Fix openstack CADF audit maps and installation

This patch fixes missing pycadf's audit maps
for services and change the way how pycadf
is installed.

Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/905858

Closes-Bug: #2047941
Change-Id: I9b43d1a9990ad8aa7381ea81b0f2d692967be949

docker/ceilometer/ceilometer-base/Dockerfile.j2

@@ -29,6 +29,7 @@ RUN ln -s ceilometer-base-source/* ceilometer \
     && {{ macros.install_pip(ceilometer_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/ceilometer \
     && cp -r /ceilometer/etc/ceilometer/* /etc/ceilometer/ \
+    && cp /etc/pycadf/ceilometer_api_audit_map.conf /etc/ceilometer/ \
     && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ceilometer/rootwrap.conf \
     && if [ "$(ls /plugins)" ]; then \
         {{ macros.install_pip(ceilometer_base_plugins_pip_packages) }}; \

docker/cinder/cinder-base/Dockerfile.j2

@@ -44,6 +44,7 @@ RUN ln -s cinder-base-source/* cinder \
     && {{ macros.install_pip(cinder_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/cinder \
     && cp -r /cinder/etc/cinder/* /etc/cinder/ \
+    && cp /etc/pycadf/cinder_api_audit_map.conf /etc/cinder/ \
     && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/cinder/rootwrap.conf \
     && chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/kolla_cinder_sudoers \

docker/glance/glance-base/Dockerfile.j2

@@ -41,6 +41,7 @@ RUN ln -s glance-base-source/* glance \
     && {{ macros.install_pip(glance_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/glance \
     && cp -r /glance/etc/* /etc/glance/ \
+    && cp /etc/pycadf/glance_api_audit_map.conf /etc/glance/ \
     && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/glance/rootwrap.conf \
     && chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/kolla_glance_sudoers \

docker/gnocchi/gnocchi-base/Dockerfile.j2

@@ -44,6 +44,7 @@ COPY gnocchi_sudoers /etc/sudoers.d/kolla_gnocchi_sudoers
 RUN ln -s gnocchi-base-source/* gnocchi \
     && {{ macros.install_pip(gnocchi_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/gnocchi \
+    && cp /etc/pycadf/gnocchi_api_audit_map.conf /etc/gnocchi/ \
     && chmod 750 /etc/sudoers.d \
     && chmod 640 /etc/sudoers.d/kolla_gnocchi_sudoers \
     && touch /usr/local/bin/kolla_gnocchi_extend_start \

docker/heat/heat-base/Dockerfile.j2

@@ -27,6 +27,7 @@ RUN ln -s heat-base-source/* heat \
     && {{ macros.install_pip(heat_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/heat \
     && cp -r /heat/etc/heat/* /etc/heat/ \
+    && cp /etc/pycadf/heat_api_audit_map.conf /etc/heat/ \
     && touch /usr/local/bin/kolla_heat_extend_start \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_heat_extend_start
 

docker/ironic/ironic-base/Dockerfile.j2

@@ -22,6 +22,7 @@ RUN ln -s ironic-base-source/* ironic \
     && {{ macros.install_pip(ironic_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/ironic \
     && cp -r /var/lib/kolla/venv/etc/ironic/* /etc/ironic/ \
+    && cp /etc/pycadf/ironic_api_audit_map.conf /etc/ironic/ \
     && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic/rootwrap.conf \
     && chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/kolla_ironic_sudoers \

docker/neutron/neutron-base/Dockerfile.j2

@@ -74,6 +74,7 @@ RUN ln -s neutron-base-source/* neutron \
     && mkdir -p /etc/neutron \
     && cp -r /neutron/etc/* /etc/neutron/ \
     && cp -r /neutron/etc/neutron/* /etc/neutron/ \
+    && cp /etc/pycadf/neutron_api_audit_map.conf /etc/neutron/ \
     && mv /etc/neutron/neutron/ /etc/neutron/plugins/ \
     && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/neutron/rootwrap.conf \
     && if [ "$(ls /plugins)" ]; then \

