Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deploy gateway backend as sgx #2050

Merged
merged 17 commits into from
Oct 4, 2024
Merged

Deploy gateway backend as sgx #2050

merged 17 commits into from
Oct 4, 2024

Conversation

zkokelj
Copy link
Contributor

@zkokelj zkokelj commented Sep 10, 2024
edited
Loading

Why this change is needed

We want to run Ten Gateway inside an SGX enclave so users don't need to trust us anymore and we can prove which code we are running and that we are running it inside a TEE.

What changes were made as part of this PR

  • New dockerfile added to run gateway inside an enclave
  • Files added required to run app in SGX (entry.sh, enclave.json)
  • Changed VM type to a type that supports SGX
  • Fixes for converting some objects to string that caused the gateway to crash in SGX mode

Please provide a high level list of the changes made

PR checks pre-merging

Please indicate below by ticking the checkbox that you have read and performed the required
PR checks

  • PR checks reviewed and performed

@zkokelj zkokelj changed the title deploy gateway backend as sgx WIP: deploy gateway backend as sgx Sep 10, 2024
@zkokelj zkokelj changed the title WIP: deploy gateway backend as sgx Deploy gateway backend as sgx Sep 12, 2024
@tudor-malene
Copy link
Collaborator

Why this change is needed

Please provide a description and a link to the underlying ticket

What changes were made as part of this PR

Please provide a high level list of the changes made

PR checks pre-merging

Please indicate below by ticking the checkbox that you have read and performed the required PR checks

  • PR checks reviewed and performed

don't forget the descriptions

tudor-malene
tudor-malene reviewed Sep 12, 2024
View reviewed changes
Copy link
Collaborator

@tudor-malene tudor-malene left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm.
Few minor things

.github/workflows/manual-deploy-obscuro-gateway.yml Outdated
-host=0.0.0.0 -port=80 -portWS=81 -nodeHost=${{ env.L2_RPC_URL_VALIDATOR }} -verbose=true \
-logPath=sys_out -dbType=mariaDB -dbConnectionURL="obscurouser:${{ secrets.OBSCURO_GATEWAY_MARIADB_USER_PWD }}@tcp(obscurogateway-mariadb-${{ github.event.inputs.testnet_type }}.uksouth.cloudapp.azure.com:3306)/ogdb" \
-rateLimitUserComputeTime=${{ env.GATEWAY_RATE_LIMIT_USER_COMPUTE_TIME }} -rateLimitWindow=${{ env.GATEWAY_RATE_LIMIT_WINDOW }} -maxConcurrentRequestsPerUser=${{ env.GATEWAY_MAX_CONCURRENT_REQUESTS_PER_USER }} '
-e OE_SIMULATION=1 \
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need to be able to switch from simulation ON (for the local container) to simulation OFF ( for testnet)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can do that now. This is github action file which is executed on Azure only.
I guess we will deploy only with non simulation mode, but if you think we need to deploy on Azure also with simulation mode sometimes, then I can introduce new env variable which can control that.

To run it locally we can simply run it like that:

docker run -d \
  -p 3000:3000 \
  -p 3001:3001 \
  --name local-gateway \
  --ulimit core=-1 \
  -v /tmp/cores:/tmp/cores \
  --security-opt seccomp=unconfined \
  --entrypoint "/home/ten/go-ten/tools/walletextension/main/entry.sh" \
  -e OBSCURO_GATEWAY_VERSION="local" \
  -e OE_SIMULATION=1 \
  gateway \
  ego run /home/ten/go-ten/tools/walletextension/main/main \
  -host=0.0.0.0 -port=3000 -verbose=true

tools/walletextension/enclave.Dockerfile
# deploy = copies over only the enclave executable without the source
# in a lightweight base image specialized for deployment and prepares the /data/ folder.

# Final container folder structure:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this comment here is not accurate

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

tudor-malene
tudor-malene approved these changes Oct 4, 2024
View reviewed changes
Copy link
Collaborator

@tudor-malene tudor-malene left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@zkokelj zkokelj merged commit ca2a23d into main Oct 4, 2024
4 checks passed
@zkokelj zkokelj deleted the ziga/deploy_gateway_backend_as_sgx branch October 4, 2024 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tudor-malene tudor-malene tudor-malene approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zkokelj @tudor-malene