This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/master by this push:
new a4fcc65 [docker] start Teaclave docker services with auto-detection
mechanism (#559)
a4fcc65 is described below
commit a4fcc65f4047cf9b63a92995f457391455c982d4
Author: Gordon King <[email protected]>
AuthorDate: Tue Oct 5 11:44:23 2021 -0700
[docker] start Teaclave docker services with auto-detection mechanism (#559)
Added a bash script to detect sgx device and aesm service
heuristically, and start teaclave services without needing to specify
corresponding docker compose file manually. this script can detect and
handle containerized aesm service as well.
Signed-off-by: Gordon King <[email protected]>
---
docker/README.md | 7 +-
docker/docker-compose-aesm-socket.override.yml | 61 ++++++
docker/docker-compose-aesm-vol.override.yml | 51 +++++
docker/docker-compose-dcap-dev.override.yml | 54 +++++
docker/docker-compose-isgx-dev.override.yml | 47 +++++
docker/docker-compose-ubuntu-1804-intel-sgx.yml | 233 ---------------------
docker/docker-compose-ubuntu-1804-isgx.yml | 226 --------------------
docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml | 190 -----------------
docker/docker-compose-ubuntu-1804.yml | 35 ----
docker/run-teaclave-services.sh | 219 +++++++++++++++++++
docs/azure-confidential-computing.md | 2 +-
docs/my-first-function.md | 4 +-
12 files changed, 437 insertions(+), 692 deletions(-)
diff --git a/docker/README.md b/docker/README.md
index 1ca6888..f7201d5 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -50,10 +50,7 @@ simpler, we recommend to use
[docker-compose](https://docs.docker.com/compose/)
to manage all services. Since the remote attestation is required for all
services, you should setup the attestation service configurations
before start the services. You can use env vars or set them in the
-`docker-compose-ubuntu-1804-*.yml` file.
-Note that `-sgx-sim-mode.yml` is for the simulation mode, `-isgx.yml` and
-`-intel-sgx.yml` is for Intel's SGX driver (`isgx`) and upstream in-tree kernel
-driver (`intel_sgx`) respectively, which can be seen by `lsmod | grep sgx`.
+`docker-compose-ubuntu-1804.yml` file.
Here is an example to start all services.
@@ -63,7 +60,7 @@ $ export AS_KEY="00000000000000000000000000000000"
$ export AS_ALGO="sgx_epid"
$ export AS_URL="https://api.trustedservices.intel.com:443";
-$ docker-compose -f docker-compose-ubuntu-1804.yml up
+$ ./run-teaclave-services.sh
Starting teaclave-file-service ... done
Starting teaclave-authentication-service ... done
Starting teaclave-access-control-service ... done
diff --git a/docker/docker-compose-aesm-socket.override.yml
b/docker/docker-compose-aesm-socket.override.yml
new file mode 100644
index 0000000..20a7ab6
--- /dev/null
+++ b/docker/docker-compose-aesm-socket.override.yml
@@ -0,0 +1,61 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+version: '3.7'
+
+services:
+ teaclave-authentication-service:
+ volumes:
+ - type: bind
+ source: /var/run/aesmd/aesm.socket
+ target: /var/run/aesmd/aesm.socket
+
+ teaclave-frontend-service:
+ volumes:
+ - type: bind
+ source: /var/run/aesmd/aesm.socket
+ target: /var/run/aesmd/aesm.socket
+
+ teaclave-management-service:
+ volumes:
+ - type: bind
+ source: /var/run/aesmd/aesm.socket
+ target: /var/run/aesmd/aesm.socket
+
+ teaclave-storage-service:
+ volumes:
+ - type: bind
+ source: /var/run/aesmd/aesm.socket
+ target: /var/run/aesmd/aesm.socket
+
+ teaclave-access-control-service:
+ volumes:
+ - type: bind
+ source: /var/run/aesmd/aesm.socket
+ target: /var/run/aesmd/aesm.socket
+
+ teaclave-execution-service:
+ volumes:
+ - type: bind
+ source: /var/run/aesmd/aesm.socket
+ target: /var/run/aesmd/aesm.socket
+
+ teaclave-scheduler-service:
+ volumes:
+ - type: bind
+ source: /var/run/aesmd/aesm.socket
+ target: /var/run/aesmd/aesm.socket
diff --git a/docker/docker-compose-aesm-vol.override.yml
b/docker/docker-compose-aesm-vol.override.yml
new file mode 100644
index 0000000..49459a0
--- /dev/null
+++ b/docker/docker-compose-aesm-vol.override.yml
@@ -0,0 +1,51 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+version: '3.7'
