Merge pull request #62 from Dstack-TEE/teepod-vsock

teepod: Listening host api on VSOCK

Cargo.toml

@@ -27,6 +27,9 @@ members = [
     "cc-eventlog",
     "supervisor",
     "supervisor/client",
+    "rocket-vsock-listener",
+    "host-api",
+    "http-client",
 ]
 resolver = "2"
 
@@ -44,6 +47,9 @@ supervisor-client = { path = "supervisor/client" }
 tdx-attest = { path = "tdx-attest" }
 tdx-attest-sys = { path = "tdx-attest-sys" }
 certbot = { path = "certbot" }
+rocket-vsock-listener = { path = "rocket-vsock-listener" }
+host-api = { path = "host-api", default-features = false }
+http-client = { path = "http-client", default-features = false }
 
 # Core dependencies
 anyhow = "1.0.94"
@@ -59,7 +65,6 @@ log = "0.4.22"
 notify = "7.0.0"
 rand = "0.8.5"
 serde = { version = "1.0.210", features = ["derive"] }
-tokio = { version = "1.42.0" }
 tracing = "0.1.40"
 tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
 safe-write = "0.1.1"
@@ -88,6 +93,8 @@ ipnet = { version = "2.10.1", features = ["serde"] }
 reqwest = { version = "0.12.9", default-features = false, features = ["json", "rustls-tls", "charset", "hickory-dns"] }
 rocket = { git = "https://github.com/rwf2/Rocket", branch = "master", features = ["mtls"] }
 rocket-apitoken = { git = "https://github.com/kvinwang/rocket-apitoken", branch = "dev" }
+tokio = { version = "1.42.0" }
+tokio-vsock = "0.6.0"
 
 # Cryptography/Security
 aes-gcm = "0.10.3"
@@ -125,6 +132,7 @@ enum_dispatch = "0.3.13"
 insta = "1.41.1"
 num_enum = "0.7.3"
 thiserror = "2.0.4"
+derive_more = "1.0.0"
 
 # Utilities
 dirs = "5.0.1"
@@ -141,3 +149,6 @@ time = "0.3.37"
 uuid = { version = "1.11.0", features = ["v4"] }
 which = "7.0.0"
 smallvec = "1.13.2"
+
+[patch.crates-io]
+tokio-vsock = { git = "https://github.com/kvinwang/tokio-vsock", branch = "shared-self-accept" }

basefiles/app-compose.service

@@ -8,7 +8,7 @@ Type=oneshot
 RemainAfterExit=true
 EnvironmentFile=-/tapp/env
 WorkingDirectory=/tapp
-ExecStart=/usr/bin/env docker compose up -d
+ExecStart=/usr/bin/env app-compose.sh
 ExecStop=/usr/bin/env docker compose down
 StandardOutput=journal+console
 StandardError=journal+console

basefiles/app-compose.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+tdxctl notify-host -e "boot.progress" -d "pulling images" || true
+if ! docker compose pull; then
+    tdxctl notify-host -e "boot.error" -d "failed to pull images"
+    exit 1
+fi
+
+tdxctl notify-host -e "boot.progress" -d "starting containers" || true
+if ! docker compose up -d; then
+    tdxctl notify-host -e "boot.error" -d "failed to start containers"
+    exit 1
+fi
+
+tdxctl notify-host -e "boot.progress" -d "containers started" || true

host-api/Cargo.toml

@@ -0,0 +1,21 @@
+[package]
+name = "host-api"
+version.workspace = true
+authors.workspace = true
+edition.workspace = true
+license.workspace = true
+
+[dependencies]
+prpc.workspace = true
+prost.workspace = true
+serde = { workspace = true, features = ["derive"] }
+serde_json.workspace = true
+anyhow.workspace = true
+http-client = { workspace = true, optional = true, features = ["prpc"] }
+
+[build-dependencies]
+prpc-build.workspace = true
+
+[features]
+default = ["client"]
+client = ["dep:http-client"]

host-api/build.rs

@@ -0,0 +1,11 @@
+fn main() {
+    prpc_build::configure()
+        .out_dir("./src/generated")
+        .mod_prefix("super::")
+        .build_scale_ext(false)
+        .disable_service_name_emission()
+        .disable_package_emission()
+        .enable_serde_extension()
+        .compile_dir("./proto")
+        .expect("failed to compile proto files");
+}

host-api/proto/host_api.proto

@@ -0,0 +1,21 @@
+
+syntax = "proto3";
+
+import "google/protobuf/empty.proto";
+
+package host_api;
+
+message HostInfo {
+  string name = 1;
+  string version = 2;
+}
+
+message Notification {
+  string event = 1;
+  string payload = 2;
+}
+
+service HostApi {
+  rpc Info(google.protobuf.Empty) returns (HostInfo);
+  rpc Notify(Notification) returns (google.protobuf.Empty);
+}

host-api/src/client.rs

@@ -0,0 +1,8 @@
+use crate::host_api_client::HostApiClient;
+use http_client::prpc::PrpcClient;
+
+pub type DefaultClient = HostApiClient<PrpcClient>;
+
+pub fn new_client(base_url: String) -> DefaultClient {
+    DefaultClient::new(PrpcClient::new(base_url))
+}

host-api/src/generated/mod.rs

@@ -0,0 +1,4 @@
+pub use host_api::*;
+
+#[allow(async_fn_in_trait)]
+mod host_api;

host-api/src/lib.rs

@@ -0,0 +1,8 @@
+extern crate alloc;
+
+pub use generated::*;
+
+mod generated;
+
+#[cfg(feature = "client")]
+pub mod client;

http-client/Cargo.toml

@@ -0,0 +1,26 @@
+[package]
+name = "http-client"
+version.workspace = true
+authors.workspace = true
+edition.workspace = true
+license.workspace = true
+
+[dependencies]
+anyhow.workspace = true
+http-body-util.workspace = true
+hyper.workspace = true
+hyper-util.workspace = true
+hyperlocal.workspace = true
+log.workspace = true
+pin-project-lite = "0.2.15"
+prpc = { workspace = true, optional = true }
+tokio.workspace = true
+tokio-vsock.workspace = true
+tower-service = "0.3.3"
+
+[dev-dependencies]
+tokio = { workspace = true, features = ["full"] }
+
+[features]
+default = ["prpc"]
+prpc = ["dep:prpc"]