general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add SGX v2 self hosted machine for CI

Browse Source
This commit is contained in:
Hui, Chunyang 2021-08-11 11:17:59 +00:00 committed by Zongmin.Gu
parent 136c2cca95
commit 4ae8af62d6
3 changed files with 253 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
.github/workflows/demo_test.yml vendored
View File

@ -691,33 +691,3 @@ jobs:
- name: Run Bash test - name: Run Bash test
run: docker exec bash_test bash -c "cd /root/occlum/demos/bash && SGX_MODE=SIM ./run_bash_demo.sh" run: docker exec bash_test bash -c "cd /root/occlum/demos/bash && SGX_MODE=SIM ./run_bash_demo.sh"
# Tensorflow_serving requires binary tensorflow_serving PIC, here we compile tensorflow_model_server before workflow
tensorflow_serving_test:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v1
with:
submodules: true
- name: Create container
run: docker run -itd --name=tf_serving_test -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-tf_serving
- name: Build dependencies
run: docker exec tf_serving_test bash -c "cd /root/occlum; make submodule"
- name: Make install
run: docker exec tf_serving_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
- name: Move tensorflow_model_server
run: docker exec tf_serving_test bash -c "mv /root/tensorflow_model_server /root/occlum/demos/tensorflow/tensorflow_serving"
- name: Set up environment
run: docker exec tf_serving_test bash -c "cd /root/occlum/demos/tensorflow/tensorflow_serving; ./prepare_model_and_env.sh"
- name: Run tf_serving server
run: docker exec tf_serving_test bash -c "cd /root/occlum/demos/tensorflow/tensorflow_serving; SGX_MODE=SIM ./run_occlum_tf_serving.sh"
- name: Run tf_serving client
run: |
sleep 120;
docker exec tf_serving_test bash -c "cd /root/occlum/demos/tensorflow/tensorflow_serving/client; ./prepare_client_env.sh; ./benchmark.sh python3 localhost:8500 ../ssl_configure/server.crt"

