[apache/incubator-teaclave] Support containerized Intel Aesmd service (#553)

Tue, 14 Sep 2021 14:38:21 -0700 

### Motivation & problem statement
As recommended in [Intel Linux SGX repo.](https://github.com/intel/linux-sgx), 
the aesmd service is to be built and run as a [containerized 
service](https://github.com/intel/linux-sgx/blob/master/docker/build/build_and_run_aesm_docker.sh#L41).
 it created a [named 
volume](https://github.com/intel/linux-sgx/blob/8abc6dd8cb44e3cef8294c508e77803ffeb8ed12/docker/build/build_and_run_aesm_docker.sh#L36)
 `aesmd-socket` that should be mounted into `/var/run/aesmd` folder in relying 
container. 

However, the docker compose files in Teaclave are using the following stanza to 
mount host based aesmd socket
![stanze_aemd_mount](https://user-images.githubusercontent.com/10856796/133334968-9e3bbafd-dab9-45f1-b22b-022e65da92d7.png)
That causes the following failure when starting with any docker compose files.
![aesmd_socket_notfound](https://user-images.githubusercontent.com/10856796/133333373-58071e70-52b2-4b36-a932-6d367ae339da.png)

### Proposed solution
I propose a solution to address this problems to streamline the usage of 
Teaclave services coordinated with containerized aesmd service through docker 
compose. the solution requires to introduce the following changes to Teaclave 
docker compose files and associated documents.

- Remove the following configuration from all docker compose files for all 
services (3 files)
```
      - type: bind
        source: /var/run/aesmd/aesm.socket
        target: /var/run/aesmd/aesm.socket
```
1. docker-compose-ubuntu-1804-intel-sgx.yml
2. docker-compose-ubuntu-1804-isgx.yml
3. docker-compose-ubuntu-1804.yml 

- Add the following override compose files for host based aesmd socket bind 
mount for every services
1. docker-compose-ubuntu-1804-intel-sgx-with-host-aesmd-socket.yml
2. docker-compose-ubuntu-1804-isgx-with-host-aesmd-socket.yml
3. docker-compose-ubuntu-1804-with-host-aesmd-socket.yml 
with the following bind mount configuration
```
      - type: bind
        source: /var/run/aesmd/aesm.socket
        target: /var/run/aesmd/aesm.socket
```
- Add the following override compose files for containerized aesmd socket 
volume mount for every services
1. docker-compose-ubuntu-1804-intel-sgx-with-aesmd-socket-volume.yml
2. docker-compose-ubuntu-1804-isgx-with-aesmd-socket-volume.yml
3. docker-compose-ubuntu-1804-with-aesmd-socket-volume.yml 
```
      -  aesmd-socket:/var/run/aesmd
```

In addition, the README.md should be updated accordingly. Thanks.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/553

Reply via email to