manager

package
v0.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 9, 2025 License: Apache-2.0 Imports: 36 Imported by: 0

README

Manager

Manager service provides a barebones gRPC API and Service interface implementation for the development of the manager service.

Configuration

The service is configured using the environment variables from the following table. Note that any unset variables will be replaced with their default values.

Variable Description Default
COCOS_JAEGER_URL The URL for the Jaeger tracing endpoint. http://localhost:4318
COCOS_JAEGER_TRACE_RATIO The ratio of traces to sample. 1.0
MANAGER_INSTANCE_ID The instance ID for the manager service.
MANAGER_ATTESTATION_POLICY_BINARY The file path for the attestation policy binarie. ../../build/attestation_policy
MANAGER_IGVMMEASURE_BINARY The file path for the igvmmeasure binarie. ../../build/igvmmeasure
MANAGER_PCR_VALUES The file path for the file with the expected PCR values.
MANAGER_GRPC_CLIENT_CERT The file path for the client certificate.
MANAGER_GRPC_CLIENT_KEY The file path for the client private key.
MANAGER_GRPC_SERVER_CA_CERTS The file path for the server CA certificate(s).
MANAGER_GRPC_URL The URL for the gRPC endpoint. localhost:7001
MANAGER_GRPC_TIMEOUT The timeout for gRPC requests. 60s
MANAGER_EOS_VERSION The EOS version used for booting CVMs.
MANAGER_INSTANCE_ID Manager service instance ID
MANAGER_QEMU_MEMORY_SIZE The total memory size for the virtual machine. Can be specified in a human-readable format like "2048M" or "4G". 2048M
MANAGER_QEMU_MEMORY_SLOTS The number of memory slots for the virtual machine. 5
MANAGER_QEMU_MAX_MEMORY The maximum memory size for the virtual machine. Can be specified in a human-readable format like "30G". 30G
MANAGER_QEMU_OVMF_CODE_IF The interface type for the OVMF code. pflash
MANAGER_QEMU_OVMF_CODE_FORMAT The format of the OVMF code file. raw
MANAGER_QEMU_OVMF_CODE_UNIT The unit number for the OVMF code. 0
MANAGER_QEMU_OVMF_CODE_FILE The file path for the OVMF code. /usr/share/OVMF/OVMF_CODE.fd
MANAGER_QEMU_OVMF_VERSION The version number of EDKII from which OVMF was built edk2-stable202408
MANAGER_QEMU_OVMF_CODE_READONLY Whether the OVMF code should be read-only. on
MANAGER_QEMU_OVMF_VARS_IF The interface type for the OVMF variables. pflash
MANAGER_QEMU_OVMF_VARS_FORMAT The format of the OVMF variables file. raw
MANAGER_QEMU_OVMF_VARS_UNIT The unit number for the OVMF variables. 1
MANAGER_QEMU_OVMF_VARS_FILE The file path for the OVMF variables. /usr/share/OVMF/OVMF_VARS.fd
MANAGER_QEMU_NETDEV_ID The ID for the network device. vmnic
MANAGER_QEMU_HOST_FWD_AGENT The port number for the host forward agent. 7020
MANAGER_QEMU_GUEST_FWD_AGENT The port number for the guest forward agent. 7002
MANAGER_QEMU_VIRTIO_NET_PCI_DISABLE_LEGACY Whether to disable the legacy PCI device. on
MANAGER_QEMU_VIRTIO_NET_PCI_IOMMU_PLATFORM Whether to enable the IOMMU platform for the virtio-net PCI device. true
MANAGER_QEMU_VIRTIO_NET_PCI_ADDR The PCI address for the virtio-net PCI device. 0x2
MANAGER_QEMU_VIRTIO_NET_PCI_ROMFILE The file path for the ROM image for the virtio-net PCI device.
MANAGER_QEMU_DISK_IMG_KERNEL_FILE The file path for the kernel image. img/bzImage
MANAGER_QEMU_DISK_IMG_ROOTFS_FILE The file path for the root filesystem image. img/rootfs.cpio.gz
MANAGER_QEMU_SEV_ID The ID for the Secure Encrypted Virtualization (SEV) device. sev0
MANAGER_QEMU_SEV_CBITPOS The position of the C-bit in the physical address. 51
MANAGER_QEMU_SEV_REDUCED_PHYS_BITS The number of reduced physical address bits for SEV. 1
MANAGER_QEMU_ENABLE_HOST_DATA Enable additional data for the SEV host. false
MANAGER_QEMU_HOST_DATA Additional data for the SEV host.
MANAGER_QEMU_IGVM_ID The ID of the IGVM file. igvm0
MANAGER_QEMU_IGVM_FILE The file path to the IGVM file. /root/coconut-qemu.igvm
MANAGER_QEMU_VSOCK_ID The ID for the virtual socket device. vhost-vsock-pci0
MANAGER_QEMU_VSOCK_GUEST_CID The guest-side CID (Context ID) for the virtual socket device. 3
MANAGER_QEMU_VSOCK_VNC Whether to enable the virtual socket device for VNC. 0
MANAGER_QEMU_BIN_PATH The file path for the QEMU binary. qemu-system-x86_64
MANAGER_QEMU_USE_SUDO Whether to use sudo to run QEMU. false
MANAGER_QEMU_ENABLE_SEV Whether to enable Secure Encrypted Virtualization (SEV). false
MANAGER_QEMU_ENABLE_SEV_SNP Whether to enable Secure Nested Paging (SEV-SNP). true
MANAGER_QEMU_ENABLE_KVM Whether to enable the Kernel-based Virtual Machine (KVM) acceleration. true
MANAGER_QEMU_MACHINE The machine type for QEMU. q35
MANAGER_QEMU_CPU The CPU model for QEMU. EPYC
MANAGER_QEMU_SMP_COUNT The number of virtual CPUs. 4
MANAGER_QEMU_SMP_MAXCPUS The maximum number of virtual CPUs. 64
MANAGER_QEMU_MEM_ID The ID for the memory device. ram1
MANAGER_QEMU_NO_GRAPHIC Whether to disable the graphical display. true
MANAGER_QEMU_MONITOR The type of monitor to use. pty
MANAGER_QEMU_HOST_FWD_RANGE The range of host ports to forward. 6100-6200

