To enable notification in the CADF format for other OpenStack services,
define the audit filter in the api-paste.ini configuration
file of an OpenStack service and include the audit filter into WSGI
pipeline.
For example, to enable CADF notifications in the Compute service, follow the steps below:
Add the definition of the audit filter to /etc/nova/api-paste.ini:
[filter:audit]
paste.filter_factory = keystonemiddleware.audit:filter_factory
audit_map_file = /etc/nova/api_audit_map.conf
Download api_audit_map.conf for Nova from the PyCADF repository:
cd /etc/nova/
wget https://raw.githubusercontent.com/openstack/pycadf/master/etc/pycadf/nova_api_audit_map.conf -O api_audit_map.conf
Add the audit filter into the Compute WSGI pipeline. For example:
[composite:openstack_compute_api_v21]
use = call:nova.api.auth:pipeline_factory_v21
noauth2 = cors compute_req_id faultwrap sizelimit noauth2 osapi_compute_app_v21
keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext audit osapi_compute_app_v21
(Optional) Specify the service name and requests to be ignored by the filter:
[filter:audit]
service_name = test # opt to set HTTP_X_SERVICE_NAME environ variable
ignore_req_list = GET,POST # opt to ignore specific requests
Add the notification condition into the default section of nova.conf:
[DEFAULT]
notify_on_state_change=vm_and_task_state
Set a notification driver in nova.conf by specifying one of the
possible values: messaging, messagingv2, routing,
log, test, noop for the driver option in the
oslo_messaging_notifications section:
[oslo_messaging_notifications]
driver = messagingv2
Note
You can specify multiple notification drivers, for example,
messagingv2 and log to send a notification to both:
RabbitMQ and a local service log.
(Optional) Set an AMQP topic and custom transport URL. For example:
Note
By default, notifications are sent to the notifications.info queue in RabbitMQ.
You do not need to specify transport_url and topics in this case.
[oslo_messaging_notifications]
transport_url = rabbit://{{ rabbitmq.user }}:{{ rabbitmq.password }}@{{ address('rabbitmq', rabbitmq.port) }}
topics = nova_notifications
Restart the Compute WSGI server:
service nova-api restart
Verify if the Compute service sends notifications in the CADF format.
If the notification driver is set to log, examine
/var/log/nova/nova-api.log.
If the notification driver is set to messaging or messagingv2,
see the RabbitMQ messages in the notifications.info queue set by
default or in the queue with the name specified in the topic
option.
Use Ceilometer CLI to show the event of certain type:
ceilometer event-list --query event_type=<EVENT_TYPE>
Example of a JSON-formatted CADF notification:
{
"_context_auth_token": "gAAAAABYifp1XvXY0S8yD8yav7hmqWRmFgy4gUwx1ryyEKxrrD7mIGpTOIItG71sOlhbUM9yzhDDSGe4ZBBQk554SU0qrhvINdAP1Jv6hEBwf1J27VWLIWLU5FVnBN1lv0vL26z2Vt3LKac_oYbvwpFByP_4lveza-cHk9fr2fnN0FPFvgPumiqqC0tyQG_ylYtdhSW5aepN",
"_context_domain": null,
"_context_instance_lock_checked": false,
"_context_is_admin": true,
"_context_project_domain": null,
"_context_project_id": "298ace13a3bf4674a8af28286569f2d7",
"_context_project_name": "admin",
"_context_quota_class": null,
"_context_read_deleted": "no",
"_context_read_only": false,
"_context_remote_address": "192.168.0.2",
"_context_request_id": "req-f6b96abc-89ed-4a5c-afec-eacc05070568",
"_context_resource_uuid": null,
"_context_roles": [
"admin"
],
"_context_service_catalog": [
{
"endpoints": [
{
"adminURL": "http://192.168.0.2:8776/v2/298ace13a3bf4674a8af28286569f2d7",
"internalURL": "http://192.168.0.2:8776/v2/298ace13a3bf4674a8af28286569f2d7",
"publicURL": "https://public.fuel.local:8776/v2/298ace13a3bf4674a8af28286569f2d7",
"region": "RegionOne"
}
],
"name": "cinderv2",
"type": "volumev2"
},
{
"endpoints": [
{
"adminURL": "http://192.168.0.2:8776/v1/298ace13a3bf4674a8af28286569f2d7",
"internalURL": "http://192.168.0.2:8776/v1/298ace13a3bf4674a8af28286569f2d7",
"publicURL": "https://public.fuel.local:8776/v1/298ace13a3bf4674a8af28286569f2d7",
"region": "RegionOne"
}
],
"name": "cinder",
"type": "volume"
}
],
"_context_show_deleted": false,
"_context_tenant": "298ace13a3bf4674a8af28286569f2d7",
"_context_timestamp": "2017-01-26T14:11:10.768205",
"_context_user": "42ca947ab83c4b86b843fccd36826a21",
"_context_user_domain": null,
"_context_user_id": "42ca947ab83c4b86b843fccd36826a21",
"_context_user_identity": "42ca947ab83c4b86b843fccd36826a21
298ace13a3bf4674a8af28286569f2d7 - - -",
"_context_user_name": "admin",
"_unique_id": "8d688a79bf7b418380d2ad7b8f133b89",
"event_type": "compute.instance.update",
"message_id": "805ad852-1807-469b-a06e-b428b6916e87",
"payload": {
"access_ip_v4": null,
"access_ip_v6": null,
"architecture": null,
"audit_period_beginning": "2017-01-01T00:00:00.000000",
"audit_period_ending": "2017-01-26T14:11:11.078799",
"availability_zone": "nova",
"bandwidth": {},
"cell_name": "",
"created_at": "2017-01-26 13:26:53+00:00",
"deleted_at": "",
"disk_gb": 0,
"display_name": "111",
"ephemeral_gb": 0,
"host": "node-7.domain.tld",
"hostname": "111",
"image_meta": {
"base_image_ref": "22cf0b00-c01a-4158-b5f6-d5ee67f9db0f",
"container_format": "bare",
"disk_format": "qcow2",
"min_disk": "0",
"min_ram": "64"
},
"image_ref_url": "http://172.16.0.6:9292/images/22cf0b00-c01a-4158-b5f6-d5ee67f9db0f",
"instance_flavor_id": "f786e6cf-3af9-4169-a95f-1478cfedcc8d",
"instance_id": "40ab92ca-1c69-445e-b592-fe0b46d0ad9d",
"instance_type": "m1.micro",
"instance_type_id": 16,
"kernel_id": "",
"launched_at": "2017-01-26T13:30:40.000000",
"memory_mb": 64,
"metadata": {},
"new_task_state": "deleting",
"node": "node-7.domain.tld",
"old_state": "active",
"old_task_state": "deleting",
"os_type": null,
"progress": "",
"ramdisk_id": "",
"reservation_id": "r-f9fg0oxe",
"root_gb": 0,
"state": "active",
"state_description": "deleting",
"tenant_id": "298ace13a3bf4674a8af28286569f2d7",
"terminated_at": "",
"user_id": "42ca947ab83c4b86b843fccd36826a21",
"vcpus": 1
},
"priority": "INFO",
"publisher_id": "compute.node-6.domain.tld",
"timestamp": "2017-01-26 14:11:11.106855"
}