Create a Dockerfile

Makefile

@@ -24,7 +24,8 @@ prefix ?= sample
 bindir := $(prefix)/bin
 libdir := $(prefix)/lib
 
-.PHONY: all build install uninstall clean check test lint generate
+.PHONY: all build install uninstall clean check test lint generate  \
+        docker docker-clean
 
 all: build check
 test: check
@@ -41,6 +42,8 @@ help:
 	@echo '  all (default)    - Build and test all'
 	@echo '  build            - Build all'
 	@echo '  install          - Build and install artifacts'
+	@echo '  docker           - Build a Docker image'
+	@echo '  docker-clean     - Remove a Docker image'
 	@echo '  uninstall        - Uninstall artifacts'
 	@echo '  clean            - Remove all build artifacts'
 	@echo '  check|test       - Run all tests'
@@ -61,6 +64,12 @@ install: build
 	$(INSTALL_DATA) -D usig/sgx/shim/libusig_shim.so $(libdir)/libusig_shim.so
 	$(INSTALL_DATA) -D usig/sgx/enclave/libusig.signed.so $(libdir)/libusig.signed.so
 
+docker:
+	docker build -f sample/docker/Dockerfile -t minbft .
+
+docker-clean:
+	docker rmi -f minbft
+
 uninstall:
 	rm -f $(bindir)/keytool
 	rm -f $(bindir)/peer

README.md

@@ -8,6 +8,12 @@
   * [What is MinBFT](#what-is-minbft)
   * [Why MinBFT](#why-minbft)
   * [Concepts](#concepts)
+  * [Quick Start](#quick-start)
+      * [Prerequisites](#prerequisites)
+      * [Building a Container Image](#building-a-container-image)
+      * [Running Replicas](#running-replicas)
+      * [Submitting Requests](#submitting-requests)
+      * [Tear Down](#tear-down)
   * [Requirements](#requirements)
       * [Operating System](#operating-system)
       * [Golang](#golang)
@@ -103,6 +109,117 @@ number of consenting nodes than PBFT.
 For more detailed description of the protocol, refer to [Efficient
 Byzantine Fault-Tolerance paper][minbft-paper].
 
+## Quick Start ##
+
+This quick start shows you how to run this project using Docker
+containers. This is the easiest way to try out this project with minimal
+setup. If you want to build and run without Docker, skip this section.
+
+### Prerequisites ###
+
+To run the containers, the following software must be installed on your
+system.
+
+ - [Docker Engine](https://docs.docker.com/engine/) (tested with version
+   19.03.6)
+ - [Docker Compose](https://docs.docker.com/compose/) (tested with
+   version 1.17.1)
+
+If you are using Ubuntu 18.04, they can be installed as follows:
+
+```sh
+sudo apt-get install docker.io docker-compose
+```
+
+Note that SGX-enabled CPU is not required to run the containers; they
+will run in the simulation mode provided by Intel SGX SDK. We plan to
+have another container image which runs in the HW mode (i.e. using
+"real" hardware features) in a future release.
+
+### Building a Container Image ###
+
+Build an image of the containers as follows:
+
+```sh
+sudo docker build -f sample/docker/Dockerfile -t minbft .
+```
+
+Note that, by defaut, the `docker` command needs to be executed by
+`root`. Refer to [Docker's
+document](https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user)
+for details.
+
+If your system has the `make` command, the following command also can be
+used.
+
+```sh
+sudo make docker
+```
+
+### Running Replicas ###
+
+To start up an example consensus network of replicas, invoke the
+following commands:
+
+```sh
+sudo UID=$UID docker-compose -f sample/docker/docker-compose.yml up -d
+```
+
+This will start the replica nodes as 3 separate containers in
+background.
+
+### Submitting Requests ###
+
+Requests can be submitted for ordering and execution to the example
+consensus network as follows:
+
+```sh
+sudo docker-compose -f sample/docker/docker-compose.yml \
+  run client request "First request" "Second request" "Another request"
+```
+
+This command should produce the following output showing the result
+of ordering and execution of the submitted requests:
+
+```
+Reply: {"Height":1,"PrevBlockHash":null,"Payload":"Rmlyc3QgcmVxdWVzdA=="}
+Reply: {"Height":2,"PrevBlockHash":"DuAGbE1hVQCvgi+R0E5zWaKSlVYFEo3CjlRj9Eik5h4=","Payload":"U2Vjb25kIHJlcXVlc3Q="}
+Reply: {"Height":3,"PrevBlockHash":"963Kn659GbtX35MZYzguEwSH1UvF2cRYo6lNpIyuCUE=","Payload":"QW5vdGhlciByZXF1ZXN0"}
+```
+
+The output shows the submitted requests being ordered and executed by a
+sample blockchain service. The service executes request by simply
+appending a new block for each request to the trivial blockchain
+maintained by the service.
+
+### Tear Down ###
+
+The following command can be used to terminate running containers:
+
+```sh
+sudo docker-compose -f sample/docker/docker-compose.yml down
+```
+
+The containers create some files while running. These files can be
+deleted as follows.
+
+```sh
+rm -f sample/docker/keys.yaml sample/docker/.keys.yaml.lock
+```
+
+The Docker image can be deleted as follow.
+
+```sh
+sudo docker rmi minbft
+```
+
+If your system has the `make` command, the following command also can be
+used.
+
+```sh
+sudo make docker-clean
+```
+
 ## Requirements ##
 
