Merge pull request #56 from jiazhiguang/master

make the shim-rune adapt for occlum version 0.13

Merge pull request #56 from jiazhiguang/master
make the shim-rune adapt for occlum version 0.13
484f1580 · stormgbs · GitHub · b8f153c7 · f72664a8 · 484f1580
5 changed file
--- a/shim/config/config.go
+++ b/shim/config/config.go
@@ -5,22 +5,21 @@ type Containerd struct {
 }

 type Occlum struct {
-	BuildImage string `toml:"build_image"`
+	BuildImage         string `toml:"build_image"`
+	EnclaveRuntimePath string `toml:"enclave_runtime_path"`
 }

 type Graphene struct {
 }

 type EnclaveRuntime struct {
-	Occlum   Occlum `toml:"occlum"`
+	Occlum   Occlum   `toml:"occlum"`
 	Graphene Graphene `toml:"graphene"`
 }

 type Config struct {
-	LogLevel    string `toml:"log_level"`
-	SgxToolSign string `toml:"sgx_tool_sign"`
-
-	Containerd Containerd `toml:"containerd"`
-
+	LogLevel       string         `toml:"log_level"`
+	SgxToolSign    string         `toml:"sgx_tool_sign"`
+	Containerd     Containerd     `toml:"containerd"`
 	EnclaveRuntime EnclaveRuntime `toml:"enclave_runtime"`
 }
--- a/shim/runtime/carrier/constants/constants.go
+++ b/shim/runtime/carrier/constants/constants.go
@@ -141,9 +141,9 @@ function copyOcclumLiberaries() {
  /bin/cp -f /usr/lib/libsgx_u*.so* ${lib_dir}
  /bin/cp -f /usr/lib/libsgx_enclave_common.so.1 ${lib_dir}
  /bin/cp -f /usr/lib/libsgx_launch.so.1 ${lib_dir}
-  ln -sfn .occlum/build/lib/libocclum-pal.so liberpal-occlum.so
-  # ==== fixme: the file /sbin/ldconfig maybe not exist in customer's image
-  chroot ${rootfs} /sbin/ldconfig
+  #/bin/cp -f .occlum/build/lib/libocclum-pal.so ${lib_dir}/liberpal-occlum.so
+  #ln -sfn .occlum/build/lib/libocclum-pal.so liberpal-occlum.so
+  #chroot ${rootfs} /sbin/ldconfig
  popd
 }

@@ -164,6 +164,8 @@ function buildUnsignedEnclave(){
  fi
  # set occlum entrypoint
  sed -i "s#/bin#${entry_point}#g" Occlum.json
+  # generate the configuration file Enclave.xml that used by enclave from Occlum.json
+  /opt/occlum/build/bin/gen_enclave_conf -i Occlum.json -o Enclave.xml
  # build occlum image
  /bin/bash ${base_dir}/replace_occlum_image.sh ${rootfs} image
  # occlum build
@@ -171,12 +173,6 @@ function buildUnsignedEnclave(){
  mkdir -p ${rootfs}/${work_dir} || true
  /bin/cp -fr .occlum ${rootfs}/${work_dir}
  /bin/cp -f Enclave.xml ${rootfs}/${work_dir}
-  # ===fixme debug====
-  /bin/cp -fr image ${rootfs}/${work_dir}
-  /bin/cp -f Occlum.json ${rootfs}/${work_dir}
-  # ==================
-  # copy occlum liberaries to rootfs
-  copyOcclumLiberaries
  popd
 }


