From 0045b0c4bfafdfd0eca104210804ec3f2ae3decc Mon Sep 17 00:00:00 2001 From: ghe0 Date: Sun, 26 Jan 2025 01:37:16 +0200 Subject: [PATCH] added information about testnet --- src/SUMMARY.md | 17 +++-- src/brain/README.md | 2 +- src/brain/intro.md | 14 +++++ src/cloud/access.md | 20 ++++++ src/cloud/advanced.md | 136 ++++++++++++++++++++++++++++++++++++++++ src/cloud/cli.md | 115 +++++++++++++++++++++++++++++++++ src/cloud/components.md | 46 ++++++++++++++ src/cloud/gui.md | 5 ++ src/cloud/overview.md | 7 +++ src/cloud/tokens.md | 69 ++++++++++++++++++++ src/cloud/using.md | 11 ++++ src/operators/AMD.md | 91 +++++++++++++++++++++++++++ src/operators/README.md | 1 - src/operators/intro.md | 12 ++++ 14 files changed, 538 insertions(+), 8 deletions(-) create mode 100644 src/brain/intro.md create mode 100644 src/cloud/access.md create mode 100644 src/cloud/advanced.md create mode 100644 src/cloud/cli.md create mode 100644 src/cloud/components.md create mode 100644 src/cloud/gui.md create mode 100644 src/cloud/overview.md create mode 100644 src/cloud/tokens.md create mode 100644 src/cloud/using.md create mode 100644 src/operators/AMD.md delete mode 100644 src/operators/README.md create mode 100644 src/operators/intro.md diff --git a/src/SUMMARY.md b/src/SUMMARY.md index b83ec79..f67ecb3 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -12,12 +12,17 @@ # Reference Guide -- [Node Operators](./operators/README.md) - - [detee-daemon]() -- [Brain](./brain/README.md) - - [brain-node]() -- [Users]() - - [detee-cli]() +- [DeTEE Cloud](./cloud/overview.md) + - [Components](./cloud/components.md) + - [Token system](./cloud/tokens.md) +- [Join as a User](./cloud/using.md) + - [Getting Access](./cloud/access.md) + - [CLI](./cloud/cli.md) + - [GUI](./cloud/gui.md) + - [Advanced Features](./cloud/advanced.md) +- [Join as a Node](./operators/intro.md) + - [AMD](./operators/AMD.md) +- [The Brain](./brain/intro.md) --- diff --git a/src/brain/README.md b/src/brain/README.md index f221123..5e719e8 100644 --- a/src/brain/README.md +++ b/src/brain/README.md @@ -1 +1 @@ -# DeTEE Brain Network \ No newline at end of file +# Brain diff --git a/src/brain/intro.md b/src/brain/intro.md new file mode 100644 index 0000000..d0c6776 --- /dev/null +++ b/src/brain/intro.md @@ -0,0 +1,14 @@ +# DeTEE Brain + +The Brain works similarly to a decentralized oracle that runs on TEEs. It has the capability to scale data distribution by leveraging [DHTs](https://en.wikipedia.org/wiki/Distributed_hash_table), and is tailored to offer a secure and redundant database for the contracts of the DeTEE network. The contracts define the relationship between user and node (resources, price of resources, [SLA](https://en.wikipedia.org/wiki/Service-level_agreement)). + +Similar to the hacker challenge, the brain will create smart contracts on various blockchains, which will allow users to deposit tokens into the DeTEE network, and withdraw tokens from the network. The tokens that are in the network can be used for: +- consuming resources on the network (VMs or containers) +- voting for the upgrades of the brain + - voting power is based on the amount of resources consumed in the last cycle + - the customer is always right, so the customer gets to choose the software +- providing escrow as a node operator or as a user + - escrow can be used to compensate for low rating, based on the free market principle +- delegating escrow to servers and to users in order to get rewards + +This component is currently under development. The high level mechanics of the brain are simulated in a centralized API, that will be used to power the testnet till the release of the decentralized brain. diff --git a/src/cloud/access.md b/src/cloud/access.md new file mode 100644 index 0000000..6428096 --- /dev/null +++ b/src/cloud/access.md @@ -0,0 +1,20 @@ +# Getting Access + +In order to test our cloud, you will first need an airdrop of testnet tokens. Here are a few ways to qualify for airdrops: +- Join our [Discord Server](https://discord.gg/zrK56XMe) +- Follow [DeTEE on Twitter](https://x.com/detee_network) +- Follow [DeTEE on Instagram](https://www.instagram.com/detee_network/) +- Follow [DeTEE on Linkedin](https://www.linkedin.com/company/105187289) +- Follow [Gheorghe](https://www.linkedin.com/in/ghe0/) on Linkedin. Gheorghe loves attention so this will get you extra points. +- Follow [Valy](https://www.linkedin.com/in/valentyn-faychuk-589674204/) on Linkedin. +- Post about DeTEE on social media. +- Post a review of the the [hacker-challenge](https://gitea.detee.cloud/general/hacker-challenge/) +- Be active in the community and provide feedback to help us improve our service +- Report bugs +- Help us improve documentation + +Please be aware that the airdrops are awarded based on the activity, meaning being more involved will allow you to get more tokens, which will grant you access to more testnet resources. + +To collect the airdrops after performing the activities above, write to us on Discord in the [๐Ÿ“ฆclaim-airdrops](https://discord.gg/zmR3Bzxz) channel. Summarize your activity with links (for example, links to social media posts you made about DeTEE). + +Once you secure an airdrop in your DeTEE wallet, you can start using the DeTEE CLI. diff --git a/src/cloud/advanced.md b/src/cloud/advanced.md new file mode 100644 index 0000000..724b69b --- /dev/null +++ b/src/cloud/advanced.md @@ -0,0 +1,136 @@ +# Advanced Features + +This article is oriented towards power users that would like to know more about the mechanics of the DeTEE platform and would like to experiment by adding their own kernel, their own initrd or building OS templates for their own distribution or with their own apps. + +## Kernel and DTRFS + +DeTEE VMs currently run using the latest stable version of the kernel. This is required in order to guarantee the SNP features are enabled. As the progress moves forward, we will also offer the LTS kernel as part of our default feature set. + +AMD SNP attestation is based on the following parameters: +- Number of vCPUs +- Type of the virtual CPU +- Generation of the underlying hardware +- Kernel image +- The initrd image +- Kernel parameters +- VM firmware + +The CLI works together with the initrd (which is actually an initramfs) to enable remote attestation. The integration is based on [virtee](https://github.com/virtee/). As you probably imagined, the normal initramfs images offered by normal distributions do not offer the capabilities required for remote attestation, so we decided to build the DeTEE Init RAM FileSystem (DTRFS). + +The code required to build DTRFS is currently not public and will get open sourced after the project grows enough to open source the entire intellectual property. You can, however check the contents of the initramfs by downloading the images listed in the CLI: + +```yaml + $ detee-cli vm dtrfs +name: dtrfs-6.12.8 +vendor: gheorghe +dtrfs_url: http://registry.detee.ltd/dtrfs-payments2025-01-23.cpio.gz +dtrfs_sha: 2e95d7969a0f2ae2ee6f37acd2789a032be1653e76ba93e607477c8b1cde42ed +kernel_url: http://registry.detee.ltd/vmlinuz-linux-6.12.10-arch1-1 +kernel_sha: f3a4a74b11c07efa0338c5741d44f13480727e8f2021364a64fcffe1706c6231 + +name: dtrfs-6.12.9 +vendor: ramil +dtrfs_url: http://registry.detee.ltd/detee-constantin-6.12.9-arch1-1.cpio.gz +dtrfs_sha: f1d4d818b5f403ec84b6f1f23cbca3d29ccad6db11941fd60fef1018d9116be4 +kernel_url: http://registry.detee.ltd/vmlinuz-linux-6.12.9-arch1-1 +kernel_sha: 8094abfd3a2a9dfdbc19b39d7e720eb43116b885abb36fc9431f0c18cbd5938e +``` + +DTRFS is based on ArchLinux, however the kernel and the initramfs support any distribution that will work with a generic kernel. Each DTRFS image is linked to an archlinux kernel, in order to guarantee that the kernel gets the modules required to work as a SNP VM running on top of QEMU. + +## Distributions + +Our system currently offers 3 distributions: ArchLinux, Ubuntu and Fedora. You are free to package your own OS template. It should work as long as the operating system works with a generic kernel. Please take the