Skip to content

Commit

Permalink
chore: improve bootstrap log
Browse files Browse the repository at this point in the history
  • Loading branch information
@zensh
zensh committed Nov 6, 2024
1 parent d96f1df commit 6306d63
Show file tree
Hide file tree
Showing 5 changed files with 43 additions and 40 deletions.
8 changes: 4 additions & 4 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions src/ic_tee_logtail/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ license.workspace = true

[dependencies]
tokio = { workspace = true }
anyhow = "1"
clap = { version = "=4.5", features = ["derive"] }
anyhow = { workspace = true }
clap = { workspace = true }
2 changes: 1 addition & 1 deletion src/ic_tee_logtail/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
[![Test](https://github.com/ldclabs/ic-tee/actions/workflows/test.yml/badge.svg)](https://github.com/ldclabs/ic-tee/actions/workflows/test.yml)
[![Latest Version](https://img.shields.io/crates/v/ic_tee_logtail.svg)](https://crates.io/crates/ic_tee_logtail)

`ic_tee_logtail` is a simple log tailing service for the TEE environment..
`ic_tee_logtail` is a simple log tailing service for the TEE environment.

## Usage

Expand Down
17 changes: 13 additions & 4 deletions src/ic_tee_nitro_gateway/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,13 +57,22 @@ sudo nitro-cli build-enclave --docker-uri ghcr.io/ldclabs/ic_tee_nitro_gateway_e
# {
# "Measurements": {
# "HashAlgorithm": "Sha384 { ... }",
# "PCR0": "97c5576d895344eb6baeb065d1d25cb4717aa8682e6d7e746619717de75dcc983e8b31417ecea299f10aeb6bbb696e30",
# "PCR0": "1b2c6645b08d685dd673cb6271c81f26d668452bbcb63f5b6516745d6ef9401de9ed8e895218ab663a82f7bf2ebb63ad",
# "PCR1": "4b4d5b3661b3efc12920900c80e126e4ce783c522de6c02a2a5bf7af3a2b9327b86776f188e4be1c1c404a129dbda493",
# "PCR2": "72b5f94b073548b63fd2221902895ae1cbbd867e056fe28451ffd1824b948beac58406f67013a1eb418df509c9ed326c"
# "PCR2": "50193d35e1e8ee7ce4fa169fafd951fd55d3382afa7cc8d253484a2c576fdd66ded2affdda334d4c9edda0d53d0683d8"
# }
# }
ic_tee_cli -c e7tgb-6aaaa-aaaap-akqfa-cai identity-derive --seed 97c5576d895344eb6baeb065d1d25cb4717aa8682e6d7e746619717de75dcc983e8b31417ecea299f10aeb6bbb696e30
# principal: ej3n4-hzvsq-2xoll-hwuge-y6if5-lznkb-lzcei-yhzmu-a3rnf-wpgov-jqe
ic_tee_cli -c e7tgb-6aaaa-aaaap-akqfa-cai identity-derive --seed 1b2c6645b08d685dd673cb6271c81f26d668452bbcb63f5b6516745d6ef9401de9ed8e895218ab663a82f7bf2ebb63ad
# principal: 7phvc-jpig7-tqnlh-nkik5-le57d-reruv-kjkkp-ngegn-uafjd-3j4p5-7qe

dfx canister call ic_cose_canister setting_add_readers '(record {
ns = "_";
key = blob "\69\64\5f\65\64\32\35\35\31\39";
subject = opt principal "fbi6t-ogdrt-s4de4-sxive-x4yid-xfrk2-e6jgf-jbnuh-rzxoj-qv2qa-zae";
version = 1;
user_owned = false;
}, vec{ principal "7phvc-jpig7-tqnlh-nkik5-le57d-reruv-kjkkp-ngegn-uafjd-3j4p5-7qe" })' --ic

sudo nitro-cli run-enclave --cpu-count 2 --memory 512 --enclave-cid 88 --eif-path ic_tee_nitro_gateway_enclave_amd64.eif
# Start allocating memory...
# Started enclave with enclave-cid: 88, memory: 512 MiB, cpu-ids: [1, 3]
Expand Down
52 changes: 23 additions & 29 deletions src/ic_tee_nitro_gateway/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,32 +67,26 @@ struct Cli {

/// where the logtail server is running on host (e.g. 127.0.0.1:9999)
/// it should not be used in production
#[clap(long, value_parser)]
debug: Option<String>,
#[clap(long, value_parser, default_value = "127.0.0.1:9999")]
bootstrap_logtail: String,
}

