Running in Docker

Note

Please note that the images have moved from digitalasset-canton-enterprise-docker.jfrog.io/digitalasset/canton-enterprise to digitalasset-docker.jfrog.io/canton-enterprise as per version 2.8.0. The old images will remain, but new versions won’t be added to the old repository. The open source Canton Docker image is no longer available.

Obtaining the Docker Images

The Canton Docker images are available for the Daml Enterprise. You can download them using

docker login digitalasset-docker.jfrog.io
docker pull digitalasset-docker.jfrog.io/canton-enterprise[:version]

The version is optional, and the latest version is used by default. The version dev is the the current main build.

Starting Canton

The canton executable is the default image entry point so all examples using bin/canton can simply substitute that with docker run digitalasset/canton.

For example, to run a command in interactive console mode, defining a participant on the fly:

docker run --rm -it digitalasset-docker.jfrog.io/canton-enterprise:latest \
     --no-tty -C canton.participants.p.ledger-api.port=1234

The --rm option ensures that the container is removed when the canton process exits. The -it options start the container interactively and provide access to our running console. The -no-tty option deactivates the tty mode, as the console is not usable with that mode engaged.

By default Docker will pull the latest tag containing the latest Canton release. As Docker will only automatically pull latest once, ensure you have the latest version by periodically running docker pull digitalasset-docker.jfrog.io/canton-enterprise.

Configuring Logging and Health Probes

The default convention with logging of containers is to have the process to log to stdout. The logging behaviour of Canton can be changed, using appropriate command line flags, such as --log-profile=container. The Docker images include a grpc health probe /usr/local/bin/grpc_health_probe, which can be used to setup health checks for Kubernetes.

Administrating the Running Node

In a Docker based environment, Canton should be run in daemon mode, while a remote console can be used to interact with the node.

Exposing the Ledger API or Admin API to the host machine

Applications using Canton typically need access to the Ledger or Admin API to read from and write to the ledger. Each participant binds the Ledger API to the port specified at the configuration key: ledger-api.port. For participant1 in the simple topology example this is set to port 5011.

To expose the Ledger API to port 5011 on the host machine, run Docker with the following options:

docker run --rm -it \
   -p 5011:5011 \
   digitalasset-docker.jfrog.io/canton-enterprise --no-tty \
   -C canton.participants.participant1.ledger-api.address=0.0.0.0 \
   -C canton.participants.participant1.ledger-api.port=5011 \

The Ledger API port for each participant needs to be mapped separately. The same applies to the Admin API.

Supplying custom configuration and DARs

To expose files to the Canton container, you must specify a volume mapping from the host machine to the container.

For example, if you have the local directory my-application containing your custom Canton configuration and DAR:

docker run --rm -it \
   --volume "$PWD/my-application:/canton/my-application" \
   digitalasset-docker.jfrog.io/canton-enterprise daemon \
   --config /canton/my-application/my-config.conf

DARs can be loaded using the same container local path or by using the remote console access.

Running Postgres in Docker

Canton requires an appropriate database to persist data. For this purpose, such a database can also be run in a Docker container using the following, helpful command:

docker run -d --rm --name canton-postgres --shm-size=256mb --publish 5432:5432 -e POSTGRES_USER=test-user
    -e POSTGRES_PASSWORD=test-password postgres:14.8-bullseye postgres -c max_connections=500

Please note that the --publish command allows us to pick the target port which we have to define in the Canton configuration file. The --rm will delete the data store once the Docker container is killed. This is useful for short-term tests. The --shm-size 256mb is necessary as Docker will allocate only 64mb of shared memory by default which is insufficient for the way Canton uses Postgres.

Note that you also need to create the databases yourself, which for Postgres you can do using psql

PGPASSWORD=test-password psql -h localhost -U test-user << EOF
CREATE DATABASE participant1;
GRANT ALL ON DATABASE participant1 TO CURRENT_USER;
EOF

The tables will be managed automatically by Canton. The psql solution works also if you run multiple nodes on one Postgres database which all require separate databases. If you run just one node against one database, you can avoid using psql by adding --POSTGRES_DB=participant1 to above Docker command.