278
.github/workflows/hw_mode_test.yml vendored
View File

@ -12,7 +12,11 @@ env:
jobs: jobs:
Collect-code-coverage: Collect-code-coverage:
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
run: | run: |
@ -38,7 +42,13 @@ jobs:
- name: Create container - name: Create container
run: | run: |
occlum_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04) if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
occlum_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
occlum_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "occlum_test=$occlum_test" >> $GITHUB_ENV echo "occlum_test=$occlum_test" >> $GITHUB_ENV
- name: Change download source of crates.io - name: Change download source of crates.io
@ -73,7 +83,11 @@ jobs:
Make-test-on-ubuntu: Make-test-on-ubuntu:
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
run: | run: |
@ -99,9 +113,16 @@ jobs:
- name: Create container - name: Create container
run: | run: |
occlum_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04) if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
occlum_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
occlum_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "occlum_test=$occlum_test" >> $GITHUB_ENV echo "occlum_test=$occlum_test" >> $GITHUB_ENV
- name: Change download source of crates.io - name: Change download source of crates.io
run: | run: |
docker exec $occlum_test bash -c "cat <<- EOF >/root/.cargo/config docker exec $occlum_test bash -c "cat <<- EOF >/root/.cargo/config
@ -131,7 +152,11 @@ jobs:
C_cpp_rust_golang_embedded_mode_support_test: C_cpp_rust_golang_embedded_mode_support_test:
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
run: | run: |
@ -155,7 +180,13 @@ jobs:
- name: Create container - name: Create container
run: | run: |
language_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04) if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
language_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
language_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "language_support_test=$language_support_test" >> $GITHUB_ENV echo "language_support_test=$language_support_test" >> $GITHUB_ENV
- name: Configure dependency source - name: Configure dependency source
@ -238,7 +269,11 @@ jobs:
Java_support_test: Java_support_test:
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
run: | run: |
@ -262,7 +297,13 @@ jobs:
- name: Create container - name: Create container
run: | run: |
java_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04) if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
java_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
java_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "java_support_test=$java_support_test" >> $GITHUB_ENV echo "java_support_test=$java_support_test" >> $GITHUB_ENV
- name: Configure dependency source - name: Configure dependency source
@ -300,7 +341,11 @@ jobs:
Bazel_test: Bazel_test:
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
run: | run: |
@ -324,7 +369,13 @@ jobs:
- name: Create container - name: Create container
run: | run: |
hello_bazel_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04) if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
hello_bazel_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
hello_bazel_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "hello_bazel_test=$hello_bazel_test" >> $GITHUB_ENV echo "hello_bazel_test=$hello_bazel_test" >> $GITHUB_ENV
- name: Configure dependency source - name: Configure dependency source
@ -368,7 +419,11 @@ jobs:
Fish_test: Fish_test:
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
run: | run: |
@ -392,9 +447,14 @@ jobs:
- name: Create container - name: Create container
run: | run: |
fish_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04) if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
fish_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
fish_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "fish_test=$fish_test" >> $GITHUB_ENV echo "fish_test=$fish_test" >> $GITHUB_ENV
cat $GITHUB_ENV
- name: Configure dependency source - name: Configure dependency source
run: | run: |
@ -433,7 +493,11 @@ jobs:
Xgboost_test: Xgboost_test:
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
run: | run: |
@ -457,9 +521,14 @@ jobs:
- name: Create container - name: Create container
run: | run: |
xgboost_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04) if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
xgboost_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
xgboost_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "xgboost_test=$xgboost_test" >> $GITHUB_ENV echo "xgboost_test=$xgboost_test" >> $GITHUB_ENV
cat $GITHUB_ENV
- name: Configure dependency source - name: Configure dependency source
run: | run: |
@ -498,7 +567,11 @@ jobs:
Sqlite_test: Sqlite_test:
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
run: | run: |
@ -522,7 +595,13 @@ jobs:
- name: Create container - name: Create container
run: | run: |
sqlite_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04) if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
sqlite_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
sqlite_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlum/occlum:$OCCLUM_VERSION-ubuntu18.04);
else
echo "Unsupported Hardware"
fi;
echo "sqlite_test=$sqlite_test" >> $GITHUB_ENV echo "sqlite_test=$sqlite_test" >> $GITHUB_ENV
- name: Configure dependency source - name: Configure dependency source
@ -559,7 +638,11 @@ jobs:
Python_musl_support_test: Python_musl_support_test:
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
run: | run: |
@ -581,7 +664,13 @@ jobs:
- name: Create container - name: Create container
run: | run: |
docker pull occlumbackup/occlum:latest-ubuntu18.04-python docker pull occlumbackup/occlum:latest-ubuntu18.04-python
python_musl_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-python) if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
python_musl_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-python);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
python_musl_support_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-python);
else
echo "Unsupported Hardware"
fi;
echo "python_musl_support_test=$python_musl_support_test" >> $GITHUB_ENV echo "python_musl_support_test=$python_musl_support_test" >> $GITHUB_ENV
- name: Configure dependency source - name: Configure dependency source
@ -613,7 +702,11 @@ jobs:
Openvino_test: Openvino_test:
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
run: | run: |
@ -635,7 +728,13 @@ jobs:
- name: Create container - name: Create container
run: | run: |
docker pull occlumbackup/occlum:latest-ubuntu18.04-openvino docker pull occlumbackup/occlum:latest-ubuntu18.04-openvino
openvino_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-openvino) if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
openvino_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-openvino);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
openvino_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-openvino);
else
echo "Unsupported Hardware"
fi;
