Skip to main content

Deploy on Oyster

This tutorial will guide you through deploying the echo server Docker image on Oyster and verify that it was deployed properly using remote attestations.

Create a docker compose file

Create a file named docker-compose.yml describing the service being deployed after replacing the <username>/echo-server with the docker image created in the previous step:

# Replace <username> with your Docker username
cat > docker-compose.yml <<EOF
services:
  echo-server:
    image: <username>/echo-server
    network_mode: host
    restart: unless-stopped
EOF
tip

In a production application, you would want to pin the image version using a sha256 hash.

important

Note the use of network_mode: host. It is currently required for deploying Docker images on Oyster.

Deploy the enclave

Deploy the enclave image using:

# replace <key> with private key of the wallet

# for amd64
oyster-cvm deploy --wallet-private-key <key> --duration-in-minutes 15 --docker-compose docker-compose.yml --arch amd64

# for arm64
oyster-cvm deploy --wallet-private-key <key> --duration-in-minutes 15 --docker-compose docker-compose.yml

Make a note of the "Computed image id" printed in the logs, this uniquely identifies your application, defined by the underlying base enclave image, the docker-compose file and other initialization parameters if any.

Wait for the command to finish and print the enclave IP.

As before, you can now interact with the echo server using

nc <ip> 8080
important

Note the --duration-in-minutes flag specifies the length of time (in minutes) that the enclave will remain deployed on the Oyster platform, with the example in the documentation setting a 15-minute deployment period after which the enclave will be automatically terminated.

List running enclaves

Run

# Replace <address> with your wallet address
oyster-cvm list --address <address>

to list the running jobs created by your wallet address. Can you find your recently created job in the list?

Verify a remote attestation

Run

# Replace <ip> with the IP you obtained above
# Replace <image_id> with the image id obtained above
oyster-cvm verify --enclave-ip <ip> --image-id <image_id>

You should see Verification successful along with some attestation fields printed out.

And that's it! You should now be able to package up your own applications into a Docker image and deploy it on Oyster. Remember the basic development loop: write/modify your application, publish a Docker image, deploy on Oyster.

Keep following the tutorials to delve into other Oyster platform features to optimize your workflows further.