| (window.webpackJsonp=window.webpackJsonp||[]).push([[78],{424:function(e,t,a){"use strict";a.r(t);var n=a(11),r=Object(n.a)({},(function(){var e=this,t=e.$createElement,a=e._self._c||t;return a("ContentSlotsDistributor",{attrs:{"slot-key":e.$parent.slotKey}},[a("h1",{attrs:{id:"teaclave-docker"}},[a("a",{staticClass:"header-anchor",attrs:{href:"#teaclave-docker"}},[e._v("#")]),e._v(" Teaclave Docker")]),e._v(" "),a("p",[e._v("This directory contains the docker infrastructure for build and runtime\nenvironment. Note that you must mount SGX device and ASEM domain socket into the\ncontainer environment to use SGX feature.")]),e._v(" "),a("h2",{attrs:{id:"build"}},[a("a",{staticClass:"header-anchor",attrs:{href:"#build"}},[e._v("#")]),e._v(" Build")]),e._v(" "),a("p",[e._v("The build dockerfile ("),a("code",[e._v("build.*.Dockerfile")]),e._v(") only contains minimal dependencies\nto build and test the project. To use them, you can directly use pre-built\ndocker images from Docker Hub with:")]),e._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[e._v("$ docker run --rm \\\n --device=/dev/isgx \\\n -v/var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \\\n -v`pwd`:/teaclave \\\n -w /teaclave \\\n -it teaclave/teaclave-build-ubuntu-1804-sgx-2.17.1:latest \\\n /bin/bash\n")])])]),a("p",[e._v("or you can also build the image by yourself with "),a("code",[e._v("docker build")]),e._v(":")]),e._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[e._v("$ docker build -t teaclave-build - < build.*.Dockerfile\n")])])]),a("p",[e._v("and run:")]),e._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[e._v("$ docker run --rm \\\n --device=/dev/isgx \\\n -v/var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket \\\n -v`pwd`:/teaclave \\\n -w /teaclave \\\n -it teaclave/teaclave-build \\\n /bin/bash\n")])])]),a("h2",{attrs:{id:"runtime"}},[a("a",{staticClass:"header-anchor",attrs:{href:"#runtime"}},[e._v("#")]),e._v(" Runtime")]),e._v(" "),a("p",[e._v("Teaclave contains many services, we put services, config and related\nresources into one docker image\n("),a("code",[e._v("teaclave-rt.ubuntu-1804.Dockerfile")]),e._v("). To make the deployment\nsimpler, we recommend to use "),a("a",{attrs:{href:"https://docs.docker.com/compose/",target:"_blank",rel:"noopener noreferrer"}},[e._v("docker-compose")]),e._v("\nto manage all services. Since the remote attestation is required for all\nservices, you should setup the attestation service configurations\nbefore start the services. You can use env vars or set them in the\n"),a("code",[e._v("docker-compose-ubuntu-1804.yml")]),e._v(" file.")]),e._v(" "),a("p",[e._v("Here is an example to start all services.")]),e._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[e._v('$ export AS_SPID="00000000000000000000000000000000"\n$ export AS_KEY="00000000000000000000000000000000"\n$ export AS_ALGO="sgx_epid"\n$ export AS_URL="https://api.trustedservices.intel.com:443"\n\n$ ./run-teaclave-services.sh\nStarting teaclave-file-service ... done\nStarting teaclave-authentication-service ... done\nStarting teaclave-access-control-service ... done\nStarting teaclave-scheduler-service ... done\nStarting teaclave-management-service ... done\nStarting teaclave-execution-service ... done\nStarting teaclave-frontend-service ... done\nAttaching to ...\n')])])]),a("p",[e._v("Note that the "),a("code",[e._v("teaclave-file-service")]),e._v(" container is a simple http server for\ndemonstrating our examples. You can disable it and use other cloud file system\nlike S3 instead for registering input/output files.")])])}),[],!1,null,null,null);t.default=r.exports}}]); |