echo "openvino_test=$openvino_test" >> $GITHUB_ENV echo "openvino_test=$openvino_test" >> $GITHUB_ENV
- name: Configure dependency source - name: Configure dependency source
@ -664,7 +763,11 @@ jobs:
Grpc_test: Grpc_test:
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
run: | run: |
@ -686,7 +789,13 @@ jobs:
- name: Create container - name: Create container
run: | run: |
docker pull occlumbackup/occlum:latest-ubuntu18.04-grpc docker pull occlumbackup/occlum:latest-ubuntu18.04-grpc
grpc_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-grpc) if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
grpc_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-grpc);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
grpc_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-grpc);
else
echo "Unsupported Hardware"
fi;
echo "grpc_test=$grpc_test" >> $GITHUB_ENV echo "grpc_test=$grpc_test" >> $GITHUB_ENV
- name: Change download source of crates.io - name: Change download source of crates.io
@ -720,9 +829,14 @@ jobs:
if: ${{ always() }} if: ${{ always() }}
run: docker stop $grpc_test run: docker stop $grpc_test
Gvisor_test: Gvisor_test:
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }} if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
run: | run: |
@ -744,7 +858,13 @@ jobs:
- name: Create container - name: Create container
run: | run: |
docker pull occlumbackup/occlum:latest-ubuntu18.04-gvisor_test docker pull occlumbackup/occlum:latest-ubuntu18.04-gvisor_test
gvisor_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-gvisor_test) if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
gvisor_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-gvisor_test);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
gvisor_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-gvisor_test);
else
echo "Unsupported Hardware"
fi;
echo "gvisor_test=$gvisor_test" >> $GITHUB_ENV echo "gvisor_test=$gvisor_test" >> $GITHUB_ENV
- name: Change download source of crates.io - name: Change download source of crates.io
@ -773,7 +893,10 @@ jobs:
Test_rpm_deploy: Test_rpm_deploy:
if: github.event_name == 'push' if: github.event_name == 'push'
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
@ -789,16 +912,28 @@ jobs:
- name: Test deployment - name: Test deployment
run: | run: |
cd demos/deployment cd demos/deployment
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
./deploy_image_test.sh centos8.2 ./deploy_image_test.sh centos8.2
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
DEVICE_OPTION="-v /dev/sgx:/dev/sgx" ./deploy_image_test.sh centos8.2
else
echo "Unsupported Hardware"
exit 1
fi;
- name: Clean the environment - name: Clean the environment
if: ${{ always() }} if: ${{ always() }}
run: docker stop centos8.2_deploy_test run: |
docker stop centos8.2_deploy_test
docker rm -f centos8.2_deploy_test
Test_deb_deploy: Test_deb_deploy:
if: github.event_name == 'push' if: github.event_name == 'push'
runs-on: [self-hosted, SGX1-HW] runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
self_runner: [[self-hosted, SGX1-HW], [self-hosted, SGX2-HW]]
steps: steps:
- name: Clean before running - name: Clean before running
@ -814,8 +949,91 @@ jobs:
- name: Test deployment - name: Test deployment
run: | run: |
cd demos/deployment cd demos/deployment
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
./deploy_image_test.sh ubuntu18.04 ./deploy_image_test.sh ubuntu18.04
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
DEVICE_OPTION="-v /dev/sgx:/dev/sgx" ./deploy_image_test.sh ubuntu18.04
else
echo "Unsupported Hardware"
exit 1
fi;
- name: Clean the environment - name: Clean the environment
if: ${{ always() }} if: ${{ always() }}
run: docker stop ubuntu18.04_deploy_test run: |
docker stop ubuntu18.04_deploy_test
docker rm -f ubuntu18.04_deploy_test
# Tensorflow_serving requires binary tensorflow_serving PIC, here we compile tensorflow_model_server before workflow
Tensorflow_serving_test:
if: github.event_name == 'push' || ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
runs-on: ${{ matrix.self_runner }}
strategy:
matrix:
# Tensorflow serving test requires AVX512 instruction support. Only the SGX2-HW machine has support for that.
self_runner: [[self-hosted, SGX2-HW]]
steps:
- name: Clean before running
run: |
sudo chown -R ${{ secrets.CI_ADMIN }} "${{ github.workspace }}"
- name: Checkout code
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: true
- name: Checkout code from fork
if: ${{ contains(github.event.pull_request.labels.*.name, 'SGX-hardware-test-required') }}
uses: actions/checkout@v2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
submodules: true
- name: Create container
run: |
docker pull occlumbackup/occlum:latest-ubuntu18.04-tf_serving
if [[ "${{ matrix.self_runner[1] }}" == "SGX1-HW" ]]; then
tf_serving_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host --device /dev/isgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-tf_serving);
elif [[ "${{ matrix.self_runner[1] }}" == "SGX2-HW" ]]; then
tf_serving_test=$(docker run -itd --privileged --rm --env CARGO_HTTP_MULTIPLEXING=false --net host -v /dev/sgx:/dev/sgx -v $GITHUB_WORKSPACE:/root/occlum occlumbackup/occlum:latest-ubuntu18.04-tf_serving);
else
echo "Unsupported Hardware"
fi;
echo "tf_serving_test=$tf_serving_test" >> $GITHUB_ENV
- name: Change download source of crates.io
run: |
docker exec $tf_serving_test bash -c "cat <<- EOF >/root/.cargo/config
[source.crates-io]
registry = \"https://github.com/rust-lang/crates.io-index\"
replace-with = 'ustc'
[source.ustc]
registry = \"git://mirrors.ustc.edu.cn/crates.io-index\"
EOF"
- name: Build dependencies
run: docker exec $tf_serving_test bash -c "cd /root/occlum; make submodule"
- name: Make install
run: docker exec $tf_serving_test bash -c "source /opt/intel/sgxsdk/environment; cd /root/occlum; OCCLUM_RELEASE_BUILD=1 make install"
- name: Move dependencies to current demo
run: docker exec $tf_serving_test bash -c "mv /root/tensorflow_model_server /root/occlum/demos/tensorflow/tensorflow_serving; mv /root/resnet50-v15-fp32 /root/occlum/demos/tensorflow/tensorflow_serving"
- name: Generate SSL
run: docker exec $tf_serving_test bash -c "cd /root/occlum/demos/tensorflow/tensorflow_serving; ./generate_ssl_config.sh localhost"
- name: Run tf_serving server
run: docker exec $tf_serving_test bash -c "cd /root/occlum/demos/tensorflow/tensorflow_serving; ./run_occlum_tf_serving.sh"
- name: Run tf_serving client
run: |
sleep 120;
docker exec $tf_serving_test bash -c "cd /root/occlum/demos/tensorflow/tensorflow_serving/client; ./benchmark.sh python3 localhost:8500 ../ssl_configure/server.crt"
- name: Clean the environment
if: ${{ always() }}
run: docker stop $tf_serving_test

2
demos/deployment/deploy_image_test.sh
View File

@ -7,7 +7,9 @@ if [[ $1 != "ubuntu18.04" && $1 != "centos8.2" ]]; then
fi fi
OS=$1 OS=$1
if [ -z "$DEVICE_OPTION" ]; then
DEVICE_OPTION="--device /dev/isgx" DEVICE_OPTION="--device /dev/isgx"
fi
docker build -f Dockerfile_template."$OS" -t test-package:"$OS" . docker build -f Dockerfile_template."$OS" -t test-package:"$OS" .
name="$OS"_deploy_test name="$OS"_deploy_test