Setup

git clone https://github.com/ultravioletrs/cocos
cd cocos

NB: all relative paths in this document are relative to cocos repository directory.

QEMU-KVM

QEMU-KVM is a virtualization platform that allows you to run multiple operating systems on the same physical machine. It is a combination of two technologies: QEMU and KVM.

  • QEMU is an emulator that can run a variety of operating systems, including Linux, Windows, and macOS.
  • KVM is a Linux kernel module that allows QEMU to run virtual machines.

To install QEMU-KVM on a Debian based machine, run

sudo apt update
sudo apt install qemu-kvm

Create img directory in cmd/manager.

Virtual filesystem

9P (or Plan 9 Filesystem) in QEMU is a lightweight, network-based file-sharing protocol. In Cocos, the 9P is used to transfer environment variables and TLS certificates for cloud communication from the Manager to the Agent.

You should define the environment variables in a file called environment. For the number and meaning of the environment variables, please refer to the Agent Readme.

Prepare Cocos HAL

Cocos HAL for Linux is framework for building custom in-enclave Linux distribution. Use the instructions in Readme. Once the image is built copy the kernel and rootfs image to cmd/manager/img from buildroot/output/images/bzImage and buildroot/output/images/rootfs.cpio.gz respectively.

Another option is to use release versions of EOS that can be downloaded from the Cocos GitHub repository.

Test VM creation
cd cmd/manager

sudo find / -name OVMF_CODE.fd
# => /usr/share/OVMF/OVMF_CODE.fd
OVMF_CODE=/usr/share/OVMF/OVMF_CODE.fd

sudo find / -name OVMF_VARS.fd
# => /usr/share/OVMF/OVMF_VARS.fd

# Create a local copy of OVMF_VARS.
cp /usr/share/OVMF/OVMF_VARS.fd .

# Create a directory for the environment file and the certificates for cloud certificates.
mkdir env
mkdir certs

# Enter the env directory and create the environemnt file.
cd env
touch environment

# Define Computations endpoint URL for agent.
# Make sure the Computation endpoint is running (like Cocos Prism).
echo AGENT_CVM_GRPC_URL=localhost:7001 >> ./environment
# Define log level for the agent.
echo AGENT_LOG_LEVEL=debug >> ./environment

