4 files changed, 10 insertions, 0 deletions

diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index 3ac70a035..d22b976e5 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -436,6 +436,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 #openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"}
 #openshift_node_env_vars={"ENABLE_HTTP2": "true"}
 
+# Enable API service auditing, available as of 1.3
+#openshift_master_audit_config={"basicAuditEnabled": true}
+
 # host group for masters
 [masters]
 ose3-master[1:3]-ansible.test.example.com
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index 4c0737cb7..47c7eebfc 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -430,6 +430,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 #openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"}
 #openshift_node_env_vars={"ENABLE_HTTP2": "true"}
 
+# Enable API service auditing, available as of 3.2
+#openshift_master_audit_config={"basicAuditEnabled": true}
+
 # host group for masters
 [masters]
 ose3-master[1:3]-ansible.test.example.com
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index 17a10ae71..b18a42e32 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -39,6 +39,9 @@ assetConfig:
     maxRequestsInFlight: 0
     requestTimeoutSeconds: 0
 {% if openshift_master_ha | bool %}
+{% if openshift.master.audit_config | default(none) is not none and openshift.common.version_gte_3_2_or_1_2 | bool %}
+auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }}
+{% endif %}
 controllerLeaseTTL: {{ openshift.master.controller_lease_ttl | default('30') }}
 {% endif %}
 controllers: '*'
diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml
index 3aba774e5..17c31ec05 100644
--- a/roles/openshift_master_facts/tasks/main.yml
+++ b/roles/openshift_master_facts/tasks/main.yml
@@ -79,3 +79,4 @@
       max_requests_inflight: "{{ openshift_master_max_requests_inflight | default(None) }}"
       api_env_vars: "{{ openshift_master_api_env_vars | default(None) }}"
       controllers_env_vars: "{{ openshift_master_controllers_env_vars | default(None) }}"
+      audit_config: "{{ openshift_master_audit_config | default(None) }}"