+
+volumes:
+ aesmd-socket:
+ external: true
+
+services:
+ teaclave-authentication-service:
+ volumes:
+ - aesmd-socket:/var/run/aesmd
+
+ teaclave-frontend-service:
+ volumes:
+ - aesmd-socket:/var/run/aesmd
+
+ teaclave-management-service:
+ volumes:
+ - aesmd-socket:/var/run/aesmd
+
+ teaclave-storage-service:
+ volumes:
+ - aesmd-socket:/var/run/aesmd
+
+ teaclave-access-control-service:
+ volumes:
+ - aesmd-socket:/var/run/aesmd
+
+ teaclave-execution-service:
+ volumes:
+ - aesmd-socket:/var/run/aesmd
+
+ teaclave-scheduler-service:
+ volumes:
+ - aesmd-socket:/var/run/aesmd
diff --git a/docker/docker-compose-dcap-dev.override.yml
b/docker/docker-compose-dcap-dev.override.yml
new file mode 100644
index 0000000..efb0215
--- /dev/null
+++ b/docker/docker-compose-dcap-dev.override.yml
@@ -0,0 +1,54 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+version: '3.7'
+
+services:
+ teaclave-authentication-service:
+ devices:
+ - /dev/sgx/enclave
+ - /dev/sgx/provision
+
+ teaclave-frontend-service:
+ devices:
+ - /dev/sgx/enclave
+ - /dev/sgx/provision
+
+ teaclave-management-service:
+ devices:
+ - /dev/sgx/enclave
+ - /dev/sgx/provision
+
+ teaclave-storage-service:
+ devices:
+ - /dev/sgx/enclave
+ - /dev/sgx/provision
+
+ teaclave-access-control-service:
+ devices:
+ - /dev/sgx/enclave
+ - /dev/sgx/provision
+
+ teaclave-execution-service:
+ devices:
+ - /dev/sgx/enclave
+ - /dev/sgx/provision
+
+ teaclave-scheduler-service:
+ devices:
+ - /dev/sgx/enclave
+ - /dev/sgx/provision
diff --git a/docker/docker-compose-isgx-dev.override.yml
b/docker/docker-compose-isgx-dev.override.yml
new file mode 100644
index 0000000..156ce25
--- /dev/null
+++ b/docker/docker-compose-isgx-dev.override.yml
@@ -0,0 +1,47 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+version: '3.7'
+
+services:
+ teaclave-authentication-service:
+ devices:
+ - /dev/isgx
+
+ teaclave-frontend-service:
+ devices:
+ - /dev/isgx
+
+ teaclave-management-service:
+ devices:
+ - /dev/isgx
+
+ teaclave-storage-service:
+ devices:
+ - /dev/isgx
+
+ teaclave-access-control-service:
+ devices:
+ - /dev/isgx
+
+ teaclave-execution-service:
+ devices:
+ - /dev/isgx
+
+ teaclave-scheduler-service:
+ devices:
+ - /dev/isgx
diff --git a/docker/docker-compose-ubuntu-1804-intel-sgx.yml
b/docker/docker-compose-ubuntu-1804-intel-sgx.yml
deleted file mode 100644
index 319f9dc..0000000
--- a/docker/docker-compose-ubuntu-1804-intel-sgx.yml
+++ /dev/null
@@ -1,233 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-version: '3.7'
-
-services:
- teaclave-authentication-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- ports:
- - 7776:7776
- expose:
- - 7776
- - 17776
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/sgx/enclave
- - /dev/sgx/provision
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_authentication_service
- container_name: teaclave-authentication-service
- networks:
- api:
- internal:
-
- teaclave-frontend-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- ports:
- - 7777:7777
- expose:
- - 7777
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/sgx/enclave
- - /dev/sgx/provision
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_frontend_service
- depends_on:
- - teaclave-management-service
- container_name: teaclave-frontend-service
- networks:
- api:
- internal:
-
- teaclave-management-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17777
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/sgx/enclave
- - /dev/sgx/provision
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_management_service
- depends_on:
- - teaclave-storage-service
- - teaclave-access-control-service
- container_name: teaclave-management-service
- networks:
- internal:
-
- teaclave-storage-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17778
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/sgx/enclave
- - /dev/sgx/provision
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_storage_service
- container_name: teaclave-storage-service
- networks:
- internal:
-
- teaclave-access-control-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17779