# Return to cmd/manager
cd ..

OVMF_VARS=./OVMF_VARS.fd
KERNEL="img/bzImage"
INITRD="img/rootfs.cpio.gz"
ENV_PATH=./env
CERTH_PATH=./certs

qemu-system-x86_64 \
    -enable-kvm \
    -cpu EPYC-v4 \
    -machine q35 \
    -smp 4 \
    -m 2048M,slots=5,maxmem=10240M \
    -no-reboot \
    -drive if=pflash,format=raw,unit=0,file=$OVMF_CODE,readonly=on \
    -drive if=pflash,format=raw,unit=1,file=$OVMF_VARS \
    -netdev user,id=vmnic,hostfwd=tcp::7020-:7002 \
    -device virtio-net-pci,disable-legacy=on,iommu_platform=true,netdev=vmnic,romfile= \
    -kernel $KERNEL \
    -append "earlyprintk=serial console=ttyS0" \
    -initrd $INITRD \
    -nographic \
    -monitor pty \
    -monitor unix:monitor,server,nowait \
    -fsdev local,id=env_fs,path=$ENV_PATH,security_model=mapped \
    -device virtio-9p-pci,fsdev=env_fs,mount_tag=env_share \
    -fsdev local,id=cert_fs,path=$CERTH_PATH,security_model=mapped \
    -device virtio-9p-pci,fsdev=cert_fs,mount_tag=certs_share

Once the VM is booted press enter and on the login use username root.

Build and run Agent

Agent is started automatically in the VM.

# List running processes and use 'grep' to filter for processes containing 'agent' in their names.
ps aux | grep cocos-agent
# This command helps verify that the 'agent' process is running.
# The output shows the process ID (PID), resource usage, and other information about the 'cocos-agent' process.
# For example: 118 root     cocos-agent

We can also check if Agent is reachable from the host machine:

# Use netcat (nc) to test the connection to localhost on port 7020.
nc -zv localhost 7020
# Output:
# nc: connect to localhost (::1) port 7020 (tcp) failed: Connection refused
# Connection to localhost (127.0.0.1) 7020 port [tcp/*] succeeded!
Conclusion

Now you are able to use Manager with Agent. Namely, Manager will create a VM with a separate OVMF variables file on manager /run request.

OVMF

We need Open Virtual Machine Firmware. OVMF is a port of Intel's tianocore firmware - an open source implementation of the Unified Extensible Firmware Interface (UEFI) - used by a qemu virtual machine. We need OVMF in order to run virtual machine with focal-server-cloudimg-amd64. When we install QEMU, we get two files that we need to start a VM: OVMF_VARS.fd and OVMF_CODE.fd. We will make a local copy of OVMF_VARS.fd since a VM will modify this file. On the other hand, OVMF_CODE.fd is only used as a reference, so we only record its path in an environment variable.

sudo find / -name OVMF_CODE.fd
# => /usr/share/OVMF/OVMF_CODE.fd
MANAGER_QEMU_OVMF_CODE_FILE=/usr/share/OVMF/OVMF_CODE.fd

sudo find / -name OVMF_VARS.fd
# => /usr/share/OVMF/OVMF_VARS.fd
MANAGER_QEMU_OVMF_VARS_FILE=/usr/share/OVMF/OVMF_VARS.fd

NB: we set environment variables that we will use in the shell process where we run manager.

Trusted Platform Module (TPM)

The Trusted Platform Module (TPM) plays a fundamental role in this process by providing a tamper-resistant foundation for cryptographic operations, securing sensitive artifacts, measuring system state, and enabling attestation mechanisms.

IGVM

An IGVM file contains all the necessary information to launch a virtual machine on different virtualization platforms. It includes setup commands for the guest system and verification data to ensure the VM is loaded securely and correctly.

Cocos uses the COCONUT-SVSM for the vTPM. The IGVM file contains the OVMF file and the vTPM.

Deployment

To start the service, execute the following shell script (note a server needs to be running see here):

The manager can be started as a systemd service or a standalone executable. To start the manager as a systemd service, look at the systemd service script here. The environment variables are defined in the cocos-manager.env file. Below are examples of how to start the manager.

# Download the latest version of the service
git clone git@github.com:ultravioletrs/cocos.git

cd cocos

# Compile the manager
make manager

# Set the environment variables and run the service
MANAGER_GRPC_URL=localhost:7001 \
MANAGER_LOG_LEVEL=debug \
MANAGER_QEMU_USE_SUDO=false \
MANAGER_QEMU_ENABLE_SEV=false \
./build/cocos-manager

To enable AMD SEV support, start manager like this

MANAGER_GRPC_URL=localhost:7001
MANAGER_LOG_LEVEL=debug \
MANAGER_QEMU_USE_SUDO=true \
MANAGER_QEMU_ENABLE_SEV=true \
MANAGER_QEMU_SEV_CBITPOS=51 \
./build/cocos-manager

To start SEV-SNP, define the IGVM file that contains the vTPM and the OVMF (combined OVMF_CODE and OVMF_VARS) of the CVM.

