OpenFL-Gramine fixes for SGX execution #557
Conversation
Signed-off-by: gianluca <gianluca.mittone@unito.it>
Signed-off-by: gianluca <gianluca.mittone@unito.it>
| Building machine: | ||
| - OpenFL | ||
| - Docker should be installed, user included in Docker group | ||
|
|
||
| Machines that will run an Aggregator and Collaborator containers should have the following: | ||
| - OpenFL |
There was a problem hiding this comment.
are you sure that's the case? as far as i understand, the docker image is used, so aggregator and collaborators using it don't really need openfl installed
There was a problem hiding this comment.
Yes, you're right that the training will be carried out with the Docker container, in which OpenFL will already be present. However, the user will still need the OpenFL functionalities available outside the Docker container to carry out the exchange and validation of the certificates, as reported in step 7 of the actual OpenFL-gramine workflow reported in Manual.md.
| @@ -38,6 +38,10 @@ fs.mount.workspace.type = "chroot" | |||
| fs.mount.workspace.path = "/workspace" | |||
| fs.mount.workspace.uri = "file:/workspace" | |||
|
|
|||
| fs.mount.tmp.type = "chroot" | |||
There was a problem hiding this comment.
does gramine support a tmpfs-style mount? if /tmp is used only for temporary files, it may be better to tell gramine that /tmp is in memory, so there will be no leftovers after its execution
There was a problem hiding this comment.
i looked in gramine docs and found the tmpfs filesystem type. i believe it can be more appropriate in this context
|
Some manifest updates were done here #537 |
This PR aims to make the OpenFL-Gramine workflow smoother for the user.
I have modified the openfl.manifest.template to include the mount of the /tmp directory since the lack of it was causing errors in the execution of the container.
Furthermore, I have updated the Dockerfile.gramine file so that now it will download and install the last development branch of the OpenFL software. This way, the version of OpenFL installed inside the container will be the same one used for development, and there will be no mismatch between OpenFL versions inside and outside the container. Once a new stable version of OpenFL is released, this will need to be changed to point to the last stable version.
Lastly, I've extended the Manual.md file to include many small things I learned while trying to make the OpenFL-Gramine example work. Now it should be easier for a newbie to run this application.
I have tested all the changes I made, and they are working as they are.
The only difference to this PR is that, in my tests, the Docker image contained my project fork; in this PR I have changed that pointer to the developmental branch of OpenFL so that, if integrated, it will work out-of-the-box.