following things into consideration: +- The VM does not need `/boot/`, meaning it does not need a kernel or a initramfs +- As a consequence, the VM also does not need kernel modules +- Make sure `sshd` will start and will listen on `0.0.0.0:22` after boot + +After creating the image, upload it to any webserver you want and add provide the URL to the CLI. Don't forget to also update the sha256sum of the image, as it gets verified during the installation process. + +### ArchLinux example + +Create an arch VM on DeTEE: +``` +$ detee-cli vm deploy --distro arch +No hostname specified! Using random VM name: mythical-mop +Node price: 0.00002/unit/minute. Total Units for hardware requested: 61. Locking 0.0732 tokens (offering the VM for 1 hours). +Injecting disk encryption key into VM. This will take a minute. Do not interrupt. +VM CREATED! To ssh, run the following command: + ssh -p 49545 root@173.234.17.2 +``` + +SSH into the VM using the command above (`ssh -p 49545 root@173.234.17.2` in our case) and execute the following commands to build your OS template: + +``` +pacman -Syu --noconfirm +pacman -S --noconfirm arch-install-scripts fsarchiver +pacstrap /mnt base openssh +ln -s /usr/lib/systemd/system/sshd.service /mnt/etc/systemd/system/multi-user.target.wants/sshd.service +rm -rf /mnt/var/cache/pacman/pkg +fsarchiver savedir /tmp/os_template.fsa /mnt +``` + +Download the OS arch template: +``` +scp -P 49545 root@173.234.17.2:/tmp/os_template.fsa ./detee_arch_$(date -I).fsa +# and grab sha256sum: +sha256sum ./detee_arch_$(date -I).fsa +``` +And upload it to your registry. + +### Ubuntu example + +Create an ubuntu VM on DeTEE: +``` +detee-cli vm deploy --distro ubuntu +``` + +SSH into the VM by using the SSH command offered by the installer (for example `ssh -p 48331 root@173.234.17.2`) and run the following bash commands: +``` +apt update +apt dist-upgrade -y +apt install software-properties-common -y +add-apt-repository universe -y +apt install fsarchiver debootstrap -y +debootstrap --include=openssh-server --arch=amd64 noble /mnt http://archive.ubuntu.com/ubuntu/ +rm -rf /mnt/var/cache/apt/archives/ +ln -s /usr/lib/systemd/system/sshd.service /mnt/etc/systemd/system/multi-user.target.wants/sshd.service +fsarchiver savedir /tmp/os_template.fsa /mnt +``` + +Logout of SSH and scp the file to your machine: +``` +scp -P 48331 root@173.234.17.2:/tmp/os_template.fsa ./detee_ubuntu_$(date -I).fsa +``` + + +## Experimenting on your own + +If you feel like experimenting, the CLI allows you to deploy a VM using your own kernel and your own OS template. This can be done using `detee-cli vm deploy --from-yaml` and passing the path to your config. Examples can be found in `~/.detee/cli/new_vm_samples/` + +This is how the yaml file must look: +```yaml +hostname: my-specific-vm-01 +price: 20000 +hours: 5 +location: + country: "GB" +ipv4: !PublishPorts +public_ipv6: false +vcpus: 2 +memory_mb: 2000 +disk_size_gb: 20 +dtrfs: + name: myinitramfs + vendor: My Company Ltd + dtrfs_url: http://registry.detee.ltd/detee-constantin-6.12.9-arch1-1.cpio.gz + dtrfs_sha: f1d4d818b5f403ec84b6f1f23cbca3d29ccad6db11941fd60fef1018d9116be4 + kernel_url: http://registry.detee.ltd/vmlinuz-linux-6.12.9-arch1-1 + kernel_sha: 8094abfd3a2a9dfdbc19b39d7e720eb43116b885abb36fc9431f0c18cbd5938e +distro: + name: ubuntu_2025-01-14 + vendor: whoami + template_url: http://registry.detee.ltd/ubuntu_os_template.fsa + template_sha: dab318f58c19d31181fc09a497d26408c06fb445913809075d7be74583172205 +``` + diff --git a/src/cloud/cli.md b/src/cloud/cli.md new file mode 100644 index 0000000..e7b2cb2 --- /dev/null +++ b/src/cloud/cli.md @@ -0,0 +1,115 @@ +# DeTEE CLI + +For obvious reasons, the CLI is the first end-user app developed as part of our product. + +### Installation + +The DeTEE CLI is available as a container. First make sure you [install docker] https://docs.docker.com/desktop/). + +Once docker is installed, use the following command to run the CLI: +``` +docker run -it --name detee-cli --entrypoint /usr/bin/fish $IMAGE_NAME +``` + +> Currently, the `IMAGE_NAME` is not public. For a private demo, please [contact us](https://discord.gg/zrK56XMe). + +DeTEE CLI features completion for bash, zsh and fish and you are heavily encouraged to use completion. You can also enable extra logs by adding the environment variable `LOG_LEVEL=INFO` or `LOG_LEVEL=DEBUG` + +### Configure accounts + +Inside the container, configure the accounts for your session: +``` +ssh-keygen +# Hit enter a few times. +detee-cli account ssh-pubkey-path /root/.ssh/id_ed25519.pub +detee-cli account brain-url http://164.92.249.180:31337 +``` + +Also, list get your public key: +``` +detee-cli account +~ $ detee-cli account +Config path: /home/ghe0/.detee/cli/cli-config.yaml +The brain URL is: http://detee-build-1:31337 +SSH Key Path: /home/ghe0/.ssh/id_ed25519.pub +DeTEE wallet key: x52w7jARC5erhWWK65VZmjdGXzBK6ZDgfv1A283d8XK +Account Balance: 980.16022 DeTEE Tokens available, 0 Tokens locked +SNP admin secret key path: /home/ghe0/.detee/cli/secret_detee_wallet_key +``` + +And give it to us on Discord so that we can give you your airdrop (assuming you have [access](./access.md)). + +### Deploy a VM + +To see options f#or deploying a VM, just write `detee-cli vm deploy --` and hit TAB. Autocompletion will show available options: +``` +~ $ detee-cli vm deploy -- +--country (deploy to a specific Country) +--disk (disk size in GB) +--distro (GNU/Linux distribution) +--from-yaml (allows extended config through yaml) +--help (Print help (see more with '--help')) +--hostname (hostname of you VM and OS) +--hours (for how many hours should the VM run) +--memory (memory in MB) +--price (price per unit per minute; check docs) +--public-ip (get a public IPv4 address for this VM) +--vcpus (the number of vCPUs) +``` + +Deploying a VM looks like this: +``` +~ $ detee-cli vm deploy --distro ubuntu --vcpus 4 --memory 4096 --disk 20 --hours 4 +No hostname specified! Using random VM name: luminous-soap +Node price: 0.00002/unit/minute. Total Units for hardware requested: 216. Locking 1.0368 tokens (offering the VM for 4 hours). +Injecting disk encryption key into VM. This will take a minute. Do not interrupt. +VM CREATED! To ssh, run the following command: + ssh -p 44367 root@173.234.17.2 +``` + +In the background, the CLI will perform an attestation of the SNP server and also download the public SSH keys of the servers during the attestation. SSH will just work. + +Now you can list VMs to get information: +``` + +~ $ detee-cli vm list +โ•ญโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ +โ”‚ City โ”‚ UUID โ”‚ hostname โ”‚ Cores โ”‚ Mem (MB) โ”‚ Disk โ”‚ DTE/h โ”‚ time left โ”‚ +โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค +โ”‚ London โ”‚ d51de633-640f-4b19-b372-b4197b321c8d โ”‚ luminous-soap โ”‚ 4 โ”‚ 4096 โ”‚ 20 โ”‚ 0.2592 โ”‚ 3h 59m โ”‚ +โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ +``` + +In case you forgot SSH details for your VM, just use the SSH wrapper: +``` +~ $ detee-cli vm ssh d51de633-640f-4b19-b372-b4197b321c8d +Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.12.10-arch1-1 x86_64) +root@luminous-soap:~# +``` + +### Update or delete VM + +The update command will allow you to modify the hardware specification and also the number of hours that you want your VM to run. If both hardware and time are modified, the hardware modification is executed first and the tokens are recalculated after that. + +``` +~ $ detee-cli vm update --vcpus 2 --memory 2000 --hours 10 d51de633-640f-4b19-b372-b4197b321c8d +The node accepted the hardware modifications for the VM. +Injecting disk encryption key into VM. This will take a minute. Do not interrupt. +The VM will run for another 10 hours. +~ $ detee-cli vm list +โ•ญโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ +โ”‚ City โ”‚ UUID โ”‚ hostname โ”‚ Cores โ”‚ Mem (MB) โ”‚ Disk โ”‚ DTE/h โ”‚ time left โ”‚ +โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค +โ”‚ London โ”‚ d51de633-640f-4b19-b372-b4197b321c8d โ”‚ luminous-soap โ”‚ 2 โ”‚ 2000 โ”‚ 20 โ”‚ 