 ### Operating System ###

sample/docker/Dockerfile

@@ -0,0 +1,35 @@
+FROM ubuntu:18.04 AS build
+COPY --from=golang:1.14.4-buster /usr/local/go /usr/local/go/
+ENV PATH /usr/local/go/bin:$PATH
+ENV SGX_SDK_URL https://download.01.org/intel-sgx/sgx-linux/2.9.1/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.9.101.2.bin
+RUN apt-get update && apt-get install -y --no-install-recommends \
+		build-essential \
+		ca-certificates \
+		pkg-config \
+		python \
+		wget \
+	&& rm -rf /var/lib/apt/lists/* \
+	&& wget -q -O sgx_linux_x64_sdk.bin $SGX_SDK_URL \
+	&& chmod +x sgx_linux_x64_sdk.bin \
+	&& echo -e "no\n/opt/intel" | ./sgx_linux_x64_sdk.bin
+COPY . minbft/
+ENV SGX_MODE SIM
+RUN cd minbft \
+	&& . /opt/intel/sgxsdk/environment \
+	&& make prefix=/opt/minbft install
+
+FROM ubuntu:18.04
+RUN apt-get update && apt-get install -y --no-install-recommends \
+		libssl1.1 \
+	&& rm -rf /var/lib/apt/lists/*
+COPY --from=build /opt/intel/sgxsdk /opt/intel/sgxsdk/
+WORKDIR /opt/minbft
+COPY --from=build /opt/minbft ./
+ENV PATH /opt/minbft/bin:$PATH
+ENV LD_LIBRARY_PATH /opt/minbft/lib:$LD_LIBRARY_PATH
+COPY sample/config/consensus.yaml sample/peer/peer.yaml ./
+RUN sed -i 's/:800\([0-2]\)/replica\1:8000/' consensus.yaml
+COPY sample/docker/docker-entrypoint.sh /usr/local/bin/
+VOLUME ["/data"]
+EXPOSE 8000
+ENTRYPOINT ["docker-entrypoint.sh"]

sample/docker/docker-compose.yml

@@ -0,0 +1,23 @@
+version: "3"
+services:
+  replica0: &peer
+    container_name: replica0
+    image: minbft
+    volumes:
+      - ".:/data"
+    expose:
+      - "8000"
+    command: run 0
+    user: ${UID:-1000}
+  replica1:
+    <<: *peer
+    container_name: replica1
+    command: run 1
+  replica2:
+    <<: *peer
+    container_name: replica2
+    command: run 2
+  client:
+    <<: *peer
+    container_name: client
+    command: help

sample/docker/docker-entrypoint.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+. /opt/intel/sgxsdk/environment
+
+(
+    flock 3
+    if [ -f /data/keys.yaml ]; then exit; fi
+    keytool -o /data/keys.yaml generate -u lib/libusig.signed.so
+) 3>/data/.keys.yaml.lock
+
+exec peer --keys /data/keys.yaml "$@"