Author: PritiDesai
Source: Planet OpenStack
As I started learning barbican, it was a challenge standing up devstack instance with barbican for various reasons, the major being the amount of time it takes to create a VM with running barbican service. Barbican team has done excellent job at keeping the doc up-to-date. The instructions on barbican doc here, can help you create a working instance of the service. After running through these instructions for multiple times, I thought it would be easier to actually dockerize this whole process and create/destroy containers as needed.
Here is an attempt to write a Dockerfile for barbican:
FROM centos:7
RUN yum -y update
RUN rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
RUN yum -y update
# Install dependencies required to build Barbican
RUN yum install -y
python-pip
python-devel
libffi-devel
openssl-devel
sqlite-devel
openldap-devel
# Install dependencies required for PyEnv
RUN yum install -y
git
curl
make
gcc
gcc-c++
make
openssl-devel
libxml2
libxml2-devel
libxslt
libxslt-devel
zlib-devel
bzip2-devel
readline-devel
patch
openssl
# Install dependency for the PyEnv - virtualenvwrapper plugin
RUN pip install virtualenvwrapper
RUN yum install -y
python-setuptools
python-lxml
python-greenlet-devel
python-ldap
vim
jq
WORKDIR /root
RUN git clone https://github.com/openstack/barbican.git
WORKDIR /root/barbican
RUN pip install -r /root/barbican/requirements.txt
RUN python setup.py install
RUN pip install uwsgi
RUN mkdir -p /etc/barbican
RUN mkdir -p /var/lib/barbican
RUN mkdir -p /etc/barbican/vassals
RUN cp etc/barbican/barbican-api-paste.ini /etc/barbican/barbican-api-paste.ini
RUN cp etc/barbican/barbican.conf /etc/barbican/barbican.conf
RUN cp etc/barbican/policy.json /etc/barbican/policy.json
RUN cp etc/barbican/vassals/barbican-api.ini /etc/barbican/vassals/barbican-api.ini
WORKDIR /
RUN easy_install supervisor
RUN /usr/bin/echo_supervisord_conf > /etc/supervisord.conf
RUN mkdir -p /var/log/supervisor
# make supervisor run in foreground
RUN sed -i -e "s/^nodaemon=false/nodaemon=true/" /etc/supervisord.conf
# tell supervisor to include relative .ini files
RUN mkdir /etc/supervisord.d
RUN echo [include] >> /etc/supervisord.conf
RUN echo 'files = /etc/supervisord.d/*.ini' >> /etc/supervisord.conf
# add barbican-svc program to supervisord config
RUN echo [program:barbican-svc] >> /etc/supervisord.d/barbican-svc.ini
RUN echo 'command=uwsgi --master --emperor /etc/barbican/vassals' >> /etc/supervisord.d/barbican-svc.ini
RUN echo >> /etc/supervisord.d/barbican-svc.ini
# add barbican-retry program to supervisord config
RUN echo [program:barbican-retry] >> /etc/supervisord.d/barbican-retry.ini
RUN echo 'command=/usr/bin/barbican-retry --config-file=/etc/barbican/barbican-api.conf' >> /etc/supervisord.d/barbican-retry.ini
RUN echo >> /etc/supervisord.d/barbican-retry.ini
EXPOSE 9311
# default command
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
Create a file named “Dockerfile” with the content above, cd into the directory where Dockerfile is, and build an image using that Dockerfile:
docker build -t centos/barbican .
Now, create a container with this barbican image:
docker run -d --name Barbican001 centos/barbican
This Dockerfile creates a barbican instance without any authentication platform. Please stay tuned for a comprehensive (more complex) dockefile with barbican and keystone.
Good luck experimenting with Docker !!!
The post Dockerfile for Barbican appeared first on IBM OpenTech.
Powered by WPeMatico