To enable AMD SEV-SNP support, start manager like this

MANAGER_GRPC_URL=localhost:7001 \
MANAGER_LOG_LEVEL=debug \
MANAGER_QEMU_ENABLE_SEV=false \
MANAGER_QEMU_ENABLE_SEV_SNP=true \
MANAGER_QEMU_SEV_CBITPOS=51 \
MANAGER_QEMU_BIN_PATH=<path to QEMU binary> \
MANAGER_QEMU_IGVM_FILE=<path to IGVM file> \
./build/cocos-manager
Troubleshooting

If the ps aux | grep qemu-system-x86_64 give you something like this

darko      13913  0.0  0.0      0     0 pts/2    Z+   20:17   0:00 [qemu-system-x86] <defunct>

means that the a QEMU virtual machine that is currently defunct, meaning that it is no longer running. More precisely, the defunct process in the output is also known as a "zombie" process.

You can troubleshoot the VM launch procedure by running directly qemu-system-x86_64 command. When you run manager with MANAGER_LOG_LEVEL=info env var set, it prints out the entire command used to launch a VM. The relevant part of the log might look like this

{"level":"info","message":"/usr/bin/qemu-system-x86_64 -enable-kvm -machine q35 -cpu EPYC -smp 4,maxcpus=64 -m 4096M,slots=5,maxmem=30G -drive if=pflash,format=raw,unit=0,file=/usr/share/OVMF/OVMF_CODE.fd,readonly=on -drive if=pflash,format=raw,unit=1,file=img/OVMF_VARS.fd -device virtio-scsi-pci,id=scsi,disable-legacy=on,iommu_platform=true -drive file=img/focal-server-cloudimg-amd64.img,if=none,id=disk0,format=qcow2 -device scsi-hd,drive=disk0 -netdev user,id=vmnic,hostfwd=tcp::2222-:22,hostfwd=tcp::9301-:9031,hostfwd=tcp::7020-:7002 -device virtio-net-pci,disable-legacy=on,iommu_platform=true,netdev=vmnic,romfile= -nographic -monitor pty","ts":"2023-08-14T18:29:19.2653908Z"}

You can run the command - the value of the "message" key - directly in the terminal:

/usr/bin/qemu-system-x86_64 -enable-kvm -machine q35 -cpu EPYC -smp 4,maxcpus=64 -m 4096M,slots=5,maxmem=30G -drive if=pflash,format=raw,unit=0,file=/usr/share/OVMF/OVMF_CODE.fd,readonly=on -drive if=pflash,format=raw,unit=1,file=img/OVMF_VARS.fd -device virtio-scsi-pci,id=scsi,disable-legacy=on,iommu_platform=true -drive file=img/focal-server-cloudimg-amd64.img,if=none,id=disk0,format=qcow2 -device scsi-hd,drive=disk0 -netdev user,id=vmnic,hostfwd=tcp::2222-:22,hostfwd=tcp::9301-:9031,hostfwd=tcp::7020-:7002 -device virtio-net-pci,disable-legacy=on,iommu_platform=true,netdev=vmnic,romfile= -nographic -monitor pty

and look for the possible problems. This problems can usually be solved by using the adequate env var assignments. Look in the manager/qemu/config.go file to see the recognized env vars. Don't forget to prepend MANAGER_QEMU_ to the name of the env vars.

Kill qemu-system-x86_64 processes

To kill any leftover qemu-system-x86_64 processes, use

pkill -f qemu-system-x86_64

The pkill command is used to kill processes by name or by pattern. The -f flag to specify that we want to kill processes that match the pattern qemu-system-x86_64. It sends the SIGKILL signal to all processes that are running qemu-system-x86_64.

If this does not work, i.e. if ps aux | grep qemu-system-x86_64 still outputs qemu-system-x86_64 related process(es), you can kill the unwanted process with kill -9 <PID>, which also sends a SIGKILL signal to the process.

Usage

For more information about service capabilities and its usage, please check out the README documentation.

