From 5760c20200d20d07977d881ab21d4c22921d0f9e Mon Sep 17 00:00:00 2001 From: Kevin Wang Date: Tue, 31 Dec 2024 08:23:48 +0000 Subject: [PATCH] Add workaround for the network issue of the keyprovider --- key-provider-build/docker-compose.yaml | 17 ++++++++++++----- key-provider-build/sgx_default_qcnl.conf | 9 +++++++++ 2 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 key-provider-build/sgx_default_qcnl.conf diff --git a/key-provider-build/docker-compose.yaml b/key-provider-build/docker-compose.yaml index 31fbe037..82e5ee2e 100644 --- a/key-provider-build/docker-compose.yaml +++ b/key-provider-build/docker-compose.yaml @@ -1,7 +1,6 @@ services: gramine-sealing-key-provider: container_name: gramine-sealing-key-provider - network_mode: host build: context: . dockerfile: Dockerfile @@ -10,8 +9,16 @@ services: - "/dev/sgx_enclave:/dev/sgx_enclave" - "/dev/sgx_provision:/dev/sgx_provision" volumes: - - "/etc/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf" - environment: - - SGX=1 + - "./sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf" + extra_hosts: + - "host.docker.internal:host-gateway" ports: - - "3443:3443" + - "127.0.0.1:3443:3443" + + # proxy to access the local pccs for the aesm service + # The local PCCS is supposed to be running on the host machine and listening on 127.0.0.1:8081 + pccs-proxy: + image: alpine/socat + container_name: pccs-proxy + network_mode: host + command: TCP-LISTEN:8082,bind=172.17.0.1,fork,reuseaddr TCP:127.0.0.1:8081 diff --git a/key-provider-build/sgx_default_qcnl.conf b/key-provider-build/sgx_default_qcnl.conf new file mode 100644 index 00000000..722f5517 --- /dev/null +++ b/key-provider-build/sgx_default_qcnl.conf @@ -0,0 +1,9 @@ +{ + "pccs_url": "https://host.docker.internal:8082/sgx/certification/v4/", + "use_secure_cert": false, + "retry_times": 6, + "retry_delay": 10, + "pck_cache_expire_hours": 168, + "verify_collateral_cache_expire_hours": 168, + "local_cache_only": false +} \ No newline at end of file