What is the correct way to generate /etc/audit/audit.rules on Centos7?

The utility augenrules builds /etc/audit/audit.rules from the *.rules files found in the directory /etc/audit/rules.d.

This utility is called from the auditd service (or you could call it by hand followed by loading the rules files as you discovered - but restarting the service is simpler).

I can't remember the reason why the auditd system cannot use systemd natively. Check the [email protected] mailing list archives.