未验证 提交 484f1580 编写于 作者: S stormgbs 提交者: GitHub

Merge pull request #56 from jiazhiguang/master

make the shim-rune adapt for occlum version 0.13
......@@ -6,6 +6,7 @@ type Containerd struct {
type Occlum struct {
BuildImage string `toml:"build_image"`
EnclaveRuntimePath string `toml:"enclave_runtime_path"`
}
type Graphene struct {
......@@ -19,8 +20,6 @@ type EnclaveRuntime struct {
type Config struct {
LogLevel string `toml:"log_level"`
SgxToolSign string `toml:"sgx_tool_sign"`
Containerd Containerd `toml:"containerd"`
EnclaveRuntime EnclaveRuntime `toml:"enclave_runtime"`
}
......@@ -141,9 +141,9 @@ function copyOcclumLiberaries() {
/bin/cp -f /usr/lib/libsgx_u*.so* ${lib_dir}
/bin/cp -f /usr/lib/libsgx_enclave_common.so.1 ${lib_dir}
/bin/cp -f /usr/lib/libsgx_launch.so.1 ${lib_dir}
ln -sfn .occlum/build/lib/libocclum-pal.so liberpal-occlum.so
# ==== fixme: the file /sbin/ldconfig maybe not exist in customer's image
chroot ${rootfs} /sbin/ldconfig
#/bin/cp -f .occlum/build/lib/libocclum-pal.so ${lib_dir}/liberpal-occlum.so
#ln -sfn .occlum/build/lib/libocclum-pal.so liberpal-occlum.so
#chroot ${rootfs} /sbin/ldconfig
popd
}
......@@ -164,6 +164,8 @@ function buildUnsignedEnclave(){
fi
# set occlum entrypoint
sed -i "s#/bin#${entry_point}#g" Occlum.json
# generate the configuration file Enclave.xml that used by enclave from Occlum.json
/opt/occlum/build/bin/gen_enclave_conf -i Occlum.json -o Enclave.xml
# build occlum image
/bin/bash ${base_dir}/replace_occlum_image.sh ${rootfs} image
# occlum build
......@@ -171,12 +173,6 @@ function buildUnsignedEnclave(){
mkdir -p ${rootfs}/${work_dir} || true
/bin/cp -fr .occlum ${rootfs}/${work_dir}
/bin/cp -f Enclave.xml ${rootfs}/${work_dir}
# ===fixme debug====
/bin/cp -fr image ${rootfs}/${work_dir}
/bin/cp -f Occlum.json ${rootfs}/${work_dir}
# ==================
# copy occlum liberaries to rootfs
copyOcclumLiberaries
popd
}
......
package occlum
import (
"strconv"
"strings"
"github.com/sirupsen/logrus"
)
const (
EnvUserSpaceSize = "OCCLUM_USER_SPACE_SIZE"
EnvKernelSpaceHeapSize = "OCCLUM_KERNEL_SPACE_HEAP_SIZE"
EnvKernelSpaceStackSize = "OCCLUM_KERNEL_SPACE_STACK_SIZE"
EnvMaxNumOfThreads = "OCCLUM_MAX_NUM_OF_THREADS"
EnvDefaultStackSize = "OCCLUM_DEFAULT_STACK_SIZE"
EnvDefaultHeapSize = "OCCLUM_DEFAULT_HEAP_SIZE"
EnvDefaultMmapSize = "OCCLUM_DEFAULT_MMAP_SIZE"
EnvProductId = "OCCLUM_PRODUCT_ID"
EnvVersionNumber = "OCCLUM_VERSION_NUMBER"
EnvDebuggable = "OCCLUM_DEBUGGABLE"
)
type OcclumConfig struct {
ResourceLimits ResourceLimits `json:"resource_limits"`
Process Process `json:"process"`
EntryPoints []string `json:"entry_points"`
Env Env `json:"env"`
Metadata Metadata `json:"metadata"`
Mount []Mount `json:"mount"`
}
type ResourceLimits struct {
UserSpaceSize string `json:"user_space_size"`
KernelSpaceHeapSize string `json:"kernel_space_heap_size"`
KernelSpaceStackSize string `json:"kernel_space_stack_size"`
MaxNumOfThreads int64 `json:"max_num_of_threads"`
}
type Process struct {
