- Overview
- Tutorials
- How Tos
- Download
- Install
- Configure
- Secure
- TLS API Configuration
- Configure API Authentication and Authorization with JWT
- Configure API Limits
- Set Resource Limits
- Crypto key management
- Restrict key usage
- Namespace Key Management
- Key management service (KMS) configuration
- Optimize
- Observe
- Operate
- Initializing node identity manually
- Canton Console
- Synchronizer connections
- High Availability Usage
- Manage Daml packages and archives
- Participant Node pruning
- Party Management
- Party Replication
- Decentralized party overview
- Setup an External Party
- Ledger API User Management
- Node Traffic Management
- Identity Management
- Upgrade
- Decommission
- Recover
- Troubleshoot
- Explanations
- Reference
Note
This page is a work in progress. It may contain incomplete or incorrect information.
Work With the Docker Containers¶
Starting Canton¶
The canton executable is the default image entry point so all examples using bin/canton can simply substitute that with docker run digitalasset/canton.
For example, to run a command in interactive console mode, defining a participant on the fly:
docker run --rm -it digitalasset-docker.jfrog.io/canton-enterprise:latest \
--no-tty -C canton.participants.p.ledger-api.port=1234
The --rm option ensures that the container is removed when the canton process exits.
The -it options start the container interactively and provide access to our running console.
The -no-tty option deactivates the tty mode, as the console is not usable with that mode engaged.
By default Docker will pull the latest tag containing the latest Canton release.
As Docker will only automatically pull latest once, ensure you have the latest version by
periodically running docker pull digitalasset-docker.jfrog.io/canton-enterprise.
Configuring Logging and Health Probes¶
The default convention with logging of containers is to have the process to log to stdout. The logging behaviour of Canton can be changed, using appropriate command line flags, such as --log-profile=container.
The Docker images include a grpc health probe /usr/local/bin/grpc_health_probe, which can be used to setup health checks for Kubernetes.
Administrating the Running Node¶
In a Docker based environment, Canton should be run in daemon mode, while a remote console
can be used to interact with the node.
Exposing the gRPC Ledger API or Admin API to the host machine¶
Applications using Canton typically need access to the Ledger or Admin API to read from and write to the ledger.
Each participant binds the gRPC Ledger API to the port specified at the configuration key: ledger-api.port.
For participant1 in the simple topology example this is set to port 5011.
To expose the gRPC Ledger API to port 5011 on the host machine, run Docker with the following options:
docker run --rm -it \
-p 5011:5011 \
digitalasset-docker.jfrog.io/canton-enterprise --no-tty \
-C canton.participants.participant1.ledger-api.address=0.0.0.0 \
-C canton.participants.participant1.ledger-api.port=5011 \
The gRPC Ledger API port for each participant needs to be mapped separately. The same applies to the Admin API.
Supplying custom configuration and DARs¶
To expose files to the Canton container, you must specify a volume mapping from the host machine to the container.
For example, if you have the local directory my-application containing your custom Canton configuration and DAR:
docker run --rm -it \
--volume "$PWD/my-application:/canton/my-application" \
digitalasset-docker.jfrog.io/canton-enterprise daemon \
--config /canton/my-application/my-config.conf
DARs can be loaded using the same container local path or by using the remote console access.