--- a/shim/runtime/carrier/occlum/config.go
+++ b/shim/runtime/carrier/occlum/config.go
+package occlum
+
+import (
+	"strconv"
+	"strings"
+
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	EnvUserSpaceSize        = "OCCLUM_USER_SPACE_SIZE"
+	EnvKernelSpaceHeapSize  = "OCCLUM_KERNEL_SPACE_HEAP_SIZE"
+	EnvKernelSpaceStackSize = "OCCLUM_KERNEL_SPACE_STACK_SIZE"
+	EnvMaxNumOfThreads      = "OCCLUM_MAX_NUM_OF_THREADS"
+	EnvDefaultStackSize     = "OCCLUM_DEFAULT_STACK_SIZE"
+	EnvDefaultHeapSize      = "OCCLUM_DEFAULT_HEAP_SIZE"
+	EnvDefaultMmapSize      = "OCCLUM_DEFAULT_MMAP_SIZE"
+	EnvProductId            = "OCCLUM_PRODUCT_ID"
+	EnvVersionNumber        = "OCCLUM_VERSION_NUMBER"
+	EnvDebuggable           = "OCCLUM_DEBUGGABLE"
+)
+
+type OcclumConfig struct {
+	ResourceLimits ResourceLimits `json:"resource_limits"`
+	Process        Process        `json:"process"`
+	EntryPoints    []string       `json:"entry_points"`
+	Env            Env            `json:"env"`
+	Metadata       Metadata       `json:"metadata"`
+	Mount          []Mount        `json:"mount"`
+}
+
+type ResourceLimits struct {
+	UserSpaceSize        string `json:"user_space_size"`
+	KernelSpaceHeapSize  string `json:"kernel_space_heap_size"`
+	KernelSpaceStackSize string `json:"kernel_space_stack_size"`
+	MaxNumOfThreads      int64  `json:"max_num_of_threads"`
+}
+
+type Process struct {
+	DefaultStackSize string `json:"default_stack_size"`
+	DefaultHeapSize  string `json:"default_heap_size"`
+	DefaultMmapSize  string `json:"default_mmap_size"`
+}
+
+type Env struct {
+	Default   []string `json:"default"`
+	Untrusted []string `json:"untrusted"`
+}
+
+type Metadata struct {
+	ProductId     int64 `json:"product_id"`
+	VersionNumber int64 `json:"version_number"`
+	Debuggable    bool  `json:"debuggable"`
+}
+
+type Mount struct {
+	Target  string                 `json:"target"`
+	Type    string                 `json:"type"`
+	Source  string                 `json:"source,omitempty"`
+	Options map[string]interface{} `json:"options,omitempty"`
+}
+
+func (c *OcclumConfig) ApplyEnvs(envs []string) {
+	for _, env := range envs {
+		items := strings.SplitN(env, "=", 2)
+		if len(items) != 2 {
+			continue
+		}
+		k := items[0]
+		v := items[1]
+		switch k {
+		case EnvUserSpaceSize:
+			c.ResourceLimits.UserSpaceSize = v
+			break
+		case EnvKernelSpaceHeapSize:
+			c.ResourceLimits.KernelSpaceHeapSize = v
+			break
+		case EnvKernelSpaceStackSize:
+			c.ResourceLimits.KernelSpaceStackSize = v
+			break
+		case EnvMaxNumOfThreads:
+			i, err := strconv.ParseInt(v, 10, 64)
+			if err != nil {
+				logrus.Error("ApplyEnvs: parse environment variable %s failed. error: %++v", k, err)
+			}
+			c.ResourceLimits.MaxNumOfThreads = i
+			break
+		case EnvDefaultStackSize:
+			c.Process.DefaultStackSize = v
+			break
+		case EnvDefaultHeapSize:
+			c.Process.DefaultHeapSize = v
+			break
+		case EnvDefaultMmapSize:
+			c.Process.DefaultMmapSize = v
+			break
+		case EnvProductId:
+			i, err := strconv.ParseInt(v, 10, 64)
+			if err != nil {
+				logrus.Error("ApplyEnvs: parse environment variable %s failed. error: %++v", k, err)
+			}
+			c.Metadata.ProductId = i
+			break
+		case EnvVersionNumber:
+			i, err := strconv.ParseInt(v, 10, 64)
+			if err != nil {
+				logrus.Error("ApplyEnvs: parse environment variable %s failed. error: %++v", k, err)
+			}
+			c.Metadata.VersionNumber = i
+			break
+		case EnvDebuggable:
+			i, err := strconv.ParseBool(v)
+			if err != nil {
+				logrus.Error("ApplyEnvs: parse environment variable %s failed. error: %++v", k, err)
+			}
+			c.Metadata.Debuggable = i
+			break
+		}
+	}
+}
+
+func GetDefaultOcclumConfig() *OcclumConfig {
+	return &OcclumConfig{
+		ResourceLimits: ResourceLimits{
+			UserSpaceSize:        "256MB",
+			KernelSpaceHeapSize:  "32MB",
+			KernelSpaceStackSize: "1MB",
+			MaxNumOfThreads:      32},
+		Process: Process{
+			DefaultStackSize: "4MB",
+			DefaultHeapSize:  "32MB",
+			DefaultMmapSize:  "80MB",
+		},
+		EntryPoints: []string{"/bin"},
+		Env: Env{
+			Default:   []string{"OCCLUM=yes"},
+			Untrusted: []string{"EXAMPLE"},
+		},
+		Metadata: Metadata{
+			ProductId:     0,
+			VersionNumber: 0,
+			Debuggable:    true,
+		},
+		Mount: []Mount{
+			{
+				Target:  "/",
+				Type:    "sefs",
+				Source:  "./image",
+				Options: map[string]interface{}{"integrity_only": true},
+			},
+			{
+				Target: "/root",
+				Type:   "sefs",
+			},
+			{
+				Target: "/host",
+				Type:   "hostfs",
+				Source: ".",
+			},
+			{
+				Target: "/tmp",
+				Type:   "ramfs",
+			},
+		},
+	}
+}
--- a/shim/runtime/carrier/occlum/occlum.go
+++ b/shim/runtime/carrier/occlum/occlum.go
@@ -2,6 +2,7 @@ package occlum

 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"math/rand"
@@ -114,7 +115,7 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
 	logrus.Debugf("BuildUnsignedEnclave: pull image %s successfully", occlumEnclaveBuilderImage)