0.1344 โ”‚ 10h 0m โ”‚ +โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ +~ $ +``` + +Please note that changing the number of CPUs or the kernel will rotate the hot decryption key of the server. This is why after these updates the CLI will use the backup key to start the VM. + +Deletion works as expected: +``` +~ $ detee-cli vm delete d51de633-640f-4b19-b372-b4197b321c8d +VM deleted. +~ $ +``` diff --git a/src/cloud/components.md b/src/cloud/components.md new file mode 100644 index 0000000..a65c7f2 --- /dev/null +++ b/src/cloud/components.md @@ -0,0 +1,46 @@ +# Components + +DeTEE is built of multiple components that are already under development, as follows: +- **The Brain**: a decentralized contract manager (functioning very much like an Oracle) that runs on top of the DeTEE encryption layer + - [x] stores your account balance (no matter if you are a user or a node operator) + - [x] allows you to create contracts for VMs and containers + - [ ] allows you to create contracts for GPUs + - [ ] allows users to vote for the upgrades of the platform + - [x] stores ratings for users + - [ ] allows you to deposit and withdraw DeTEE tokens via different blockchains + +- **(Intel) SGX Daemon**: Software that powers the SGX node, allowing customers to run containers + - [x] allows you to run containers based on [occlum](https://github.com/occlum/occlum) + - [x] allows you to expose ports on the public IP of the node + - [ ] offers domain services and TLS termination based on intel SGX + - [x] allows payment model based on reservation of hardware + +- **(AMD) SNP Daemon**: Software that powers the SNP node, allowing customers to run VMs + - [x] allows you to run VMs based using ArchLinux, Ubuntu and Fedora as a base + - [x] allows you to expose ports on the public IP of the node + - [x] allows dedicated public IPv4 and public IPv6 addresses for the VMs + - [x] allows payment model based on reservation of hardware + +- **DeTEE CLI**: end-user CLI that allows you manage resources on the DeTEE platform + - [x] allows you to manage your account data + - [x] allow you to manage VMs + - [x] allow you to manage containers + - [x] allow you to manage containers + - [ ] offers warning about containers and VMs facing performance issues or decommissioning + - [ ] enables withdrawal of tokens to public blockchains + - [ ] manage access to resources based on teams + +- **DeTEE Web GUI**: Will offer the same features as the CLI in a user friendly manner + +- **Orchestrator**: advanced cloud service that offers high availability and clustering for software services running on the DeTEE platform + - [ ] management of secrets using DeTEE encryption + - [x] deployment of swarms of containers across multiple nodes + - [ ] create groups of highly available VMs based on the same template + - [ ] automatic scaling of resources based on load + - [ ] automatic migration of resources in case of hardware failure (or decommissioning) + - [ ] multi-region clusters + +Future components (currently not under development): +- **(Arm) TrustZone Daemon**: Software that powers the SNP node, allowing customers to run VMs +- **(NVIDIA) GPU Daemon**: Software that powers the SNP node, allowing customers to run VMs + diff --git a/src/cloud/gui.md b/src/cloud/gui.md new file mode 100644 index 0000000..968990f --- /dev/null +++ b/src/cloud/gui.md @@ -0,0 +1,5 @@ +# GUI + +The DeTEE GUI will be designed by taking inspiration from existing cloud platforms. Expect a user friendly experience, focused on allowing easy deployment and migration of cloud applications. + +At this stage, development has not started, however we are confident in the architecture from a security point of view. The GUI will allow users to deploy and attest enclaves from the browser, without the need of installing an application. Details of implementation will be disclosed at a later stage. diff --git a/src/cloud/overview.md b/src/cloud/overview.md new file mode 100644 index 0000000..fe4f834 --- /dev/null +++ b/src/cloud/overview.md @@ -0,0 +1,7 @@ +# DeTEE Cloud + +The mission of DeTEE is to create a decentralized cloud solution that functions as an open market for hardware resources. The DeTEE protocol is connecting the customers (mostly software companies) and the service providers (node operators), ensuring the business activity of all participants runs smoothly. In order to make the decentralized network feel like a cloud platform, DeTEE inspired the user experience from popular cloud platforms (Kubernetes, Openstack, AWS, GCP), and optimized and simplified the flow to the benefit of the end user. + +In order to make the environment business-friendly, guarantees regarding security and privacy must be offered by the software powering the platform. In order to achieve this, DeTEE leverages the hardware capabilities of TEEs into the core of the platform, working already with Intel SGX and AMD SEV-SNP, and planning to integrate Intel TDX, AMD Trustzone and NVIDIA H100 GPUs in the future. As we canโ€™t be responsible for the reliability of the hardware itself, the strategy of DeTEE involves offering users the possibility to choose the hardware they work with, and to easily migrate their applications from one system to another. + +The DeTEE cloud will soon enter the testnet phase, allowing members of our community to deploy containers and VMs on the DeTEE network. The testnet does not guarantee stability (actually it guarantees disruptions, as we are actively developing the software). diff --git a/src/cloud/tokens.md b/src/cloud/tokens.md new file mode 100644 index 0000000..660af40 --- /dev/null +++ b/src/cloud/tokens.md @@ -0,0 +1,69 @@ +# Token system + +> Considering how young this project is, everything on this page will probably change in the future. + +The token payment and reward mechanism of DeTEE is based on the core concepts of the open market and the requirements of creating a TEE-based decentralized cloud platform: +- nodes are free to choose their price +- users are free to choose nodes based on their rating and price +- nodes are free to refuse contracts (or users) +- the cost of an enclave must be based on the amount of resources used +- enclaves can not be migrated (they are bound to the server) +- the guest can not access the host +- the host can not access the guest + +One of the first conclusions after analyzing the requirements above is that designing a mechanism was that implementing payment for resource utilization is exceptionally hard. As a consequence, DeTEE currently supports only payment for resource reservation, and different models will be considered as the project grows. This means that the user will pay for the resources he reserves, not for the resources he uses. For example, if a user reserves a VM with 4 vCPUs and 5GB of memory, however the load on the VM is minimal, the user will still pay for vCPUs and 5 GBs of memory. To compensate for this, automation and orchestration tools will be offered to users. + +Though nodes get paid for resource reservation, during the testnet nodes will also receive a base reward of 100 test tokens per month. This means that all nodes will receive by default 100 test tokens per month in the testnet, no matter if they sell or not. + +## Resource calculation + +Before calculating the price per month for a VM or a container, we must define the formula to calculate the multiplier for each hardware resource that is part of the contract. To simplify the formula, we will define โ€œunitsโ€, each class of hardware warning units based on their own multiplier. + +Based on our experience when using cloud services, we decided that the price of a resource will be calculated based on the number of minutes the resource is being used. As a consequence, using a resource for 10 seconds will qualify as using that resource for 1 minute, and using the resource for 70 seconds will qualify as using the resource for 2 minutes. + +A server is also free to choose the price per unit per minute for his service. This price is defined in nanotokens. The current recommended value