Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
inclavare-containers
提交
2dd9140a
I
inclavare-containers
项目概览
openanolis
/
inclavare-containers
通知
4
Star
7
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
5
列表
看板
标记
里程碑
合并请求
0
分析
仓库
DevOps
项目成员
Pages
I
inclavare-containers
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
5
Issue
5
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
2dd9140a
编写于
7月 14, 2020
作者:
J
jiazhiguang
提交者:
jia zhang
9月 04, 2020
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
supports build and sign enclave with occlum on host
上级
f597b056
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
44 addition
and
13 deletion
+44
-13
shim/cmd/containerd-shim-rune-v2/main.go
shim/cmd/containerd-shim-rune-v2/main.go
+1
-2
shim/runtime/carrier/occlum/occlum.go
shim/runtime/carrier/occlum/occlum.go
+23
-4
shim/runtime/v2/rune/v2/rune.go
shim/runtime/v2/rune/v2/rune.go
+8
-2
shim/runtime/v2/rune/v2/service.go
shim/runtime/v2/rune/v2/service.go
+12
-5
未找到文件。
shim/cmd/containerd-shim-rune-v2/main.go
浏览文件 @
2dd9140a
...
...
@@ -3,9 +3,8 @@
package
main
import
(
"github.com/containerd/containerd/runtime/v2/shim"
"github.com/alibaba/inclavare-containers/shim/runtime/v2/rune/v2"
"github.com/containerd/containerd/runtime/v2/shim"
)
func
main
()
{
...
...
shim/runtime/carrier/occlum/occlum.go
浏览文件 @
2dd9140a
...
...
@@ -63,9 +63,7 @@ func NewOcclumCarrier(ctx context.Context, bundle string) (carrier.Carrier, erro
if
_
,
err
:=
toml
.
DecodeFile
(
constants
.
ConfigurationPath
,
&
cfg
);
err
!=
nil
{
return
nil
,
err
}
setLogLevel
(
cfg
.
LogLevel
)
return
&
occlum
{
context
:
ctx
,
bundle
:
bundle
,
...
...
@@ -82,7 +80,8 @@ func (c *occlum) Name() string {
// BuildUnsignedEnclave impl Carrier.
func
(
c
*
occlum
)
BuildUnsignedEnclave
(
req
*
task
.
CreateTaskRequest
,
args
*
carrier
.
BuildUnsignedEnclaveArgs
)
(
unsignedEnclave
string
,
err
error
)
{
timeStart
:=
time
.
Now
()
ts
:=
timeStart
// Initialize environment variables for occlum in config.json
if
err
:=
c
.
initBundleConfig
();
err
!=
nil
{
return
""
,
err
...
...
@@ -99,6 +98,7 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
}
else
{
c
.
task
.
client
=
client
}
logrus
.
Debugf
(
"BuildUnsignedEnclave: create containerd client time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
logrus
.
Debugf
(
"BuildUnsignedEnclave: get containerd client successfully"
)
if
err
=
createNamespaceIfNotExist
(
client
,
namespace
);
err
!=
nil
{
...
...
@@ -108,10 +108,12 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
// pull the image that used to build enclave.
occlumEnclaveBuilderImage
:=
c
.
shimConfig
.
EnclaveRuntime
.
Occlum
.
BuildImage
timeStart
=
time
.
Now
()
image
,
err
:=
client
.
Pull
(
c
.
context
,
occlumEnclaveBuilderImage
,
containerd
.
WithPullUnpack
)
if
err
!=
nil
{
return
""
,
fmt
.
Errorf
(
"failed to pull image %s. error: %++v"
,
occlumEnclaveBuilderImage
,
err
)
}
logrus
.
Debugf
(
"BuildUnsignedEnclave: pull occlum SDK image time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
logrus
.
Debugf
(
"BuildUnsignedEnclave: pull image %s successfully"
,
occlumEnclaveBuilderImage
)
// Generate the containerId and snapshotId.
...
...
@@ -161,6 +163,7 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
mounts
=
append
(
mounts
,
rootfsMount
,
dataMount
)
// create a container
timeStart
=
time
.
