Deploying Applications in a Container
To enable the commercial cryptography application in a common container, map some device files to the container, integrate libsdf.so, libcrypto.so, and libsecurec.so into the container, and start the sdf-utils service on the host.
- Start sdf-utils on the host.
systemctl start sdf-utils
- Start the container.
1 2
docker run -it --mount type=bind,source=/var/itrustee/teecd,target=/var/itrustee/teecd,readonly --device /dev/teelog:/dev/teelog:wr --device /dev/tc_ns_cvm:/dev/tc_ns_cvm:wr -d <demo_image> docker logs -f <container_id>
- To enable a container to run the cryptographic module, map the following devices to the container.
- --mount type=bind,source=/var/itrustee/teecd,target=/var/itrustee/teecd,readonly
- --device /dev/teelog:/dev/teelog:wr
- --device /dev/tc_ns_cvm:/dev/tc_ns_cvm:wr
- demo_image is the customer container image, which can be a basic openEuler container image.
- To enable a container to run the cryptographic module, map the following devices to the container.
- Copy necessary files to the container.
docker cp /lib64/libsdf.so <container_id>:/lib64/ docker cp /lib64/libteec.so <container_id>:/lib64/ docker cp /lib64/libboundscheck.so <container_id>:/lib64/ docker cp /bin/tlogcat <container_id>:/bin/ docker cp /lib64/libcrypto.so <container_id>:/lib64/ docker cp /lib64/libsecurec.so <container_id>:/lib64/
- Run the cryptographic module applications in the container, which is the same as running them on the host.
Parent topic: VM- and Container-based Deployment