#[tokio::main]
async fn main() -> Result<()> {
let cli = Cli::parse();
match cli.debug {
Some(ref ip_addr) => {
let stream = TcpStream::connect(ip_addr).await?;
stream.writable().await?;
Builder::with_level(&get_env_level().to_string())
.with_target_writer("*", new_writer(stream))
.init();
}
None => {
Builder::with_level(&get_env_level().to_string())
.with_target_writer("*", new_writer(tokio::io::stdout()))
.init();
}
}
let stream = TcpStream::connect(&cli.bootstrap_logtail).await?;
stream.writable().await?;
Builder::with_level(&get_env_level().to_string())
.with_target_writer("bootstrap", new_writer(stream))
.with_target_writer("*", new_writer(tokio::io::stdout()))
.init();

log::info!(target: "bootstrap", "starting {}@{} in TEE", APP_NAME, APP_VERSION);

match serve(cli).await {
Ok(_) => Ok(()),
Err(err) => {
log::error!(target: "server", "server error: {:?}", err);
log::error!(target: "bootstrap", "server error: {:?}", err);
Err(err)
}
}
Expand Down Expand Up @@ -130,7 +124,7 @@ async fn serve(cli: Cli) -> Result<()> {
.map_err(anyhow::Error::msg)?;

let attestation = parse_and_verify(doc.as_slice()).map_err(anyhow::Error::msg)?;
log::info!(target: "server",
log::info!(target: "bootstrap",
elapsed = start.elapsed().as_millis() as u64;
"parse_and_verify attestation for sign in, module_id: {:?}", attestation.module_id);

Expand All @@ -139,7 +133,7 @@ async fn serve(cli: Cli) -> Result<()> {
.await
.map_err(anyhow::Error::msg)?;

log::info!(target: "server",
log::info!(target: "bootstrap",
elapsed = start.elapsed().as_millis() as u64;
"sign_in, principal: {:?}", tee_agent.principal().await.to_text());

Expand All @@ -165,15 +159,15 @@ async fn serve(cli: Cli) -> Result<()> {
.get_cose_secret(id_path.clone())
.await
.map_err(anyhow::Error::msg)?;
log::info!(target: "server",
log::info!(target: "bootstrap",
elapsed = start.elapsed().as_millis() as u64;
"get_cose_secret for upgrade_identity, principal: {:?}", subject.to_text());

let setting = tee_agent
.get_cose_setting(id_path)
.await
.map_err(anyhow::Error::msg)?;
log::info!(target: "server",
log::info!(target: "bootstrap",
elapsed = start.elapsed().as_millis() as u64;
"get_cose_setting for upgrade_identity, principal: {:?}", subject.to_text());

Expand All @@ -186,7 +180,7 @@ async fn serve(cli: Cli) -> Result<()> {
.upgrade_identity_with(&id, session_expires_in_ms)
.await;

log::info!(target: "server",
log::info!(target: "bootstrap",
elapsed = start.elapsed().as_millis() as u64;
"upgrade_identity, principal: {:?}", tee_agent.principal().await.to_text());
Some(id)
Expand All @@ -209,7 +203,7 @@ async fn serve(cli: Cli) -> Result<()> {
registration_canister: None,
};

log::info!(target: "server",
log::info!(target: "bootstrap",
info:serde = info,
elapsed = start.elapsed().as_millis() as u64;
"TEE app information, principal: {:?}", principal.to_text());
Expand Down Expand Up @@ -276,7 +270,7 @@ async fn serve(cli: Cli) -> Result<()> {
let listener = tokio::net::TcpListener::bind(&addr)
.await
.map_err(anyhow::Error::new)?;
log::warn!(target: "server",
log::warn!(target: "bootstrap",
elapsed = start.elapsed().as_millis() as u64;
"local {}@{} listening on {:?}", APP_NAME, APP_VERSION, addr);
axum::serve(listener, app)
Expand All @@ -296,7 +290,7 @@ async fn serve(cli: Cli) -> Result<()> {
})
.await
.map_err(anyhow::Error::msg)?;
log::info!(target: "server",
log::info!(target: "bootstrap",
elapsed = start.elapsed().as_millis() as u64;
"get_cose_secret for TLS");

Expand All @@ -310,7 +304,7 @@ async fn serve(cli: Cli) -> Result<()> {
})
.await
.map_err(anyhow::Error::msg)?;
log::info!(target: "server",
log::info!(target: "bootstrap",
elapsed = start.elapsed().as_millis() as u64;
"get_cose_setting for TLS");

Expand All @@ -336,7 +330,7 @@ async fn serve(cli: Cli) -> Result<()> {
.await
.map_err(|err| anyhow::anyhow!("read tls file failed: {:?}", err))?;

log::warn!(target: "server",
log::warn!(target: "bootstrap",
elapsed = start.elapsed().as_millis() as u64;
"{}@{} listening on {:?} with tls", APP_NAME, APP_VERSION,addr);
axum_server::bind_rustls(addr, config)
Expand All @@ -349,7 +343,7 @@ async fn serve(cli: Cli) -> Result<()> {
match tokio::try_join!(refresh_identity, local_server, public_server) {
Ok(_) => Ok(()),
Err(err) => {
log::error!(target: "server", "server error: {:?}", err);
log::error!(target: "bootstrap", "server error: {:?}", err);
Err(err)
}
}
Expand Down Expand Up @@ -378,7 +372,7 @@ async fn shutdown_signal(handle: axum_server::Handle, cancel_token: Cancellation
_ = terminate => {},
}

log::warn!(target: "server", "received termination signal, starting graceful shutdown");
log::warn!(target: "bootstrap", "received termination signal, starting graceful shutdown");
// 10 secs is how long server will wait to force shutdown
handle.graceful_shutdown(Some(Duration::from_secs(10)));
cancel_token.cancel();
Expand Down

0 comments on commit 6306d63

Please sign in to comment.