Documentation

Overview

Copyright (c) Ultraviolet SPDX-License-Identifier: Apache-2.0

Index

Constants

View Source 
const (
	ManagerService_CreateVm_FullMethodName          = "/manager.ManagerService/CreateVm"
	ManagerService_RemoveVm_FullMethodName          = "/manager.ManagerService/RemoveVm"
	ManagerService_CVMInfo_FullMethodName           = "/manager.ManagerService/CVMInfo"
	ManagerService_AttestationPolicy_FullMethodName = "/manager.ManagerService/AttestationPolicy"
)

Variables

View Source 
var (
	// ErrMalformedEntity indicates malformed entity specification (e.g.
	// invalid username or password).
	ErrMalformedEntity = errors.New("malformed entity specification")

	// ErrUnauthorizedAccess indicates missing or invalid credentials provided
	// when accessing a protected resource.
	ErrUnauthorizedAccess = errors.New("missing or invalid credentials provided")

	// ErrNotFound indicates a non-existent entity request.
	ErrNotFound = errors.New("entity not found")

	// ErrFailedToAllocatePort indicates no free port was found on host.
	ErrFailedToAllocatePort = errors.New("failed to allocate free port on host")

	// ErrFailedToCalculateHash indicates that agent computation returned an error while calculating the hash of the computation.
	ErrFailedToCalculateHash = errors.New("error while calculating the hash of the computation")

	// ErrFailedToCreateAttestationPolicy indicates that the script to create the attestation policy failed to execute.
	ErrFailedToCreateAttestationPolicy = errors.New("error while creating attestation policy")

	// ErrFailedToReadPolicy indicates that the file for attestation policy could not be opened.
	ErrFailedToReadPolicy = errors.New("error while opening file attestation policy")

	// ErrUnmarshalFailed indicates that the file for the attestation policy could not be unmarshaled.
	ErrUnmarshalFailed = errors.New("error while unmarshaling the attestation policy")
)
View Source 
var File_manager_manager_proto protoreflect.FileDescriptor
View Source 
var ManagerService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "manager.ManagerService",
	HandlerType: (*ManagerServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "CreateVm",
			Handler:    _ManagerService_CreateVm_Handler,
		},
		{
			MethodName: "RemoveVm",
			Handler:    _ManagerService_RemoveVm_Handler,
		},
		{
			MethodName: "CVMInfo",
			Handler:    _ManagerService_CVMInfo_Handler,
		},
		{
			MethodName: "AttestationPolicy",
			Handler:    _ManagerService_AttestationPolicy_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "manager/manager.proto",
}

ManagerService_ServiceDesc is the grpc.ServiceDesc for ManagerService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterManagerServiceServer 

func RegisterManagerServiceServer(s grpc.ServiceRegistrar, srv ManagerServiceServer)

Types

type AttestationPolicyReq added in v0.4.0 

type AttestationPolicyReq struct {
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// contains filtered or unexported fields
}

func (*AttestationPolicyReq) Descriptor deprecated added in v0.4.0 

func (*AttestationPolicyReq) Descriptor() ([]byte, []int)

Deprecated: Use AttestationPolicyReq.ProtoReflect.Descriptor instead.

func (*AttestationPolicyReq) GetId added in v0.4.0 

func (x *AttestationPolicyReq) GetId() string

func (*AttestationPolicyReq) ProtoMessage added in v0.4.0 

func (*AttestationPolicyReq) ProtoMessage()

func (*AttestationPolicyReq) ProtoReflect added in v0.4.0 

func (x *AttestationPolicyReq) ProtoReflect() protoreflect.Message

func (*AttestationPolicyReq) Reset added in v0.4.0 

func (x *AttestationPolicyReq) Reset()

func (*AttestationPolicyReq) String added in v0.4.0 

func (x *AttestationPolicyReq) String() string

type AttestationPolicyRes added in v0.5.0 

type AttestationPolicyRes struct {
	Info []byte `protobuf:"bytes,1,opt,name=info,proto3" json:"info,omitempty"`
	Id   string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	// contains filtered or unexported fields
}

func (*AttestationPolicyRes) Descriptor deprecated added in v0.5.0 

func (*AttestationPolicyRes) Descriptor() ([]byte, []int)

Deprecated: Use AttestationPolicyRes.ProtoReflect.Descriptor instead.