DefaultStackSize string `json:"default_stack_size"`
DefaultHeapSize string `json:"default_heap_size"`
DefaultMmapSize string `json:"default_mmap_size"`
}
type Env struct {
Default []string `json:"default"`
Untrusted []string `json:"untrusted"`
}
type Metadata struct {
ProductId int64 `json:"product_id"`
VersionNumber int64 `json:"version_number"`
Debuggable bool `json:"debuggable"`
}
type Mount struct {
Target string `json:"target"`
Type string `json:"type"`
Source string `json:"source,omitempty"`
Options map[string]interface{} `json:"options,omitempty"`
}
func (c *OcclumConfig) ApplyEnvs(envs []string) {
for _, env := range envs {
items := strings.SplitN(env, "=", 2)
if len(items) != 2 {
continue
}
k := items[0]
v := items[1]
switch k {
case EnvUserSpaceSize:
c.ResourceLimits.UserSpaceSize = v
break
case EnvKernelSpaceHeapSize:
c.ResourceLimits.KernelSpaceHeapSize = v
break
case EnvKernelSpaceStackSize:
c.ResourceLimits.KernelSpaceStackSize = v
break
case EnvMaxNumOfThreads:
i, err := strconv.ParseInt(v, 10, 64)
if err != nil {
logrus.Error("ApplyEnvs: parse environment variable %s failed. error: %++v", k, err)
}
c.ResourceLimits.MaxNumOfThreads = i
break
case EnvDefaultStackSize:
c.Process.DefaultStackSize = v
break
case EnvDefaultHeapSize:
c.Process.DefaultHeapSize = v
break
case EnvDefaultMmapSize:
c.Process.DefaultMmapSize = v
break
case EnvProductId:
i, err := strconv.ParseInt(v, 10, 64)
if err != nil {
logrus.Error("ApplyEnvs: parse environment variable %s failed. error: %++v", k, err)
}
c.Metadata.ProductId = i
break
case EnvVersionNumber:
i, err := strconv.ParseInt(v, 10, 64)
if err != nil {
logrus.Error("ApplyEnvs: parse environment variable %s failed. error: %++v", k, err)
}
c.Metadata.VersionNumber = i
break
case EnvDebuggable:
i, err := strconv.ParseBool(v)
if err != nil {
logrus.Error("ApplyEnvs: parse environment variable %s failed. error: %++v", k, err)
}
c.Metadata.Debuggable = i
break
}
}
}
func GetDefaultOcclumConfig() *OcclumConfig {
return &OcclumConfig{
ResourceLimits: ResourceLimits{
UserSpaceSize: "256MB",
KernelSpaceHeapSize: "32MB",
KernelSpaceStackSize: "1MB",
MaxNumOfThreads: 32},
Process: Process{
DefaultStackSize: "4MB",
DefaultHeapSize: "32MB",
DefaultMmapSize: "80MB",
},
EntryPoints: []string{"/bin"},
Env: Env{
Default: []string{"OCCLUM=yes"},
Untrusted: []string{"EXAMPLE"},
},
Metadata: Metadata{
ProductId: 0,
VersionNumber: 0,
Debuggable: true,
},
Mount: []Mount{
{
Target: "/",
Type: "sefs",
Source: "./image",
Options: map[string]interface{}{"integrity_only": true},
},
{
Target: "/root",
Type: "sefs",
},
{
Target: "/host",
Type: "hostfs",
Source: ".",
},
{
Target: "/tmp",
Type: "ramfs",
},
},
}
}
......@@ -2,6 +2,7 @@ package occlum
import (
"context"
"encoding/json"
"fmt"
"io/ioutil"
"math/rand"
......@@ -114,7 +115,7 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
logrus.Debugf("BuildUnsignedEnclave: pull image %s successfully", occlumEnclaveBuilderImage)
// Generate the containerId and snapshotId.