Now
()
container
,
err
:=
client
.
NewContainer
(
c
.
context
,
containerId
,
...
...
@@ -178,6 +181,7 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
}
else
{
c
.
task
.
container
=
&
container
}
logrus
.
Debugf
(
"BuildUnsignedEnclave: create occlum SDK container time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
// Create a task from the container.
t
,
err
:=
container
.
NewTask
(
c
.
context
,
cio
.
NewCreator
(
cio
.
WithStdio
))
...
...
@@ -213,17 +217,21 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
}
cmd
=
append
(
cmd
,
"--occlum_config_path"
,
occlumConfigPath
)
logrus
.
Debugf
(
"BuildUnsignedEnclave: command: %v"
,
cmd
)
timeStart
=
time
.
Now
()
if
err
:=
c
.
execTask
(
cmd
...
);
err
!=
nil
{
logrus
.
Errorf
(
"BuildUnsignedEnclave: exec failed. error: %++v"
,
err
)
return
""
,
err
}
logrus
.
Debugf
(
"BuildUnsignedEnclave: init and build enclave time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
enclavePath
:=
filepath
.
Join
(
"/"
,
rootfsDirName
,
c
.
workDirectory
,
"./build/lib/libocclum-libos.so"
)
logrus
.
Debugf
(
"BuildUnsignedEnclave: total time cost: %d"
,
(
time
.
Now
()
.
Sub
(
ts
))
/
time
.
Second
)
return
enclavePath
,
nil
}
// GenerateSigningMaterial impl Carrier.
func
(
c
*
occlum
)
GenerateSigningMaterial
(
req
*
task
.
CreateTaskRequest
,
args
*
carrier
.
CommonArgs
)
(
signingMaterial
string
,
err
error
)
{
timeStart
:=
time
.
Now
()
signingMaterial
=
filepath
.
Join
(
"/"
,
rootfsDirName
,
c
.
workDirectory
,
"enclave_sig.dat"
)
args
.
Config
=
filepath
.
Join
(
"/"
,
rootfsDirName
,
c
.
workDirectory
,
"Enclave.xml"
)
cmd
:=
[]
string
{
...
...
@@ -239,12 +247,14 @@ func (c *occlum) GenerateSigningMaterial(req *task.CreateTaskRequest, args *carr
return
""
,
err
}
logrus
.
Debugf
(
"GenerateSigningMaterial: sgx_sign gendata successfully"
)
logrus
.
Debugf
(
"GenerateSigningMaterial: total time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
return
signingMaterial
,
nil
}
// CascadeEnclaveSignature impl Carrier.
func
(
c
*
occlum
)
CascadeEnclaveSignature
(
req
*
task
.
CreateTaskRequest
,
args
*
carrier
.
CascadeEnclaveSignatureArgs
)
(
signedEnclave
string
,
err
error
)
{
timeStart
:=
time
.
Now
()
var
bufferSize
int64
=
1024
*
4
signedEnclave
=
filepath
.
Join
(
"/"
,
rootfsDirName
,
c
.
workDirectory
,
"./build/lib/libocclum-libos.signed.so"
)
publicKey
:=
filepath
.
Join
(
"/"
,
enclaveDataDir
,
"public_key.pem"
)
...
...
@@ -273,30 +283,36 @@ func (c *occlum) CascadeEnclaveSignature(req *task.CreateTaskRequest, args *carr
return
""
,
err
}
logrus
.
Debugf
(
"CascadeEnclaveSignature: sgx_sign catsig successfully"
)
logrus
.
Debugf
(
"CascadeEnclaveSignature: total time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
return
signedEnclave
,
nil
}
// Cleanup impl Carrier.
func
(
c
*
occlum
)
Cleanup
()
error
{
timeStart
:=
time
.
Now
()
ts
:=
timeStart
defer
func
()
{
if
c
.
task
.
client
!=
nil
{
c
.
task
.
client
.
Close
()
}
logrus
.
Debugf
(
"Cleanup: total time cost: %d"
,
(
time
.
Now
()
.
Sub
(
ts
))
/
time
.
Second
)
}()
defer
func
()
{
if
c
.
task
.
container
!=
nil
{
timeStart
=
time
.