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/sgx/enclave
- - /dev/sgx/provision
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- container_name: teaclave-access-control-service
- entrypoint: ./teaclave_access_control_service
- networks:
- internal:
-
- teaclave-execution-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17770
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/sgx/enclave
- - /dev/sgx/provision
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_execution_service
- container_name: teaclave-execution-service
- depends_on:
- - teaclave-scheduler-service
- networks:
- internal:
- fs:
-
- teaclave-scheduler-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17780
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/sgx/enclave
- - /dev/sgx/provision
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_scheduler_service
- container_name: teaclave-scheduler-service
- depends_on:
- - teaclave-storage-service
- networks:
- internal:
-
- teaclave-file-service:
- image: python:3
- container_name: teaclave-file-service
- volumes:
- - ../tests:/teaclave-file-service
- working_dir: /teaclave-file-service
- entrypoint: ./scripts/simple_http_server.py
- networks:
- fs:
-
-networks:
- internal:
- api:
- fs:
diff --git a/docker/docker-compose-ubuntu-1804-isgx.yml
b/docker/docker-compose-ubuntu-1804-isgx.yml
deleted file mode 100644
index 92b454e..0000000
--- a/docker/docker-compose-ubuntu-1804-isgx.yml
+++ /dev/null
@@ -1,226 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-version: '3.7'
-
-services:
- teaclave-authentication-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- ports:
- - 7776:7776
- expose:
- - 7776
- - 17776
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_authentication_service
- container_name: teaclave-authentication-service
- networks:
- api:
- internal:
-
- teaclave-frontend-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- ports:
- - 7777:7777
- expose:
- - 7777
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_frontend_service
- depends_on:
- - teaclave-management-service
- container_name: teaclave-frontend-service
- networks:
- api:
- internal:
-
- teaclave-management-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17777
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_management_service
- depends_on:
- - teaclave-storage-service
- - teaclave-access-control-service
- container_name: teaclave-management-service
- networks:
- internal:
-
- teaclave-storage-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17778
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_storage_service
- container_name: teaclave-storage-service
- networks:
- internal:
-
- teaclave-access-control-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17779
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- container_name: teaclave-access-control-service
- entrypoint: ./teaclave_access_control_service
- networks:
- internal:
-
- teaclave-execution-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17770
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_execution_service
- container_name: teaclave-execution-service
- depends_on:
- - teaclave-scheduler-service
- networks:
- internal:
- fs:
-
- teaclave-scheduler-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17780
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_scheduler_service
- container_name: teaclave-scheduler-service
- depends_on:
- - teaclave-storage-service
- networks:
- internal:
-
- teaclave-file-service:
- image: python:3
- container_name: teaclave-file-service
- volumes:
- - ../tests:/teaclave-file-service
- working_dir: /teaclave-file-service
- entrypoint: ./scripts/simple_http_server.py
- networks:
- fs:
-
-networks:
- internal:
- api:
- fs:
diff --git a/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml
b/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml
deleted file mode 100644
index d897668..0000000
--- a/docker/docker-compose-ubuntu-1804-sgx-sim-mode.yml
+++ /dev/null
@@ -1,190 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-version: '3.7'
-
-services:
- teaclave-authentication-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- ports:
- - 7776:7776
- expose:
- - 7776
- - 17776
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_authentication_service
- container_name: teaclave-authentication-service
- networks:
- api:
- internal:
-
- teaclave-frontend-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- ports:
- - 7777:7777
- expose:
- - 7777
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_frontend_service
- depends_on:
- - teaclave-management-service
- container_name: teaclave-frontend-service
- networks:
- api:
- internal:
-
- teaclave-management-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17777
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_management_service
- depends_on:
- - teaclave-storage-service
- - teaclave-access-control-service
- container_name: teaclave-management-service
- networks:
- internal:
-
- teaclave-storage-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17778
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_storage_service
- container_name: teaclave-storage-service
- networks:
- internal:
-
- teaclave-access-control-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17779
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- container_name: teaclave-access-control-service
- entrypoint: ./teaclave_access_control_service
- networks:
- internal:
-
- teaclave-execution-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17770
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_execution_service
- container_name: teaclave-execution-service
- depends_on:
- - teaclave-scheduler-service
- networks:
- internal:
- fs:
-
- teaclave-scheduler-service:
- build:
- context: ../
- dockerfile: docker/teaclave-rt.ubuntu-1804.Dockerfile
- expose:
- - 17780
- volumes:
- - ./runtime.config.toml:/teaclave/runtime.config.toml
- working_dir: /teaclave
- environment:
- - AS_SPID
- - AS_KEY
- - AS_ALGO
- - AS_URL
- - TEACLAVE_LOG
- entrypoint: ./teaclave_scheduler_service
- container_name: teaclave-scheduler-service
- depends_on:
- - teaclave-storage-service
- networks:
- internal:
-
- teaclave-file-service:
- image: python:3
- volumes:
- - ../tests:/teaclave-file-service
- working_dir: /teaclave-file-service
- entrypoint: ./scripts/simple_http_server.py
- networks:
- fs:
-
-networks:
- internal:
- api:
- fs:
diff --git a/docker/docker-compose-ubuntu-1804.yml
b/docker/docker-compose-ubuntu-1804.yml
index 92b454e..ad718b5 100644
--- a/docker/docker-compose-ubuntu-1804.yml
+++ b/docker/docker-compose-ubuntu-1804.yml
@@ -29,11 +29,6 @@ services:
- 17776
volumes:
- ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
working_dir: /teaclave
environment:
- AS_SPID
@@ -57,11 +52,6 @@ services:
- 7777
volumes:
- ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
working_dir: /teaclave
environment:
- AS_SPID
@@ -85,11 +75,6 @@ services:
- 17777
volumes:
- ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
working_dir: /teaclave
environment:
- AS_SPID
@@ -113,11 +98,6 @@ services:
- 17778
volumes:
- ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
working_dir: /teaclave
environment:
- AS_SPID
@@ -138,11 +118,6 @@ services:
- 17779
volumes:
- ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
working_dir: /teaclave
environment:
- AS_SPID
@@ -163,11 +138,6 @@ services:
- 17770
volumes:
- ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
working_dir: /teaclave
environment:
- AS_SPID
@@ -191,11 +161,6 @@ services:
- 17780
volumes:
- ./runtime.config.toml:/teaclave/runtime.config.toml
- - type: bind
- source: /var/run/aesmd/aesm.socket
- target: /var/run/aesmd/aesm.socket
- devices:
- - /dev/isgx
working_dir: /teaclave
environment:
- AS_SPID
diff --git a/docker/run-teaclave-services.sh b/docker/run-teaclave-services.sh
new file mode 100755
index 0000000..773df4d
--- /dev/null
+++ b/docker/run-teaclave-services.sh
@@ -0,0 +1,219 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+SGX_DEV_SEL="none"
+AESM_SEL="none"
+
+function sgx_dev_detect() {
+ local ISGX_DEV=/dev/isgx
+ local ISGX_DEV_EXIST=false
+ if [ -c "$ISGX_DEV" ]; then
+ echo "$ISGX_DEV device detected."