docker/nova/nova-base/Dockerfile.j2

@@ -70,6 +70,7 @@ RUN ln -s nova-base-source/* nova \
     && {{ macros.install_pip(nova_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/nova/ \
     && cp -r /nova/etc/nova/* /etc/nova/ \
+    && cp /etc/pycadf/nova_api_audit_map.conf /etc/nova/ \
     && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/nova/rootwrap.conf \
     && if [ "$(ls /plugins)" ]; then \
         {{ macros.install_pip(nova_base_plugins_pip_packages) }}; \

docker/octavia/octavia-base/Dockerfile.j2

@@ -28,6 +28,7 @@ RUN ln -s /octavia-base-source/* octavia \
     && {{ macros.install_pip(octavia_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/octavia \
     && cp -r /octavia/etc/* /etc/octavia/ \
+    && cp /octavia/etc/audit/octavia_api_audit_map.conf.sample /etc/octavia/octavia_api_audit_map.conf \
     && touch /usr/local/bin/kolla_octavia_extend_start \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_octavia_extend_start
 

docker/openstack-base/Dockerfile.j2

@@ -135,7 +135,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
         'pika',
         'prettytable',
         'psutil',
-        'pycadf',
+        '/pycadf',
         'pyinotify',
         'pymysql',
         'pyngus',
@@ -185,7 +185,14 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 %}
 
 ADD openstack-base-archive /openstack-base-source
-RUN ln -s openstack-base-source/* /requirements \
+ADD plugins-archive /openstack-base-source
+
+RUN ln -s openstack-base-source/plugins/* /pycadf \
+    && mkdir -p /etc/pycadf \
+    && cp /pycadf/etc/pycadf/* /etc/pycadf/
+
+RUN ln -s openstack-base-source/*requirements* /requirements \
+
 {# NOTE(mnasiadka): Remove ovs from upper-constraints.txt because python3-openvswitch
                     is usually newer than UC entry and older version would get installed
                     in venv (see https://launchpad.net/bugs/1961874).

docker/swift/swift-base/Dockerfile.j2

@@ -36,6 +36,7 @@ RUN ln -s swift-base-source/* swift \
     && {{ macros.install_pip(swift_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/swift /var/cache/swift /var/lock/swift \
     && cp -r /swift/etc/* /etc/swift/ \
+    && cp /etc/pycadf/swift_api_audit_map.conf /etc/swift/ \
     && chown -R swift: /var/cache/swift /var/lock/swift \
     && chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/kolla_swift_sudoers \

docker/trove/trove-base/Dockerfile.j2

@@ -21,6 +21,7 @@ RUN ln -s trove-base-source/* trove \
     && {{ macros.install_pip(trove_base_pip_packages | customizable("pip_packages")) }} \
     && mkdir -p /etc/trove \
     && cp -r /trove/etc/trove/* /etc/trove/ \
+    && cp /etc/pycadf/trove_api_audit_map.conf /etc/trove/ \
     && touch /usr/local/bin/kolla_trove_extend_start \
     && chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_trove_extend_start
 

kolla/common/sources.py

@@ -15,6 +15,10 @@ SOURCES = {
         'type': 'url',
         'location': ('$tarballs_base/openstack/requirements/'
                      'requirements-${openstack_branch}.tar.gz')},
+    'openstack-base-plugin-pycadf': {
+        'type': 'url',
+        'location': ('$tarballs_base/openstack/pycadf/'
+                     'pycadf-3.1.1.tar.gz')},
     'aodh-base': {
         'type': 'url',
         'location': ('$tarballs_base/openstack/aodh/'

releasenotes/notes/bug-2047941-895a319fd706d2b4.yaml

@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes missing pycadf's audit map config
+    files `LP#2047941 <https://launchpad.net/bugs/2047941>`__.