From 26c7ad382f3ed51ee09b208efc975511b9bbc693 Mon Sep 17 00:00:00 2001 From: Hannah Neary Date: Mon, 9 Dec 2024 15:07:54 +0000 Subject: [PATCH] deploy to staging --- .../deploy-control-plane-image-staging.yml | 20 +++--- control-plane/src/configuration.rs | 8 +-- control-plane/src/lib.rs | 2 +- control-plane/src/main.rs | 9 +-- control-plane/src/orchestration.rs | 61 ++++++++++++------- 5 files changed, 55 insertions(+), 45 deletions(-) diff --git a/.github/workflows/deploy-control-plane-image-staging.yml b/.github/workflows/deploy-control-plane-image-staging.yml index 09b9f5f7..fccd0a42 100644 --- a/.github/workflows/deploy-control-plane-image-staging.yml +++ b/.github/workflows/deploy-control-plane-image-staging.yml @@ -1,13 +1,13 @@ -on: - push: - paths: - - control-plane/** - - shared/** - - .github/workflows/deploy-control-plane-image-staging.yml - - scripts/start-cage.sh - - scripts/health-check.sh - branches: - - main +on: [push] + # push: + # paths: + # - control-plane/** + # - shared/** + # - .github/workflows/deploy-control-plane-image-staging.yml + # - scripts/start-cage.sh + # - scripts/health-check.sh + # branches: + # - main name: Deploy new control plane image env: LINUX_TARGET: x86_64-unknown-linux-musl diff --git a/control-plane/src/configuration.rs b/control-plane/src/configuration.rs index a693b268..e5b0c251 100644 --- a/control-plane/src/configuration.rs +++ b/control-plane/src/configuration.rs @@ -35,7 +35,6 @@ pub fn get_aws_profile() -> String { std::env::var("AWS_PROFILE").unwrap_or_else(|_| "ev-local-customers".to_string()) } - pub fn get_aws_region() -> aws_types::region::Region { let region = std::env::var("AWS_REGION") .ok() @@ -51,11 +50,7 @@ pub struct EnclaveRunConfig { } impl EnclaveRunConfig { - pub fn new( - num_cpus: String, - ram_size_mib: String, - debug_mode: String, - ) -> EnclaveRunConfig { + pub fn new(num_cpus: String, ram_size_mib: String, debug_mode: String) -> EnclaveRunConfig { EnclaveRunConfig { num_cpus, ram_size_mib, @@ -64,7 +59,6 @@ impl EnclaveRunConfig { } } - #[derive(Clone)] pub struct EnclaveContext { pub uuid: String, diff --git a/control-plane/src/lib.rs b/control-plane/src/lib.rs index 496ec2d0..9e3483c7 100644 --- a/control-plane/src/lib.rs +++ b/control-plane/src/lib.rs @@ -11,10 +11,10 @@ pub mod egressproxy; pub mod enclave_connection; pub mod error; pub mod health; +pub mod orchestration; pub mod stats_client; pub mod stats_proxy; pub mod tls_proxy; -pub mod orchestration; #[cfg(test)] pub mod mocks; diff --git a/control-plane/src/main.rs b/control-plane/src/main.rs index fef960d4..be24bb6e 100644 --- a/control-plane/src/main.rs +++ b/control-plane/src/main.rs @@ -5,9 +5,7 @@ use control_plane::stats_client::StatsClient; use control_plane::stats_proxy::StatsProxy; use control_plane::{config_server, tls_proxy}; use shared::{print_version, utils::pipe_streams, ENCLAVE_CONNECT_PORT}; -use tls_parser::nom::Or; use std::net::{IpAddr, Ipv4Addr, SocketAddr}; -use std::process::Command; use storage_client_interface::s3; use tokio::io::AsyncWriteExt; use tokio::time::{sleep, Duration}; @@ -84,7 +82,8 @@ async fn main() -> Result<()> { config_server.listen(), provisioner_proxy.listen(), acme_proxy.listen(), - StatsProxy::listen() + StatsProxy::listen(), + Orchestration::start_enclave() ); if let Err(err) = tcp_result { @@ -253,7 +252,9 @@ fn listen_for_shutdown_signal() { // Wait for 55 seconds before terminating enclave - ECS waits 55 seconds to kill the container sleep(Duration::from_millis(55000)).await; - let output = Orchestration::shutdown_all_enclaves().expect("failed to terminate enclave"); + let output = Orchestration::shutdown_all_enclaves() + .await + .expect("failed to terminate enclave"); log::info!