tappd: Fix watchdog issue

Dstack-TEE · Dec 18, 2024 · 1498a53 · 1498a53
1 parent 6e25422
commit 1498a53
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 3 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/basefiles/tappd.service b/basefiles/tappd.service
@@ -3,6 +3,7 @@ Description=Tappd Service
 After=network.target
 
 [Service]
+ExecStartPre=-/bin/rm -f /var/run/tappd.sock
 ExecStart=/bin/tappd --watchdog
 Restart=always
 User=root

diff --git a/tappd/Cargo.toml b/tappd/Cargo.toml
@@ -34,3 +34,4 @@ sysinfo.workspace = true
 default-net.workspace = true
 rocket-vsock-listener.workspace = true
 sd-notify.workspace = true
+reqwest.workspace = true
diff --git a/tappd/rpc/proto/tappd_rpc.proto b/tappd/rpc/proto/tappd_rpc.proto
@@ -74,7 +74,15 @@ message WorkerInfo {
   string tcb_info = 4;
 }
 
+// The response to a WorkerInfo request
+message WorkerVersion {
+  // Tappd version
+  string version = 1;
+}
+
 service Worker {
   // Get worker info
   rpc Info(google.protobuf.Empty) returns (WorkerInfo) {}
+  // Get tappd version
+  rpc Version(google.protobuf.Empty) returns (WorkerVersion) {}
 }
diff --git a/tappd/src/main.rs b/tappd/src/main.rs
@@ -117,10 +117,31 @@ async fn run_watchdog() {
     let heatbeat_interval = heatbeat_interval.max(Duration::from_secs(1));
     info!("Watchdog enabled, interval={watchdog_usec}us, heartbeat={heatbeat_interval:?}",);
     let mut interval = tokio::time::interval(heatbeat_interval);
+
+    // Create HTTP client for health checks
+    let client = reqwest::Client::new();
+
     loop {
         interval.tick().await;
-        if let Err(err) = sd_notify(false, &[NotifyState::Watchdog]) {
-            error!("Failed to notify systemd: {err}");
+
+        // Perform health check
+        match client
+            .get("http://localhost:8090/prpc/Worker.Version")
+            .send()
+            .await
+        {
+            Ok(response) if response.status().is_success() => {
+                // Only notify systemd if health check passes
+                if let Err(err) = sd_notify(false, &[NotifyState::Watchdog]) {
+                    error!("Failed to notify systemd: {err}");
+                }
+            }
+            Ok(response) => {
+                error!("Health check failed with status: {}", response.status());
+            }
+            Err(err) => {
+                error!("Health check request failed: {}", err);
+            }
         }
     }
 }

diff --git a/tappd/src/rpc_service.rs b/tappd/src/rpc_service.rs
@@ -12,7 +12,7 @@ use serde_json::json;
 use tappd_rpc::{
     tappd_server::{TappdRpc, TappdServer},
     worker_server::{WorkerRpc, WorkerServer},
-    DeriveKeyArgs, DeriveKeyResponse, TdxQuoteArgs, TdxQuoteResponse, WorkerInfo,
+    DeriveKeyArgs, DeriveKeyResponse, TdxQuoteArgs, TdxQuoteResponse, WorkerInfo, WorkerVersion,
 };
 use tdx_attest::eventlog::read_event_logs;
 
@@ -152,6 +152,12 @@ impl WorkerRpc for ExternalRpcHandler {
             tcb_info,
         })
     }
+
+    async fn version(self) -> Result<WorkerVersion> {
+        Ok(WorkerVersion {
+            version: env!("CARGO_PKG_VERSION").to_string(),
+        })
+    }
 }
 
 impl RpcCall<AppState> for ExternalRpcHandler {