// FIXME debug
// FIXME The variables containerId and snapshotId should be generated by utils.GenerateID
rand.Seed(time.Now().UnixNano())
containerId := fmt.Sprintf("occlum-enclave-builder-%s", strconv.FormatInt(rand.Int63(), 16))
snapshotId := fmt.Sprintf("occlum-enclave-builder-snapshot-%s", strconv.FormatInt(rand.Int63(), 16))
......@@ -199,16 +200,24 @@ func (c *occlum) BuildUnsignedEnclave(req *task.CreateTaskRequest, args *carrier
"--work_dir", c.workDirectory,
"--rootfs", filepath.Join("/", rootfsDirName),
}
var occlumConfigPath string
if c.configPath != "" {
cmd = append(cmd, "--occlum_config_path", filepath.Join("/", rootfsDirName, c.configPath))
occlumConfigPath = filepath.Join("/", rootfsDirName, c.configPath)
} else {
c.configPath = "Occlum.json"
occlumConfigPath = filepath.Join("/", enclaveDataDir, c.configPath)
hostPath := filepath.Join(c.bundle, enclaveDataDir, c.configPath)
if err := c.saveOcclumConfig(hostPath); err != nil {
return "", err
}
}
cmd = append(cmd, "--occlum_config_path", occlumConfigPath)
logrus.Debugf("BuildUnsignedEnclave: command: %v", cmd)
if err := c.execTask(cmd...); err != nil {
logrus.Errorf("BuildUnsignedEnclave: exec failed. error: %++v", err)
return "", err
}
enclavePath := filepath.Join("/", rootfsDirName, c.workDirectory, ".occlum/build/lib/libocclum-libos.so")
return enclavePath, nil
}
......@@ -287,6 +296,7 @@ func (c *occlum) Cleanup() error {
if c.task.task == nil {
return nil
}
t := *c.task.task
if err := t.Kill(c.context, syscall.SIGTERM); err != nil {
logrus.Errorf("Cleanup: kill task %s failed. err: %++v", t.ID(), err)
......@@ -327,7 +337,10 @@ func (c *occlum) initBundleConfig() error {
}
c.workDirectory = spec.Process.Cwd
c.entryPoints = spec.Process.Args
enclaveRuntimePath := fmt.Sprintf("%s/liberpal-occlum.so", c.workDirectory)
enclaveRuntimePath := c.shimConfig.EnclaveRuntime.Occlum.EnclaveRuntimePath
if enclaveRuntimePath == "" {
enclaveRuntimePath = fmt.Sprintf("%s/liberpal-occlum.so", c.workDirectory)
}
envs := map[string]string{
carr_const.EnclaveRuntimePathKeyName: enclaveRuntimePath,
carr_const.EnclaveTypeKeyName: string(carr_const.IntelSGX),
......@@ -344,6 +357,19 @@ func (c *occlum) initBundleConfig() error {
return config.SaveSpec(configPath, spec)
}
func (o *occlum) saveOcclumConfig(path string) error {
if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
return err
}
cfg := GetDefaultOcclumConfig()
cfg.ApplyEnvs(o.spec.Process.Env)
bytes, err := json.Marshal(cfg)
if err != nil {
return err
}
return ioutil.WriteFile(path, bytes, 0644)
}
func createNamespaceIfNotExist(client *containerd.Client, namespace string) error {
svc := client.NamespaceService()
......
......@@ -294,12 +294,6 @@ func setOCIRuntime(ctx context.Context, r *taskAPI.CreateTaskRequest) (err error
return err
}
}
//err = config.UpdateEnclaveEnvConfig(filepath.Join(r.Bundle, "config.json"))
//if err != nil {
// return err
//}
return nil
}
......@@ -324,6 +318,22 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
container, err := runc.NewContainer(ctx, s.platform, r)
if err != nil {
logrus.Errorf("rune Create NewContainer error: %++v", err)
/*//FIXME debug
if _, err := os.Stat(r.Bundle); err == nil {
path := "/tmp/rune-container-test/runc-rootfs"
os.RemoveAll(path)
os.MkdirAll(path, 0644)
args := []string{
"-r", r.Bundle, path,
}
if b, err := exec.Command("cp", args...).CombinedOutput(); err != nil {
logrus.Errorf("failed to copy bundles. error:%s, %v", string(b), err)
}
logrus.Infof("copy runc bundle %s to %s", r.Bundle, path)
time.Sleep(time.Minute)
} else {
logrus.Infof("bundle dir is not exist.", r.Bundle)
}*/
return nil, err
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册