Now
()
container
:=
*
c
.
task
.
container
if
err
:=
container
.
Delete
(
c
.
context
,
containerd
.
WithSnapshotCleanup
);
err
!=
nil
{
logrus
.
Errorf
(
"Cleanup: delete container %s failed. err: %++v"
,
container
.
ID
(),
err
)
}
logrus
.
Debugf
(
"Cleanup: delete container %s successfully."
,
container
.
ID
())
logrus
.
Debugf
(
"Cleanup: delete occlum SDK container time cost: %d"
,
(
time
.
Now
()
.
Sub
(
ts
))
/
time
.
Second
)
}
}()
if
c
.
task
.
task
==
nil
{
return
nil
}
timeStart
=
time
.
Now
()
t
:=
*
c
.
task
.
task
if
err
:=
t
.
Kill
(
c
.
context
,
syscall
.
SIGTERM
);
err
!=
nil
{
logrus
.
Errorf
(
"Cleanup: kill task %s failed. err: %++v"
,
t
.
ID
(),
err
)
...
...
@@ -321,10 +337,13 @@ func (c *occlum) Cleanup() error {
}
break
}
logrus
.
Debugf
(
"Cleanup: kill occlum SDK container task time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
timeStart
=
time
.
Now
()
if
_
,
err
:=
t
.
Delete
(
c
.
context
);
err
!=
nil
{
logrus
.
Errorf
(
"Cleanup: delete task %s failed. error: %++v"
,
t
.
ID
(),
err
)
return
err
}
logrus
.
Debugf
(
"Cleanup: delete occlum SDK container task time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
logrus
.
Debugf
(
"Cleanup: clean occlum container and task successfully"
)
return
nil
}
...
...
shim/runtime/v2/rune/v2/rune.go
浏览文件 @
2dd9140a
...
...
@@ -8,6 +8,7 @@ import (
"os/exec"
"path"
"path/filepath"
"time"
"github.com/BurntSushi/toml"
shim_config
"github.com/alibaba/inclavare-containers/shim/config"
...
...
@@ -29,13 +30,15 @@ import (
// runE main flow.
func
(
s
*
service
)
carrierMain
(
req
*
taskAPI
.
CreateTaskRequest
)
(
carrier
.
Carrier
,
error
)
{
timeStart
:=
time
.
Now
()
ts
:=
time
.
Now
()
var
err
error
var
carr
carrier
.
Carrier
defer
func
()
{
carr
.
Cleanup
()
logrus
.
Debugf
(
"carrierMain: total time cost: %d"
,
(
time
.
Now
()
.
Sub
(
ts
))
/
time
.
Second
)
}()
found
,
carrierKind
,
err
:=
getCarrierKind
(
req
.
Bundle
)
if
err
!=
nil
{
return
carr
,
err
...
...
@@ -93,6 +96,7 @@ func (s *service) carrierMain(req *taskAPI.CreateTaskRequest) (carrier.Carrier,
if
_
,
err
:=
toml
.
DecodeFile
(
constants
.
ConfigurationPath
,
&
cfg
);
err
!=
nil
{
return
carr
,
err
}
timeStart
=
time
.
Now
()
materialRealPath
:=
signingMaterial
if
carrierKind
==
rune
.
Occlum
{
materialRealPath
=
filepath
.
Join
(
req
.
Bundle
,
signingMaterial
)
...
...
@@ -114,6 +118,8 @@ func (s *service) carrierMain(req *taskAPI.CreateTaskRequest) (carrier.Carrier,
}
defer
os
.
RemoveAll
(
path
.
Dir
(
publicKey
))
}
logrus
.
Debugf
(
"carrierMain: sign enclave time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
defer
os
.
RemoveAll
(
path
.
Dir
(
publicKey
))
commonArgs
.
Key
=
publicKey
signatureFile
=
signature
}
...
...
@@ -125,7 +131,7 @@ func (s *service) carrierMain(req *taskAPI.CreateTaskRequest) (carrier.Carrier,
if
err
!=
nil
{
return
carr
,
err
}
logrus
.
