Dockerfile for Barbican

news

Author: PritiDesai
Source: Planet OpenStack

As I started learning barbican, it was a challenge standing up devstack instance with barbican for various reasons, the major being the amount of time it takes to create a VM with running barbican service. Barbican team has done excellent job at keeping the doc up-to-date. The instructions on barbican doc here, can help you create a working instance of the service. After running through these instructions for multiple times, I thought it would be easier to actually dockerize this whole process and create/destroy containers as needed.

Here is an attempt to write a Dockerfile for barbican:


FROM centos:7

RUN yum -y update
RUN rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
RUN yum -y update


# Install dependencies required to build Barbican
RUN yum install -y 
    python-pip 
    python-devel 
    libffi-devel 
    openssl-devel 
    sqlite-devel 
    openldap-devel

# Install dependencies required for PyEnv
RUN yum install -y 
    git 
    curl 
    make 
    gcc 
    gcc-c++ 
    make 
    openssl-devel 
    libxml2 
    libxml2-devel 
    libxslt 
    libxslt-devel 
    zlib-devel 
    bzip2-devel 
    readline-devel 
    patch 
    openssl

# Install dependency for the PyEnv - virtualenvwrapper plugin
RUN pip install virtualenvwrapper

RUN yum install -y 
    python-setuptools 
    python-lxml 
    python-greenlet-devel 
    python-ldap 
    vim 
    jq

WORKDIR /root

RUN git clone https://github.com/openstack/barbican.git

WORKDIR /root/barbican
RUN pip install -r /root/barbican/requirements.txt
RUN python setup.py install
RUN pip install uwsgi
RUN mkdir -p /etc/barbican
RUN mkdir -p /var/lib/barbican
RUN mkdir -p /etc/barbican/vassals
RUN cp etc/barbican/barbican-api-paste.ini /etc/barbican/barbican-api-paste.ini
RUN cp etc/barbican/barbican.conf /etc/barbican/barbican.conf
RUN cp etc/barbican/policy.json /etc/barbican/policy.json
RUN cp etc/barbican/vassals/barbican-api.ini /etc/barbican/vassals/barbican-api.ini

WORKDIR /

RUN easy_install supervisor
RUN /usr/bin/echo_supervisord_conf > /etc/supervisord.conf

RUN mkdir -p /var/log/supervisor

# make supervisor run in foreground
RUN sed -i -e "s/^nodaemon=false/nodaemon=true/" /etc/supervisord.conf

# tell supervisor to include relative .ini files
RUN mkdir /etc/supervisord.d
RUN echo [include] >> /etc/supervisord.conf
RUN echo 'files = /etc/supervisord.d/*.ini' >> /etc/supervisord.conf

# add barbican-svc program to supervisord config
RUN echo [program:barbican-svc] >> /etc/supervisord.d/barbican-svc.ini
RUN echo 'command=uwsgi --master --emperor /etc/barbican/vassals' >> /etc/supervisord.d/barbican-svc.ini
RUN echo  >> /etc/supervisord.d/barbican-svc.ini

# add barbican-retry program to supervisord config
RUN echo [program:barbican-retry] >> /etc/supervisord.d/barbican-retry.ini
RUN echo 'command=/usr/bin/barbican-retry --config-file=/etc/barbican/barbican-api.conf' >> /etc/supervisord.d/barbican-retry.ini
RUN echo  >> /etc/supervisord.d/barbican-retry.ini

EXPOSE 9311

# default command
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]

Create a file named “Dockerfile” with the content above, cd into the directory where Dockerfile is, and build an image using that Dockerfile:

docker build -t centos/barbican .

Now, create a container with this barbican image:

docker run -d --name Barbican001 centos/barbican

This Dockerfile creates a barbican instance without any authentication platform. Please stay tuned for a comprehensive (more complex) dockefile with barbican and keystone.

Good luck experimenting with Docker !!!

The post Dockerfile for Barbican appeared first on IBM OpenTech.

Powered by WPeMatico