func (*AttestationPolicyRes) GetId added in v0.5.0 

func (x *AttestationPolicyRes) GetId() string

func (*AttestationPolicyRes) GetInfo added in v0.5.0 

func (x *AttestationPolicyRes) GetInfo() []byte

func (*AttestationPolicyRes) ProtoMessage added in v0.5.0 

func (*AttestationPolicyRes) ProtoMessage()

func (*AttestationPolicyRes) ProtoReflect added in v0.5.0 

func (x *AttestationPolicyRes) ProtoReflect() protoreflect.Message

func (*AttestationPolicyRes) Reset added in v0.5.0 

func (x *AttestationPolicyRes) Reset()

func (*AttestationPolicyRes) String added in v0.5.0 

func (x *AttestationPolicyRes) String() string

type CVMInfoReq added in v0.5.2 

type CVMInfoReq struct {
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// contains filtered or unexported fields
}

func (*CVMInfoReq) Descriptor deprecated added in v0.5.2 

func (*CVMInfoReq) Descriptor() ([]byte, []int)

Deprecated: Use CVMInfoReq.ProtoReflect.Descriptor instead.

func (*CVMInfoReq) GetId added in v0.5.2 

func (x *CVMInfoReq) GetId() string

func (*CVMInfoReq) ProtoMessage added in v0.5.2 

func (*CVMInfoReq) ProtoMessage()

func (*CVMInfoReq) ProtoReflect added in v0.5.2 

func (x *CVMInfoReq) ProtoReflect() protoreflect.Message

func (*CVMInfoReq) Reset added in v0.5.2 

func (x *CVMInfoReq) Reset()

func (*CVMInfoReq) String added in v0.5.2 

func (x *CVMInfoReq) String() string

type CVMInfoRes added in v0.5.2 

type CVMInfoRes struct {
	Id          string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	OvmfVersion string `protobuf:"bytes,2,opt,name=ovmf_version,json=ovmfVersion,proto3" json:"ovmf_version,omitempty"`
	CpuNum      int32  `protobuf:"varint,3,opt,name=cpu_num,json=cpuNum,proto3" json:"cpu_num,omitempty"`
	CpuType     string `protobuf:"bytes,4,opt,name=cpu_type,json=cpuType,proto3" json:"cpu_type,omitempty"`
	KernelCmd   string `protobuf:"bytes,5,opt,name=kernel_cmd,json=kernelCmd,proto3" json:"kernel_cmd,omitempty"`
	EosVersion  string `protobuf:"bytes,6,opt,name=eos_version,json=eosVersion,proto3" json:"eos_version,omitempty"`
	// contains filtered or unexported fields
}

func (*CVMInfoRes) Descriptor deprecated added in v0.5.2 

func (*CVMInfoRes) Descriptor() ([]byte, []int)

Deprecated: Use CVMInfoRes.ProtoReflect.Descriptor instead.

func (*CVMInfoRes) GetCpuNum added in v0.5.2 

func (x *CVMInfoRes) GetCpuNum() int32

func (*CVMInfoRes) GetCpuType added in v0.5.2 

func (x *CVMInfoRes) GetCpuType() string

func (*CVMInfoRes) GetEosVersion added in v0.5.2 

func (x *CVMInfoRes) GetEosVersion() string

func (*CVMInfoRes) GetId added in v0.5.2 

func (x *CVMInfoRes) GetId() string

func (*CVMInfoRes) GetKernelCmd added in v0.5.2 

func (x *CVMInfoRes) GetKernelCmd() string

func (*CVMInfoRes) GetOvmfVersion added in v0.5.2 

func (x *CVMInfoRes) GetOvmfVersion() string

func (*CVMInfoRes) ProtoMessage added in v0.5.2 

func (*CVMInfoRes) ProtoMessage()

func (*CVMInfoRes) ProtoReflect added in v0.5.2 

func (x *CVMInfoRes) ProtoReflect() protoreflect.Message

func (*CVMInfoRes) Reset added in v0.5.2 

func (x *CVMInfoRes) Reset()

