From bc68f41a3c7523d3e54fc43516f4208027314e48 Mon Sep 17 00:00:00 2001 From: Kasper Ziemianek Date: Tue, 29 Oct 2024 08:57:23 +0100 Subject: [PATCH] add running instructions (#3145) * add running instructions --- tee-worker/omni-executor/.gitignore | 2 +- tee-worker/omni-executor/Makefile | 8 ++-- tee-worker/omni-executor/README.md | 18 +++++++- .../omni-executor/omni-executor.manifest | 44 ------------------- .../omni-executor.manifest.template | 4 ++ 5 files changed, 26 insertions(+), 50 deletions(-) delete mode 100644 tee-worker/omni-executor/omni-executor.manifest diff --git a/tee-worker/omni-executor/.gitignore b/tee-worker/omni-executor/.gitignore index 7ea756c65e..e769399665 100644 --- a/tee-worker/omni-executor/.gitignore +++ b/tee-worker/omni-executor/.gitignore @@ -4,4 +4,4 @@ target/ **/*.bin cache - +omni-executor.manifest diff --git a/tee-worker/omni-executor/Makefile b/tee-worker/omni-executor/Makefile index 375c12114e..5c91358fef 100644 --- a/tee-worker/omni-executor/Makefile +++ b/tee-worker/omni-executor/Makefile @@ -3,7 +3,7 @@ ARCH_LIBDIR ?= /lib/$(shell $(CC) -dumpmachine) -SELF_EXE = target/release/omni-executor +SELF_EXE = target/release/executor-worker .PHONY: all all: $(SELF_EXE) omni-executor.manifest @@ -51,7 +51,7 @@ endif .PHONY: start-gramine-server start-gramine-server: all - $(GRAMINE) tee-bridge + $(GRAMINE) omni-executor ${ARGS} .PHONY: clean clean: @@ -67,11 +67,11 @@ build-docker: .PHONY: start-local start-local: - docker-compose up + docker compose up .PHONY: stop-local stop-local: - docker-compose down + docker compose down .PHONY: get-omni-pallet-metadata get-omni-pallet-metadata: diff --git a/tee-worker/omni-executor/README.md b/tee-worker/omni-executor/README.md index 314d1e163a..bbd8ead1b4 100644 --- a/tee-worker/omni-executor/README.md +++ b/tee-worker/omni-executor/README.md @@ -1,3 +1,19 @@ # Omni-executor worker -! Connect to trusted RPC endpoints ! \ No newline at end of file +! Connect to trusted RPC endpoints ! + +## Running inside TEE + +Gramine is required for running inside TEE, please refer to [installation options](https://gramine.readthedocs.io/en/stable/installation.html). + +1. `make SGX=1` to build and sign application +2. `RUST_LOG=info gramine-sgx omni-executor -- ` + + +## Running whole setup locally + +Build omni-executor docker image first `make build-docker`. +Start local environment using `make start-local` command. + + +First service run will generate substrate account, it needs to set as omni executor in `omniAccount` pallet. \ No newline at end of file diff --git a/tee-worker/omni-executor/omni-executor.manifest b/tee-worker/omni-executor/omni-executor.manifest deleted file mode 100644 index fddc897506..0000000000 --- a/tee-worker/omni-executor/omni-executor.manifest +++ /dev/null @@ -1,44 +0,0 @@ -[loader] -entrypoint = "file:/usr/lib/x86_64-linux-gnu/gramine/libsysdb.so" -log_level = "error" - -[loader.env] -LD_LIBRARY_PATH = "/lib:/lib/x86_64-linux-gnu" -MALLOC_ARENA_MAX = "1" -RUST_BACKTRACE = "full" - -[libos] -entrypoint = "target/release/omni-executor" - -[fs] -mounts = [ - { path = "/lib", uri = "file:/usr/lib/x86_64-linux-gnu/gramine/runtime/glibc" }, - { path = "/lib/x86_64-linux-gnu", uri = "file:/lib/x86_64-linux-gnu" }, -] - -[sgx] -debug = true -edmm_enable = false -trusted_files = [ - { uri = "file:/usr/lib/x86_64-linux-gnu/gramine/libsysdb.so" }, - { uri = "file:target/release/omni-executor" }, - { uri = "file:/usr/lib/x86_64-linux-gnu/gramine/runtime/glibc/" }, - { uri = "file:/lib/x86_64-linux-gnu/" }, -] -max_threads = 8 -isvprodid = 0 -isvsvn = 0 -remote_attestation = "none" -enable_stats = false -enclave_size = "256M" -use_exinfo = false - -[sgx.cpu_features] -avx = "unspecified" -avx512 = "unspecified" -amx = "unspecified" -mpx = "disabled" -pkru = "disabled" - -[sys] -enable_extra_runtime_domain_names_conf = true diff --git a/tee-worker/omni-executor/omni-executor.manifest.template b/tee-worker/omni-executor/omni-executor.manifest.template index b846149bff..526945bbdc 100644 --- a/tee-worker/omni-executor/omni-executor.manifest.template +++ b/tee-worker/omni-executor/omni-executor.manifest.template @@ -43,3 +43,7 @@ sgx.trusted_files = [ # - helper threads internal to Gramine — see: # https://gramine.readthedocs.io/en/stable/manifest-syntax.html#number-of-threads sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '64' }} + +# for easy demo setup +loader.insecure__use_cmdline_argv = true +loader.insecure__use_host_env = true \ No newline at end of file