Debugf
(
"
F
inished carrier: %v, signedEnclave: %s"
,
carr
,
signedEnclave
)
logrus
.
Debugf
(
"
carrierMain: f
inished carrier: %v, signedEnclave: %s"
,
carr
,
signedEnclave
)
return
carr
,
nil
}
...
...
shim/runtime/v2/rune/v2/service.go
浏览文件 @
2dd9140a
...
...
@@ -300,9 +300,10 @@ func setOCIRuntime(ctx context.Context, r *taskAPI.CreateTaskRequest) (err error
// Create a new initial process and container with the underlying OCI runtime
func
(
s
*
service
)
Create
(
ctx
context
.
Context
,
r
*
taskAPI
.
CreateTaskRequest
)
(
_
*
taskAPI
.
CreateTaskResponse
,
err
error
)
{
timeStart
:=
time
.
Now
()
ts
:=
timeStart
s
.
mu
.
Lock
()
defer
s
.
mu
.
Unlock
()
err
=
setOCIRuntime
(
ctx
,
r
)
if
err
!=
nil
{
return
nil
,
err
...
...
@@ -313,7 +314,9 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
return
nil
,
err
}
if
carrierKind
!=
rune
.
Skeleton
{
timeStart
=
time
.
Now
()
carr
,
err
:=
s
.
carrierMain
(
r
)
logrus
.
Debugf
(
"Create: carrierMain time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
if
err
!=
nil
{
return
nil
,
err
}
...
...
@@ -321,8 +324,9 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
}
data
,
_
:=
json
.
Marshal
(
r
)
logrus
.
Infof
(
"CreateTaskRequest: %s
"
,
string
(
data
)
)
logrus
.
Infof
(
"CreateTaskRequest: %s
, Carrier: %v"
,
string
(
data
),
carrierKind
)
timeStart
=
time
.
Now
()
container
,
err
:=
runc
.
NewContainer
(
ctx
,
s
.
platform
,
r
)
/*if carr.Name() == "occlum" {
...
...
@@ -348,8 +352,8 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
//}
}*/
data
,
_
=
json
.
Marshal
(
container
)
logrus
.
Infof
(
"rune.NewContainer success: %s
%s"
,
r
.
ID
,
string
(
data
)
)
logrus
.
Debugf
(
"Create: create container time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
logrus
.
Infof
(
"rune.NewContainer success: %s
"
,
r
.
ID
)
var
opts
options
.
Options
if
r
.
Options
!=
nil
{
...
...
@@ -371,7 +375,6 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
}
s
.
containers
[
r
.
ID
]
=
container
s
.
send
(
&
eventstypes
.
TaskCreate
{
ContainerID
:
r
.
ID
,
Bundle
:
r
.
Bundle
,
...
...
@@ -397,6 +400,8 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
// log.G(ctx).Infof("Attestation Failed!")
//}
}
logrus
.
Debugf
(
"Create: total time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
logrus
.
Debugf
(
"Create: total time cost: %d"
,
(
time
.
Now
()
.
Sub
(
ts
))
/
time
.
Second
)
return
&
taskAPI
.
CreateTaskResponse
{
Pid
:
uint32
(
container
.
Pid
()),
},
nil
...
...
@@ -404,6 +409,7 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
// Start a process
func
(
s
*
service
)
Start
(
ctx
context
.
Context
,
r
*
taskAPI
.
StartRequest
)
(
*
taskAPI
.
StartResponse
,
error
)
{
timeStart
:=
time
.
Now
()
container
,
err
:=
s
.
getContainer
(
r
.
ID
)
if
err
!=
nil
{
return
nil
,
err
...
...
@@ -433,6 +439,7 @@ func (s *service) Start(ctx context.Context, r *taskAPI.StartRequest) (*taskAPI.
})
}
s
.
eventSendMu
.
Unlock
()
logrus
.
Debugf
(
"Start: total time cost: %d"
,
(
time
.
Now
()
.
Sub
(
timeStart
))
/
time
.
Second
)
return
&
taskAPI
.
StartResponse
{
Pid
:
uint32
(
p
.
Pid
()),
},
nil
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录