+ ISGX_DEV_EXIST=true
+ fi
+
+ local ENCL_DEV=/dev/sgx/enclave
+ local ENCL_DEV_EXIST=false
+ if [ -L "$ENCL_DEV" ] && [ -c $(readlink $ENCL_DEV) ]; then
+ echo "$ENCL_DEV device detected."
+ ENCL_DEV_EXIST=true
+ fi
+
+ local PROV_DEV=/dev/sgx/provision
+ local PROV_DEV_EXIST=false
+ if [ -L "$PROV_DEV" ] && [ -c $(readlink $PROV_DEV) ]; then
+ echo "$PROV_DEV device detected."
+ PROV_DEV_EXIST=true
+ fi
+
+ if ($ISGX_DEV_EXIST && $ENCL_DEV_EXIST && $PROV_DEV_EXIST); then
+ PS3='Please enter your choice: '
+ options=("ISGX device" "DCAP device" "Quit")
+ select opt in "${options[@]}"
+ do
+ case $opt in
+ "ISGX device")
+ echo "you chose $opt"
+ SGX_DEV_SEL="isgx"
+ break
+ ;;
+ "DCAP device")
+ echo "you chose $opt"
+ SGX_DEV_SEL="dcap"
+ break
+ ;;
+ "Quit")
+ exit 1
+ ;;
+ *) echo "invalid option $REPLY" ;;
+ esac
+ done
+ else
+ if $ISGX_DEV_EXIST; then
+ SGX_DEV_SEL="isgx"
+ fi
+ if ($ENCL_DEV_EXIST && $PROV_DEV_EXIST); then
+ SGX_DEV_SEL="dcap"
+ fi
+ fi
+}
+
+function aesm_detect() {
+ local AESM_SOCK=/var/run/aesmd/aesm.socket
+ local AESM_SOCK_EXIST=false
+ if [ -S "$AESM_SOCK" ]; then
+ echo "$AESM_SOCK socket detected."
+ AESM_SOCK_EXIST=true
+ fi
+
+ local AESM_VOL=aesmd-socket
+ local AESM_VOL_EXIST=false
+ if docker volume inspect $AESM_VOL 2>&1 > /dev/null ; then
+ echo "$AESM_VOL volume detected."
+ AESM_VOL_EXIST=true
+ fi
+
+ if ($AESM_SOCK_EXIST && $AESM_VOL_EXIST); then
+ PS3='Please enter your choice: '
+ options=("$AESM_SOCK socket" "$AESM_VOL volume" "Quit")
+ select opt in "${options[@]}"
+ do
+ case $opt in
+ "$AESM_SOCK socket")
+ echo "you chose $opt"
+ AESM_SEL="sock"
+ break
+ ;;
+ "$AESM_VOL volume")
+ echo "you chose $opt"
+ AESM_SEL="vol"
+ break
+ ;;
+ "Quit")
+ exit 1
+ ;;
+ *) echo "invalid option $REPLY" ;;
+ esac
+ done
+ else
+ if $AESM_SOCK_EXIST; then
+ AESM_SEL="sock"
+ fi
+ if $AESM_VOL_EXIST; then
+ AESM_SEL="vol"
+ fi
+ fi
+}
+
+function usage {
+ echo "Usage: $(basename $0) [-hdm:]" 2>&1
+ echo ' -h shows usage'
+ echo ' -m run mode (default: sgx)'
+ echo ' -d detached mode'
+ echo 'Available run modes: sim, sgx'
+ exit 1
+}
+
+RUN_MODE="sgx"
+DETACH_ARG=""
+optstring="hdm:"
+while getopts ${optstring} arg; do
+ case ${arg} in
+ h)
+ echo "showing usage!"