is 20k nanotokens per unit per minute. With the current calculation, a VM with 1 vCPU, 1 GB of memory, 20 GB of storage and one public IP will cost 24.4 tokens per month. + +### Units + +> The current mechanism does not distinguish based on the quality of the hardware. In the future, you should expect to see tiers for disk and for memory. + +For now, the multipliers offered for hardware are: +- 1 vCPU - offers 10 units +- 1 GB of Memory - offers 5 units +- 10 GB of Storage - offers 1 unit +- 1 public IPv4 IP - offers 10 units + +VMs also have an overhead for the memory due to SNP requirements. + +As such, the calculation of the total units of a VM is: + +``` +total_units = (vcpus * 10) + ((memory_mb + 256) / 200) + (disk_gb / 10) + (public_ipv4 * 10) +``` + +## Price and time + +The node is free to choose the price for its services, expressed in nanotokens per unit. The recommended value is 20k. Please find below calculations for a price of 10k, 20k and 40k nanotokens per unit per minute. + +For this example, let's take into consideration 3 types of VMs: +- a mini VM: 1 vCPUs, 1 GBs of memory and 10GBs of storage +- a medium VM: 5 vCPUs, 10 GBs of memory and 100GBs of storage +- a big VM: 16 vCPUs, 32 GBs of memory and 400GBs of storage + +For the calculation, all VMs have a dedicated public IPv4 address. + +In this table you can see the rounded price in tokens per month for the these VM types: + +| node price | mini VM | med vm | big VM | +| ------------------ | --------- | ---------- | --------- | +| 10k nanoT/unit/min | ~12 T/mo | ~52 T/mo | ~160 T/mo | +| 20k nanoT/unit/min | ~24 T/mo | ~105 T/mo | ~320 T/mo | +| 40k nanoT/unit/min | ~47 T/mo | ~210 T/mo | ~641 T/mo | + +Full calculation of price per month for one mini VM at a node price of 20k nanotokens: +``` +((1 * 10) + (1256 / 200) + (10 / 10) + 10) * 20000 * 60 * 24 * 30 / 1_000_000_000 = +23.56992 +``` + +As a result, a node selling 31 mini VMs for one month at a default price of 20k/unit/min will earn 730 tokens. diff --git a/src/cloud/using.md b/src/cloud/using.md new file mode 100644 index 0000000..8347b34 --- /dev/null +++ b/src/cloud/using.md @@ -0,0 +1,11 @@ +# Using DeTEE Cloud + +Please be aware this product has been designed for: +- DevOps engineers +- Cloud engineers +- Software developers +- Cybersecurity enthusiasts + +Having basic understanding of operating systems, containers, virtual machines and deployment of software is required in order to use the CLI. The product was heavily inspired from existing open source cloud apps (Docker, Kubernetes, Proxmox, OpenStack). + +As we are currently in a testnet phase, you will first have to get some tokens in order to be able to test the app. Details on how to get access can be found in the next chapter. diff --git a/src/operators/AMD.md b/src/operators/AMD.md new file mode 100644 index 0000000..e6944fd --- /dev/null +++ b/src/operators/AMD.md @@ -0,0 +1,91 @@ +# Running AMD servers on DeTEE + +Registering an AMD server on the DeTEE network will allow you to collect rewards by running VMs for the DeTEE users. + +To be able to run the server on the network, it must support SEV SNP, meaning it must be part of these 3 generations: +- AMD EPYC 7003 (Milan) +- AMD EPYC 8004 (Siena) +- AMD EPYC 9004 (Genoa or Bergamo) +- AMD EPYC 9005 (Turin) + +More information about the capabilities of each generation can be found on the [AMD website](https://www.amd.com/en/products/processors/server/epyc/infinity-guard.html). Our focus is strictly focused on the SEV-SNP capability. + +The server must have a public IP. + +## The Kernel + +TL/DR: You need a new kernel, so install Fedora or Archlinux on the server. We will write here when newer generations are supported. + +## DeTEE Daemon + +Install the detee-snp-daemon from here (TODO: add link). + +You will need to configure the daemon by modifying `/etc/detee/daemon/config.yaml`. The default configuration does not offer public IPs, and offers by default 16 vCPUs, 20GB of Memory and 400GB of storage. Modify these values