Closed dubek closed 1 year ago
Thanks for the suggestions @sphrasavath .
However, this small thing worked for me (without adding networks
):
-CMD ["simple-kbs", "--grpc_sock=0.0.0.0:44444"]
+CMD ["simple-kbs", "--grpc_sock", "0.0.0.0:44444"]
very weird because the library we use does support both formats, and when I try locally both seem to work.
I'm looking into it to make sure I'm not imagining...
I guess the network issue was PEBKAC, because even without my silly grpc_sock fix above this now works.
I removed the debug line from Dockerfile.simple-kbs
.
As for the initial content for the DB, I added db/initial-data.sql
. But not sure what values we should use to populate it (key? allowed measurement?). @fitzthum -- what's our take here? Maybe expose the MariaDB port to allow messing with the DB directly?
Now that I think of it: if we can make the sqlite backend work (I think we can), we don't need docker-compose -- just one image which contains the simple-kbs binary, default_policy.json, and the simple_kbs.db sqlite file. A lot simpler, especially for CI/CD tests of SEV CC.
Of course the question of db/initial-data.sql
remains -- what should we populate the database with?
@ryansavino I think we should populate the database with the measurements for you quay container that we are using in CI. Does that make sense? I think we probably don't want to set any policies, though, because we would have to update them constantly as the measurement changes.
db/initial-data.sql
to include the key needed for the @ryansavino 's CI testing.I think this is ready for review.
Running
docker compose build
anddocker compose up
will start a simple-kbs container with the backend MariaDB container. The DB is pre-populated with a simple configuration used during CI tests of Confidential Containers with simple-kbs.Signed-off-by: Dov Murik dov.murik1@il.ibm.com
cc: @fitzthum @dunnderr