heat_template_version: rocky

description: >
  OpenStack containerized Keystone service

parameters:
  ContainerKeystoneImage:
    description: image
    type: string

outputs:
  config_settings:
    description: Extra hieradata needed to log to files in the host.
    value: null
  volumes:
    description: The volumes needed to log to files in the host.
    value: &keystone_volumes
      - /var/log/containers/keystone:/var/log/keystone:z
      - /var/log/containers/httpd/keystone:/var/log/httpd:z
  docker_config:
    description: Extra containers needed for logging to files in the host.
    value:
      step_2:
        keystone_init_log:
          start_order: 1
          image: {get_param: ContainerKeystoneImage}
          net: none
          user: root
          command: ['/bin/bash', '-c', 'chown -R keystone:keystone /var/log/keystone']
          volumes: *keystone_volumes
  environment:
    description: Extra environment variables needed for the service to log to files.
    value: null
  host_prep_tasks:
    description: Extra ansible tasks needed for logging to files in the host.
    value:
      - name: create persistent directories
        file:
          path: "{{ item.path }}"
          state: directory
          setype: "{{ item.setype }}"
        with_items:
          - { 'path': /var/log/containers/keystone, 'setype': svirt_sandbox_file_t }
          - { 'path': /var/log/containers/httpd/keystone, 'setype': svirt_sandbox_file_t }
          - { 'path': /var/log/keystone, 'setype': var_log_t }
      - name: keystone logs readme
        copy:
          dest: /var/log/keystone/readme.txt
          content: |
            Log files from keystone containers can be found under
            /var/log/containers/keystone and /var/log/containers/httpd/keystone.
        ignore_errors: true