasks/main.yaml
+++ b/roles/openshift_logging_fluentd/tasks/main.yaml
@@ -108,7 +108,6 @@
     src: secure-forward.conf
     dest: "{{ tempdir }}/secure-forward.conf"
   when: fluentd_secureforward_contents is undefined
-
   changed_when: no
 
 - copy:
@@ -173,6 +172,9 @@
     ops_port: "{{ openshift_logging_fluentd_ops_port }}"
     fluentd_nodeselector_key: "{{ openshift_logging_fluentd_nodeselector.keys()[0] }}"
     fluentd_nodeselector_value: "{{ openshift_logging_fluentd_nodeselector.values()[0] }}"
+    audit_container_engine: "{{ openshift_logging_fluentd_audit_container_engine | default(False) | bool }}"
+    audit_log_file: "{{ openshift_logging_fluentd_audit_file | default() }}"
+    audit_pos_log_file: "{{ openshift_logging_fluentd_audit_pos_file | default() }}"
   check_mode: no
   changed_when: no
 
-- 
cgit v1.2.1