How to run Enclave inside a Docker container

Enclave Documentation

How to run Enclave inside a Docker container

Note: This guide was written for Docker Community Edition 19.03.5.

Install Docker

To follow this guide, you will need to have Docker already installed on your local system. This guide is based on running Docker (version 19.03.5) on a fresh installation of Ubuntu 18.04 LTS.

$ sudo apt update
$ sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
$ curl -fsSL | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] bionic stable"
$ sudo apt update
$ sudo apt install docker-ce -y

Download and build the Docker image

Obtain the latest docker file URL from the Portal, and with the Dockerfile downloaded, build the Docker image.

$ sudo docker build --no-cache -t enclave .

Run the container interactively

Run the container interactively to license and start Enclave. Passing --privileged and --net=host arguments allows docker to present the tap0 interface created by Enclave inside the container out to the host operating system, without installing Enclave onto the host.

$ sudo docker run -it --privileged --net=host enclave

From within the container, license Enclave using a valid key provisioned in the Portal.

# enclave license 00000-00000-00000-00000-00000

Next, start Enclave running as a background process, detached from the terminal and shielded from the HUP signal that warns dependent processes of logout by using nohup to run Enclave. This backgrounds Enclave and allows us to continue using the terminal.

# nohup enclave start &

Now Enclave is running in the background, detached from the terminal you can check the status of Enclave, and add peers as necessary.

# enclave status
# enclave add ABC -d "another host running enclave"

Tip: To detach Docker from the tty of an interactive container without exiting the shell, use the escape sequence Ctrl-p + Ctrl-q. This will switch a container running in interactive mode into daemon mode and release the terminal back to the host operating system.

While this container is running, your host operating system will be able to communicate with connected peers. Use this container to administer the Enclave network.

Use tap0 on the host operating system

Using ifconfig check to see if the tap0 interface is present on the host adapter, any applications on the host operating system will transparently be able to communicate with partners on the Enclave network. Use docker ps and docker attach to reconnect to the Enclave container and administer the network as required.

$ ifconfig

tap0: flags=67<UP,BROADCAST,RUNNING>  mtu 2800
        inet  netmask  broadcast
        inet6 fe80::605f:16ff:fe90:20a8  prefixlen 64  scopeid 0x20<link>
        ether 62:5f:16:90:20:a8  txqueuelen 1000  (Ethernet)
        RX packets 98  bytes 17732 (17.7 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 18  bytes 1412 (1.4 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0