func (*CVMInfoRes) String added in v0.5.2 

func (x *CVMInfoRes) String() string

type CreateReq added in v0.5.0 

type CreateReq struct {
	AgentLogLevel        string `protobuf:"bytes,1,opt,name=agent_log_level,json=agentLogLevel,proto3" json:"agent_log_level,omitempty"`
	AgentCvmServerCaCert []byte `` /* 127-byte string literal not displayed */
	AgentCvmClientKey    []byte `protobuf:"bytes,3,opt,name=agent_cvm_client_key,json=agentCvmClientKey,proto3" json:"agent_cvm_client_key,omitempty"`
	AgentCvmClientCert   []byte `protobuf:"bytes,4,opt,name=agent_cvm_client_cert,json=agentCvmClientCert,proto3" json:"agent_cvm_client_cert,omitempty"`
	AgentCvmServerUrl    string `protobuf:"bytes,5,opt,name=agent_cvm_server_url,json=agentCvmServerUrl,proto3" json:"agent_cvm_server_url,omitempty"`
	AgentCvmCaUrl        string `protobuf:"bytes,6,opt,name=agent_cvm_ca_url,json=agentCvmCaUrl,proto3" json:"agent_cvm_ca_url,omitempty"`
	Ttl                  string `protobuf:"bytes,7,opt,name=ttl,proto3" json:"ttl,omitempty"`
	// contains filtered or unexported fields
}

func (*CreateReq) Descriptor deprecated added in v0.5.0 

func (*CreateReq) Descriptor() ([]byte, []int)

Deprecated: Use CreateReq.ProtoReflect.Descriptor instead.

func (*CreateReq) GetAgentCvmCaUrl added in v0.5.2 

func (x *CreateReq) GetAgentCvmCaUrl() string

func (*CreateReq) GetAgentCvmClientCert added in v0.5.0 

func (x *CreateReq) GetAgentCvmClientCert() []byte

func (*CreateReq) GetAgentCvmClientKey added in v0.5.0 

func (x *CreateReq) GetAgentCvmClientKey() []byte

func (*CreateReq) GetAgentCvmServerCaCert added in v0.5.0 

func (x *CreateReq) GetAgentCvmServerCaCert() []byte

func (*CreateReq) GetAgentCvmServerUrl added in v0.5.0 

func (x *CreateReq) GetAgentCvmServerUrl() string

func (*CreateReq) GetAgentLogLevel added in v0.5.0 

func (x *CreateReq) GetAgentLogLevel() string

func (*CreateReq) GetTtl added in v0.5.2 

func (x *CreateReq) GetTtl() string

func (*CreateReq) ProtoMessage added in v0.5.0 

func (*CreateReq) ProtoMessage()

func (*CreateReq) ProtoReflect added in v0.5.0 

func (x *CreateReq) ProtoReflect() protoreflect.Message

func (*CreateReq) Reset added in v0.5.0 

func (x *CreateReq) Reset()

func (*CreateReq) String added in v0.5.0 

func (x *CreateReq) String() string

type CreateRes added in v0.5.0 

type CreateRes struct {
	ForwardedPort string `protobuf:"bytes,1,opt,name=forwarded_port,json=forwardedPort,proto3" json:"forwarded_port,omitempty"`
	CvmId         string `protobuf:"bytes,2,opt,name=cvm_id,json=cvmId,proto3" json:"cvm_id,omitempty"`
	// contains filtered or unexported fields
}

func (*CreateRes) Descriptor deprecated added in v0.5.0 

func (*CreateRes) Descriptor() ([]byte, []int)

Deprecated: Use CreateRes.ProtoReflect.Descriptor instead.

func (*CreateRes) GetCvmId added in v0.5.2 

func (x *CreateRes) GetCvmId() string

func (*CreateRes) GetForwardedPort added in v0.5.0 

func (x *CreateRes) GetForwardedPort() string

func (*CreateRes) ProtoMessage added in v0.5.0 

func (*CreateRes) ProtoMessage()

func (*CreateRes) ProtoReflect added in v0.5.0 

func (x *CreateRes) ProtoReflect() protoreflect.Message

func (*CreateRes) Reset added in v0.5.0 

func (x *CreateRes) Reset()

func (*CreateRes) String added in v0.5.0 

func (x *CreateRes) String() string

type ManagerServiceClient 

type ManagerServiceClient interface {
	CreateVm(ctx context.Context, in *CreateReq, opts ...grpc.CallOption) (*CreateRes, error)
	RemoveVm(ctx context.Context, in *RemoveReq, opts ...grpc.CallOption) (*emptypb.Empty, error)
	CVMInfo(ctx context.Context, in *CVMInfoReq, opts ...grpc.CallOption) (*CVMInfoRes, error)
	AttestationPolicy(ctx context.Context, in *AttestationPolicyReq, opts ...grpc.CallOption) (*AttestationPolicyRes, error)
}

