CLAassistant
commented
1 year ago
All committers have signed the CLA.
Closed otherview closed 1 year ago
CLAassistant
commented
1 year ago
All committers have signed the CLA.
netlify[bot]
commented
1 year ago | Name | Link |
|---|---|
| Latest commit | 5f1f505570c9125d5a04c84bd7ace98829a60221 |
| Latest deploy log | https://app.netlify.com/sites/edgelessdb-docs/deploys/639c9efd89268a00087a3a8e |
thomasten
commented
1 year ago Hi @otherview,
The recommended way to run EdgelessDB is to allow just the sgx_enclave and sgx_provision devices instead of running it as privileged and mounting the sgx volume.
The run command looks like this:
docker run --device /dev/sgx_enclave --device /dev/sgx_provision ...I guess the compose file would look like this (haven't tried):
edgelessdb:
devices:
- /dev/sgx_enclave
- /dev/sgx_provisionHowever, if you for some reason need to go with your compose file, we would accept changing entry.sh to support it. The mkdir change looks good. But doesn't ln fail next because the enclave symlink already exists?
otherview
commented
1 year ago Oh, that's cool, I wasn't aware that was the proper way of running it. I'm updating our docker compose files, afaik there is no reason to run it in privileged, but let me give it a try.
I didn't consider the ln, but I guess it would, wouldn't it ? I've tried to build and run edgeless db locally but wasn't too successful.
Updated the PR just in case. Will loop back with feedback. Thanks!
otherview
commented
1 year ago Hey @thomasten the properties changes in our docker compose seem work ( still needs to go through our CI, but it's looking good).
So it's fixed on our end, up to you if you want to merge this PR :)
Thanks for the quick feedback 🙏
When running on Docker @ Ubuntu the container will always fail as the directory already exists. Using docker-compose with the service :
I guess this is partly docker composes fault as it creates the folder on a mounted volume. The -p flag ensures the mkdir doesn't report a failure if the directory already exists.