( "Terminated enclave: {}", diff --git a/control-plane/src/orchestration.rs b/control-plane/src/orchestration.rs index d784e353..c82b6090 100644 --- a/control-plane/src/orchestration.rs +++ b/control-plane/src/orchestration.rs @@ -1,7 +1,9 @@ -use std::{process::{Command, Output, Stdio}, vec}; +use std::process::{Output, Stdio}; + use log::info; use serde_json::Value; use thiserror::Error; +use tokio::process::Command; use crate::configuration::get_enclave_run_config; @@ -24,27 +26,28 @@ pub enum OrchestrationError { pub struct Orchestration; impl Orchestration { - pub fn shutdown_all_enclaves() -> Result { + pub async fn shutdown_all_enclaves() -> Result { Command::new("sh") - .arg("-c") - .arg("nitro-cli terminate-enclave --all") - .output() - .map_err(|e| OrchestrationError::Io(e)) + .arg("-c") + .arg("nitro-cli terminate-enclave --all") + .output() + .await + .map_err(|e| OrchestrationError::Io(e)) } - - pub fn start_enclave() -> Result<(), OrchestrationError> { + pub async fn start_enclave() -> Result<(), OrchestrationError> { let run_config = get_enclave_run_config(); info!("[HOST] Checking for running enclaves..."); - let running_enclaves = Self::run_command_capture_stdout(&["nitro-cli", "describe-enclaves"])?; + let running_enclaves = + Self::run_command_capture_stdout(&["nitro-cli", "describe-enclaves"]).aw?; let enclaves: Value = serde_json::from_str(&running_enclaves)?; let v = vec![]; let enclaves_array = enclaves.as_array().unwrap_or(&v); if enclaves_array.len() > 0 { info!("There's an enclave already running on this host. Terminating it..."); - Self::shutdown_all_enclaves()?; + Self::shutdown_all_enclaves().await?; info!("Enclave terminated. Waiting 10s..."); std::thread::sleep(std::time::Duration::from_secs(10)); } else { @@ -55,10 +58,14 @@ impl Orchestration { let mut run_command = vec![ "nitro-cli", "run-enclave", - "--cpu-count", &run_config.num_cpus, - "--memory", &run_config.ram_size_mib, - "--enclave-cid", "2021", - "--eif-path", "enclave.eif", + "--cpu-count", + &run_config.num_cpus, + "--memory", + &run_config.ram_size_mib, + "--enclave-cid", + "2021", + "--eif-path", + "enclave.eif", ]; if run_config.debug_mode == "true" { @@ -68,36 +75,44 @@ impl Orchestration { println!("Debug mode disabled..."); } - Self::run_command_capture_stdout(&run_command)?; + Self::run_command_capture_stdout(&run_command).await?; info!("Enclave started... Waiting 5 seconds for warmup."); std::thread::sleep(std::time::Duration::from_secs(10)); if run_config.debug_mode == "true" { println!("Attaching headless console for running enclaves..."); - let running_enclaves = Self::run_command_capture_stdout(&["nitro-cli", "describe-enclaves"])?; + let running_enclaves = + Self::run_command_capture_stdout(&["nitro-cli", "describe-enclaves"]).await?; let enclaves: Value = serde_json::from_str(&running_enclaves)?; let v = vec![]; let enclaves_array = enclaves.as_array().unwrap_or(&v); for enclave in enclaves_array { let id = enclave["EnclaveID"].as_str().unwrap(); - Self::run_command_capture_stdout(&["nitro-cli", "console", "--enclave-id", id])?; + Self::run_command_capture_stdout(&["nitro-cli", "console", "--enclave-id", id]) + .await?; } } Ok(()) } - fn run_command_capture_stdout(args: &[&str]) -> Result { + async fn run_command_capture_stdout(args: &[&str]) -> Result { let output = Command::new(args[0]) .args(&args[1..]) .stderr(Stdio::inherit()) - .output()?; - + .output() + .await?; + if !output.status.success() { - return Err(OrchestrationError::CommandFailed(format!("Command {:?} failed with exit status: {}", args, output.status).into())); + return Err(OrchestrationError::CommandFailed( + format!( + "Command {:?} failed with exit status: {}", + args, output.status + ) + .into(), + )); } - + Ok(String::from_utf8_lossy(&output.stdout).to_string()) } } -