ManagerServiceClient is the client API for ManagerService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewManagerServiceClient 

func NewManagerServiceClient(cc grpc.ClientConnInterface) ManagerServiceClient

type ManagerServiceServer 

type ManagerServiceServer interface {
	CreateVm(context.Context, *CreateReq) (*CreateRes, error)
	RemoveVm(context.Context, *RemoveReq) (*emptypb.Empty, error)
	CVMInfo(context.Context, *CVMInfoReq) (*CVMInfoRes, error)
	AttestationPolicy(context.Context, *AttestationPolicyReq) (*AttestationPolicyRes, error)
	// contains filtered or unexported methods
}

ManagerServiceServer is the server API for ManagerService service. All implementations must embed UnimplementedManagerServiceServer for forward compatibility.

type RemoveReq added in v0.5.0 

type RemoveReq struct {
	CvmId string `protobuf:"bytes,1,opt,name=cvm_id,json=cvmId,proto3" json:"cvm_id,omitempty"`
	// contains filtered or unexported fields
}

func (*RemoveReq) Descriptor deprecated added in v0.5.0 

func (*RemoveReq) Descriptor() ([]byte, []int)

Deprecated: Use RemoveReq.ProtoReflect.Descriptor instead.

func (*RemoveReq) GetCvmId added in v0.5.2 

func (x *RemoveReq) GetCvmId() string

func (*RemoveReq) ProtoMessage added in v0.5.0 

func (*RemoveReq) ProtoMessage()

func (*RemoveReq) ProtoReflect added in v0.5.0 

func (x *RemoveReq) ProtoReflect() protoreflect.Message

func (*RemoveReq) Reset added in v0.5.0 

func (x *RemoveReq) Reset()

func (*RemoveReq) String added in v0.5.0 

func (x *RemoveReq) String() string

type Service 

type Service interface {
	// Run create a computation.
	CreateVM(ctx context.Context, req *CreateReq) (string, string, error)
	// Stop stops a computation.
	RemoveVM(ctx context.Context, computationID string) error
	// FetchAttestationPolicy measures and fetches the attestation policy.
	FetchAttestationPolicy(ctx context.Context, computationID string) ([]byte, error)
	// ReturnCVMInfo returns CVM information needed for attestation verification and validation.
	ReturnCVMInfo(ctx context.Context) (string, int, string, string)
}

Service specifies an API that must be fulfilled by the domain service implementation, and all of its decorators (e.g. logging & metrics).

func New 

func New(cfg qemu.Config, attestationPolicyBinPath string, igvmMeasurementBinaryPath string, pcrValuesFilePath string, logger *slog.Logger, vmFactory vm.Provider, eosVersion string) (Service, error)

New instantiates the manager service implementation.

type UnimplementedManagerServiceServer 

type UnimplementedManagerServiceServer struct{}

UnimplementedManagerServiceServer must be embedded to have forward compatible implementations.

NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.

func (UnimplementedManagerServiceServer) AttestationPolicy added in v0.5.0 

func (UnimplementedManagerServiceServer) AttestationPolicy(context.Context, *AttestationPolicyReq) (*AttestationPolicyRes, error)

func (UnimplementedManagerServiceServer) CVMInfo added in v0.5.2 

func (UnimplementedManagerServiceServer) CVMInfo(context.Context, *CVMInfoReq) (*CVMInfoRes, error)

func (UnimplementedManagerServiceServer) CreateVm added in v0.5.0 

func (UnimplementedManagerServiceServer) CreateVm(context.Context, *CreateReq) (*CreateRes, error)

func (UnimplementedManagerServiceServer) RemoveVm added in v0.5.0 

func (UnimplementedManagerServiceServer) RemoveVm(context.Context, *RemoveReq) (*emptypb.Empty, error)

type UnsafeManagerServiceServer 

type UnsafeManagerServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeManagerServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to ManagerServiceServer will result in compilation errors.

Source Files

View all Source files

Directories

Path Synopsis
api
Package api contains API-related concerns: endpoint definitions, middlewares and all resource representations.
 Package api contains API-related concerns: endpoint definitions, middlewares and all resource representations.
grpc
Package grpc contains implementation of kit service gRPC API.
 Package grpc contains implementation of kit service gRPC API.
mocks
Package tracing provides tracing instrumentation for cocos auth service.
 Package tracing provides tracing instrumentation for cocos auth service.
vm
mocks

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.