 	// Generate the containerId and snapshotId.
-	// FIXME debug
+	// FIXME The variables containerId and snapshotId should be generated by utils.GenerateID
 	rand.Seed(time.Now().UnixNano())
 	containerId := fmt.Sprintf("occlum-enclave-builder-%s", strconv.FormatInt(rand.Int63(), 16))
 	snapshotId := fmt.Sprintf("occlum-enclave-builder-snapshot-%s", strconv.FormatInt(rand.Int63(), 16))
@@ -199,16 +200,24 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
 		"--work_dir", c.workDirectory,
 		"--rootfs", filepath.Join("/", rootfsDirName),
 	}
+	var occlumConfigPath string
 	if c.configPath != "" {
-		cmd = append(cmd, "--occlum_config_path", filepath.Join("/", rootfsDirName, c.configPath))
+		occlumConfigPath = filepath.Join("/", rootfsDirName, c.configPath)
+	} else {
+		c.configPath = "Occlum.json"
+		occlumConfigPath = filepath.Join("/", enclaveDataDir, c.configPath)
+		hostPath := filepath.Join(c.bundle, enclaveDataDir, c.configPath)
+		if err := c.saveOcclumConfig(hostPath); err != nil {
+			return "", err
+		}
 	}
+	cmd = append(cmd, "--occlum_config_path", occlumConfigPath)
 	logrus.Debugf("BuildUnsignedEnclave: command: %v", cmd)
 	if err := c.execTask(cmd...); err != nil {
 		logrus.Errorf("BuildUnsignedEnclave: exec failed. error: %++v", err)
 		return "", err
 	}
 	enclavePath := filepath.Join("/", rootfsDirName, c.workDirectory, ".occlum/build/lib/libocclum-libos.so")
-
 	return enclavePath, nil
 }

@@ -287,6 +296,7 @@ func (c *occlum) Cleanup() error {
 	if c.task.task == nil {
 		return nil
 	}
+
 	t := *c.task.task
 	if err := t.Kill(c.context, syscall.SIGTERM); err != nil {
 		logrus.Errorf("Cleanup: kill task %s failed. err: %++v", t.ID(), err)
@@ -327,7 +337,10 @@ func (c *occlum) initBundleConfig() error {
 	}
 	c.workDirectory = spec.Process.Cwd
 	c.entryPoints = spec.Process.Args
-	enclaveRuntimePath := fmt.Sprintf("%s/liberpal-occlum.so", c.workDirectory)
+	enclaveRuntimePath := c.shimConfig.EnclaveRuntime.Occlum.EnclaveRuntimePath
+	if enclaveRuntimePath == "" {
+		enclaveRuntimePath = fmt.Sprintf("%s/liberpal-occlum.so", c.workDirectory)
+	}
 	envs := map[string]string{
 		carr_const.EnclaveRuntimePathKeyName: enclaveRuntimePath,
 		carr_const.EnclaveTypeKeyName:        string(carr_const.IntelSGX),
@@ -344,6 +357,19 @@ func (c *occlum) initBundleConfig() error {
 	return config.SaveSpec(configPath, spec)
 }

+func (o *occlum) saveOcclumConfig(path string) error {
+	if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
+		return err
+	}
+	cfg := GetDefaultOcclumConfig()
+	cfg.ApplyEnvs(o.spec.Process.Env)
+	bytes, err := json.Marshal(cfg)
+	if err != nil {
+		return err
+	}
+	return ioutil.WriteFile(path, bytes, 0644)
+}
+
 func createNamespaceIfNotExist(client *containerd.Client, namespace string) error {
 	svc := client.NamespaceService()


--- a/shim/runtime/v2/rune/v2/service.go
+++ b/shim/runtime/v2/rune/v2/service.go
@@ -294,12 +294,6 @@ func setOCIRuntime(ctx context.Context, r *taskAPI.CreateTaskRequest) (err error
 			return err
 		}
 	}
-
-	//err = config.UpdateEnclaveEnvConfig(filepath.Join(r.Bundle, "config.json"))
-	//if err != nil {
-	//	return err
-	//}
-
 	return nil
 }

@@ -324,6 +318,22 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
 	container, err := runc.NewContainer(ctx, s.platform, r)
 	if err != nil {
 		logrus.Errorf("rune Create NewContainer error: %++v", err)
+		/*//FIXME debug
+		if _, err := os.Stat(r.Bundle); err == nil {
+			path := "/tmp/rune-container-test/runc-rootfs"
+			os.RemoveAll(path)
+			os.MkdirAll(path, 0644)
+			args := []string{
+				"-r", r.Bundle, path,
+			}
+			if b, err := exec.Command("cp", args...).CombinedOutput(); err != nil {
+				logrus.Errorf("failed to copy bundles. error:%s, %v", string(b), err)
+			}
+			logrus.Infof("copy runc bundle %s to %s", r.Bundle, path)
+			time.Sleep(time.Minute)
+		} else {
+			logrus.Infof("bundle dir is not exist.", r.Bundle)
+		}*/
 		return nil, err
 	}