From 8f6bd4e73539e89ef556a1a8f1f33936ec24f3a4 Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Fri, 29 Jul 2016 20:23:13 +0200 Subject: [PATCH] Enable CADF events in Keystone and introduce enable_cadf_notifications Change-Id: I0a40867ae65011fbfd53308b9d7f42d10435f5fa Closes-bug: #1607905 --- ansible/group_vars/all.yml | 3 ++- ansible/roles/keystone/templates/keystone.conf.j2 | 9 +++++++++ .../notes/cadf-notifications-6c102c16090688d5.yaml | 6 ++++++ 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/cadf-notifications-6c102c16090688d5.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 5a28a8962e..b7b461d2e6 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -239,9 +239,10 @@ enable_neutron: "yes" enable_nova: "yes" enable_rabbitmq: "yes" -# Additional optional OpenStack services are specified here +# Additional optional OpenStack features and services are specified here enable_aodh: "no" enable_barbican: "no" +enable_cadf_notifications: "no" enable_ceilometer: "no" enable_central_logging: "no" enable_ceph: "no" diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2 index fa10133695..a9bba9a2a4 100644 --- a/ansible/roles/keystone/templates/keystone.conf.j2 +++ b/ansible/roles/keystone/templates/keystone.conf.j2 @@ -1,5 +1,8 @@ [DEFAULT] debug = {{ keystone_logging_debug }} +{% if enable_cadf_notifications %} +notification_format = cadf +{% endif %} # NOTE(elemoine) log_dir alone does not work for Keystone log_file = /var/log/kolla/keystone/keystone.log @@ -39,3 +42,9 @@ memcache_servers = {{ memcached_servers }} {% else %} memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} {%- endif %} + +{% if enable_cadf_notifications %} +[oslo_messaging_notifications] +driver = messagingv2 +transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} +{% endif %} diff --git a/releasenotes/notes/cadf-notifications-6c102c16090688d5.yaml b/releasenotes/notes/cadf-notifications-6c102c16090688d5.yaml new file mode 100644 index 0000000000..cf807edd7b --- /dev/null +++ b/releasenotes/notes/cadf-notifications-6c102c16090688d5.yaml @@ -0,0 +1,6 @@ +--- +features: + - Add support for CADF event notifications. This standard provides + auditing capabilities for compliance with security, operational, + and business processes and supports normalized and categorized + event data for federation and aggregation.