diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 5a28a8962e..b7b461d2e6 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -239,9 +239,10 @@ enable_neutron: "yes" enable_nova: "yes" enable_rabbitmq: "yes" -# Additional optional OpenStack services are specified here +# Additional optional OpenStack features and services are specified here enable_aodh: "no" enable_barbican: "no" +enable_cadf_notifications: "no" enable_ceilometer: "no" enable_central_logging: "no" enable_ceph: "no" diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2 index fa10133695..a9bba9a2a4 100644 --- a/ansible/roles/keystone/templates/keystone.conf.j2 +++ b/ansible/roles/keystone/templates/keystone.conf.j2 @@ -1,5 +1,8 @@ [DEFAULT] debug = {{ keystone_logging_debug }} +{% if enable_cadf_notifications %} +notification_format = cadf +{% endif %} # NOTE(elemoine) log_dir alone does not work for Keystone log_file = /var/log/kolla/keystone/keystone.log @@ -39,3 +42,9 @@ memcache_servers = {{ memcached_servers }} {% else %} memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} {%- endif %} + +{% if enable_cadf_notifications %} +[oslo_messaging_notifications] +driver = messagingv2 +transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} +{% endif %} diff --git a/releasenotes/notes/cadf-notifications-6c102c16090688d5.yaml b/releasenotes/notes/cadf-notifications-6c102c16090688d5.yaml new file mode 100644 index 0000000000..cf807edd7b --- /dev/null +++ b/releasenotes/notes/cadf-notifications-6c102c16090688d5.yaml @@ -0,0 +1,6 @@ +--- +features: + - Add support for CADF event notifications. This standard provides + auditing capabilities for compliance with security, operational, + and business processes and supports normalized and categorized + event data for federation and aggregation.