+ usage
+ ;;
+ d)
+ DETACH_ARG="-d"
+ ;;
+ m)
+ RUN_MODE=$OPTARG
+ ;;
+ esac
+done
+
+shift $((OPTIND-1))
+
+case $RUN_MODE in
+ "sgx")
+ sgx_dev_detect
+ aesm_detect
+ ;;
+ "sim")
+ ;;
+ *)
+ echo "The specified run mode: $RUN_MODE is not recognized."
+ usage
+ ;;
+esac
+
+OV_PREFIX="docker-compose-"
+OV_SUFFIX=".override.yml"
+SGX_DEV_OV_FILE=""
+AESM_OV_FILE=""
+case $SGX_DEV_SEL in
+ "isgx")
+ SGX_DEV_OV_FILE="isgx-dev"
+ ;;
+ "dcap")
+ SGX_DEV_OV_FILE="dcap-dev"
+ ;;
+ "none")
+ ;;
+ *)
+ echo "Invalid SGX device."
+ exit 2
+ ;;
+esac
+SGX_DEV_OV_FILE="${OV_PREFIX}${SGX_DEV_OV_FILE}${OV_SUFFIX}"
+
+case $AESM_SEL in
+ "sock")
+ AESM_OV_FILE="aesm-socket"
+ ;;
+ "vol")
+ AESM_OV_FILE="aesm-vol"
+ ;;
+ "none")
+ ;;
+ *)
+ echo "Invalid AESM service."
+ exit 2
+ ;;
+esac
+AESM_OV_FILE="${OV_PREFIX}${AESM_OV_FILE}${OV_SUFFIX}"
+
+DOCKER_COMPOSE_FILE="docker-compose-ubuntu-1804.yml"
+DC_ARGS=""
+if [ "$RUN_MODE" == "sgx" ]; then
+ if [ "$SGX_DEV_SEL" == "none" ]; then
+ echo "Cannot find a valid sgx device."
+ exit 3
+ fi
+ if [ "$AESM_SEL" == "none" ]; then
+ echo "Cannot find a valid aesm service."
+ exit 6
+ fi
+ DC_ARGS="-f $DOCKER_COMPOSE_FILE -f $SGX_DEV_OV_FILE -f $AESM_OV_FILE"
+else
+ DC_ARGS="-f $DOCKER_COMPOSE_FILE"
+fi
+
+echo COMMAND: docker-compose ${DC_ARGS} up ${DETACH_ARG}
+docker-compose ${DC_ARGS} up ${DETACH_ARG}
diff --git a/docs/azure-confidential-computing.md
b/docs/azure-confidential-computing.md
index 223b826..bcb45d1 100644
--- a/docs/azure-confidential-computing.md
+++ b/docs/azure-confidential-computing.md
@@ -76,7 +76,7 @@ export AS_URL=https://api.trustedservices.intel.com:443
Start Teaclave services.
```
-(cd docker && docker-compose -f docker-compose-ubuntu-1804-intel-sgx.yml up
--build --detach)
+(cd docker && ./run-teaclave-services.sh -d)
```
At last, try the hello world example.
diff --git a/docs/my-first-function.md b/docs/my-first-function.md
index de5d1f1..de98ec3 100644
--- a/docs/my-first-function.md
+++ b/docs/my-first-function.md
@@ -118,7 +118,7 @@ $ export AS_URL="https://api.trustedservices.intel.com:443";
# IAS URL
Launch all services with `docker-compose`:
```
-$ (cd docker && docker-compose -f docker-compose-ubuntu-1804-isgx.yml up
--build)
+$ (cd docker && ./run-teaclave-services.sh)
Starting teaclave-authentication-service ... done
Starting teaclave-access-control-service ... done
Starting teaclave-scheduler-service ... done
@@ -222,7 +222,7 @@ $ export AS_URL="https://api.trustedservices.intel.com:443";
At last, launch all services with `docker-compose`:
```
-$ (cd docker && docker-compose -f docker-compose-ubuntu-1804-sgx-sim-mode.yml
up --build)
+$ (cd docker && ./run-teaclave-services.sh)
```
Install dependencies for Python client.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
