As I started learning barbican, it was a challenge standing up devstack instance with barbican for various reasons, the major being the amount of time it takes to create a VM with running barbican service. Barbican team has done excellent job at keeping the doc up-to-date. The instructions on barbican doc here, can help you create a working instance of the service. After running through these instructions for multiple times, I thought it would be easier to actually dockerize this whole process and create/destroy containers as needed.

Here is an attempt to write a Dockerfile for barbican:


FROM centos:7

RUN yum -y update
RUN rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
RUN yum -y update


# Install dependencies required to build Barbican
RUN yum install -y \
    python-pip \
    python-devel \
    libffi-devel \
    openssl-devel \
    sqlite-devel \
    openldap-devel

# Install dependencies required for PyEnv
RUN yum install -y \
    git \
    curl \
    make \
    gcc \
    gcc-c++ \
    make \
    openssl-devel \
    libxml2 \
    libxml2-devel \
    libxslt \
    libxslt-devel \
    zlib-devel \
    bzip2-devel \
    readline-devel \
    patch \
    openssl

# Install dependency for the PyEnv - virtualenvwrapper plugin
RUN pip install virtualenvwrapper

RUN yum install -y \
    python-setuptools \
    python-lxml \
    python-greenlet-devel \
    python-ldap \
    vim \
    jq

WORKDIR /root

RUN git clone https://github.com/openstack/barbican.git

WORKDIR /root/barbican
RUN pip install -r /root/barbican/requirements.txt
RUN python setup.py install
RUN pip install uwsgi
RUN mkdir -p /etc/barbican
RUN mkdir -p /var/lib/barbican
RUN mkdir -p /etc/barbican/vassals
RUN cp etc/barbican/barbican-api-paste.ini /etc/barbican/barbican-api-paste.ini
RUN cp etc/barbican/barbican.conf /etc/barbican/barbican.conf
RUN cp etc/barbican/policy.json /etc/barbican/policy.json
RUN cp etc/barbican/vassals/barbican-api.ini /etc/barbican/vassals/barbican-api.ini

WORKDIR /

RUN easy_install supervisor
RUN /usr/bin/echo_supervisord_conf > /etc/supervisord.conf

RUN mkdir -p /var/log/supervisor

# make supervisor run in foreground
RUN sed -i -e "s/^nodaemon=false/nodaemon=true/" /etc/supervisord.conf

# tell supervisor to include relative .ini files
RUN mkdir /etc/supervisord.d
RUN echo [include] >> /etc/supervisord.conf
RUN echo 'files = /etc/supervisord.d/*.ini' >> /etc/supervisord.conf

# add barbican-svc program to supervisord config
RUN echo [program:barbican-svc] >> /etc/supervisord.d/barbican-svc.ini
RUN echo 'command=uwsgi --master --emperor /etc/barbican/vassals' >> /etc/supervisord.d/barbican-svc.ini
RUN echo  >> /etc/supervisord.d/barbican-svc.ini

# add barbican-retry program to supervisord config
RUN echo [program:barbican-retry] >> /etc/supervisord.d/barbican-retry.ini
RUN echo 'command=/usr/bin/barbican-retry --config-file=/etc/barbican/barbican-api.conf' >> /etc/supervisord.d/barbican-retry.ini
RUN echo  >> /etc/supervisord.d/barbican-retry.ini

EXPOSE 9311

# default command
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]

Create a file named “Dockerfile” with the content above, cd into the directory where Dockerfile is, and build an image using that Dockerfile:

docker build -t centos/barbican .

Now, create a container with this barbican image:

docker run -d --name Barbican001 centos/barbican

This Dockerfile creates a barbican instance without any authentication platform. Please stay tuned for a comprehensive (more complex) dockefile with barbican and keystone.

Good luck experimenting with Docker !!!

2 comments on"Dockerfile for Barbican"

  1. Eduardo Patrocinio March 31, 2016

    Very nice work. I created a Dockerfile at the following URL:

    https://github.com/patrocinio/barbican-docker

Join The Discussion

Your email address will not be published. Required fields are marked *