depending on how many resources you want to rent to the network. + +Here is a sample configuration that includes public IPv4 and IPv6 IPs: +```json +brain_url: "http://164.92.249.180:31337" +max_cores_per_vm: 8 +max_vcpu_reservation: 24 +max_mem_reservation_mb: 25000 +network_interfaces: + - driver: "MACVTAP" + device: "eno8303" + ipv4_ranges: + - first_ip: "173.234.136.154" + last_ip: "173.234.136.155" + netmask: "27" + gateway: "173.234.136.158" + - first_ip: "173.234.137.17" + last_ip: "173.234.137.17" + netmask: "27" + gateway: "173.234.137.30" + ipv6_ranges: + - first_ip: "2a0d:3003:b666:a00c:0002:0000:0000:0011" + last_ip: "2a0d:3003:b666:a00c:0002:0000:0000:fffc" + netmask: "64" + gateway: "2a0d:3003:b666:a00c::1" +volumes: + - path: "/var/lib/detee/" + max_reservation_gb: 500 +public_port_range: + start: 30000 + end: 50000 +max_ports_per_vm: 5 +price: 20000 +``` + +## Configuration details + +The only network driver currently supported is MACVTAP. If you have a subnet that does not work with MACVTAP, please contact us on our [Discord Server](https://discord.gg/TSG2DKnw), and we will improve the code to allow you to host your network using IPVTAP or a Bridge setup. + +The private IPv4 connection and port forwarding capabilities are enabled through QEMU. VMs will not be able to communicate with each other using this setup. + +Please feel free to experiment with the price. A price of 20000 is recommended by our team in the testnet. + +## Registering node + +You will need the detee-cli (TODO: add link) to register your node under your DeTEE account. The rewards are collected by the owner (meaning the DeTEE wallet generated by the CLI) and not by the node. Follow the steps below to register the node. + +When booting, the node will print it's public key in the logs. To access logs, run: +``` +journalctl -fu detee-snp-daemon.service +``` +In the logs, there will be a line similar to this: +``` +Jan 26 00:59:13 detee-amd-1 detee-snp-daemon[764125]: [2025-01-25T22:59:13Z INFO detee_snp_daemon::global] Loaded the following public key: 7Xw3RxbP5pvfjZ8U6yA3HHVSS9YXjKH5Vkas3JRbQYd9 +``` + +Grab the key and use the following command in the detee-cli to register the node: +``` +detee-cli account register-node 7Xw3RxbP5pvfjZ8U6yA3HHVSS9YXjKH5Vkas3JRbQYd9 +``` + +You should be set. + +## Easy way to collect rewards + +- tell your friends about DeTEE +- convince them to write about us on social media so that they get an airdrop +- ask them to use their airdrop to create a VM on your server + diff --git a/src/operators/README.md b/src/operators/README.md deleted file mode 100644 index 7943ac1..0000000 --- a/src/operators/README.md +++ /dev/null @@ -1 +0,0 @@ -# DeTEE Server Provider Operators \ No newline at end of file diff --git a/src/operators/intro.md b/src/operators/intro.md new file mode 100644 index 0000000..c3db836 --- /dev/null +++ b/src/operators/intro.md @@ -0,0 +1,12 @@ +# Node Operators + +DeTEE currently supports Intel SGX and AMD SNP servers. In the future, we are planning to also support Arm TrustZone and NVIDIA GPUs. Our mission is to support all hardware that offers TEEs. + +Please be aware that this is a cloud product oriented for businesses, which has some implications: +- You will be judged by the community based on the performance of your server. +- Nodes must have a public IP. SNP nodes can optionally offer dedicated private IPs for VMs. +- In production, node operators will be encouraged to offer escrow as a guarantee for users. + +Earning tokens by running a node on DeTEE is as easy as setting up a server. Assuming you have experience with running Linux servers, the process is not difficult. + +If you would like to participate, we currently suggest renting dedicated bare metal servers. A minimal SGX server will be a few times cheaper than a minimal SNP server. In the future, if you are planning to make a profit on DeTEE, we suggest buying servers, as this will probably allow you to offer hardware resources a few times cheaper than established cloud providers.