Merge pull request #96 from NillionNetwork/feat/improved_attestation_verification

feat: Improved attestation verification flows

Author: jcabrero

.env.ci

@@ -14,6 +14,11 @@ NILAI_GUNICORN_WORKERS = 10
 # - Do not put "https://" or "http://" in the domain name or / at the end
 NILAI_SERVER_DOMAIN = "localhost"
 
+# Attestation Config
+ATTESTATION_HOST = "attestation"
+ATTESTATION_PORT = 8080
+
+
 
 # Postgres Docker Compose Config
 POSTGRES_HOST = "postgres"

.env.sample

@@ -13,6 +13,9 @@ NILAI_GUNICORN_WORKERS = 10
 # - Do not put "https://" or "http://" in the domain name or / at the end
 NILAI_SERVER_DOMAIN = "localhost"
 
+# Attestation Config
+ATTESTATION_HOST = "attestation"
+ATTESTATION_PORT = 8080
 
 # Postgres Docker Compose Config
 POSTGRES_HOST = "postgres"

.github/workflows/ci.yml

@@ -99,6 +99,9 @@ jobs:
       - name: Build vllm
         run: docker build -t nillion/nilai-vllm:latest -f docker/vllm.Dockerfile .
 
+      - name: Build attestation
+        run: docker build -t nillion/nilai-attestation:latest -f docker/attestation.Dockerfile .
+
       - name: Build nilal API
         run: docker build -t nillion/nilai-api:latest -f docker/api.Dockerfile --target nilai .
 

README.md

@@ -26,6 +26,8 @@ nilAI is a platform designed to run on Confidential VMs with Trusted Execution E
 
 #### Development Environment
 ```shell
+# Build nilai_attestation endpoint
+docker build -t nillion/nilai-attestation:latest -f docker/attestation.Dockerfile .
 # Build vLLM docker container
 docker build -t nillion/nilai-vllm:latest -f docker/vllm.Dockerfile .
 # Build nilai_api container
@@ -50,6 +52,8 @@ docker compose -f docker-compose.yml \
 
 #### Production Environment
 ```shell
+# Build nilai_attestation endpoint
+docker build -t nillion/nilai-attestation:latest -f docker/attestation.Dockerfile .
 # Build vLLM docker container
 docker build -t nillion/nilai-vllm:latest -f docker/vllm.Dockerfile .
 # Build nilai_api container
@@ -68,6 +72,8 @@ up -d
 #### Testing Without GPU
 
 ```shell
+# Build nilai_attestation endpoint
+docker build -t nillion/nilai-attestation:latest -f docker/attestation.Dockerfile .
 # Build vLLM docker container
 docker build -t nillion/nilai-vllm:latest -f docker/vllm.Dockerfile .
 # Build nilai_api container
@@ -77,7 +83,7 @@ To deploy:
 ```shell
 docker compose -f docker-compose.yml \
 -f docker-compose.dev.yml \
--f docker/compose/docker-compose.llama-1b-gpu.yml \
+-f docker/compose/docker-compose.llama-1b-cpu.yml \
 up -d
 ```
 

caddy/Caddyfile

@@ -18,6 +18,6 @@
 	}
 
 	handle {
-		reverse_proxy api:8443
+		reverse_proxy api:8080
 	}
  }

docker-compose.dev.macos.yml

@@ -3,9 +3,15 @@ services:
     platform: linux/amd64
     ports:
       - "8080:8080"
-      - "8443:8443"
     volumes:
       - ./nilai-api/:/app/nilai-api/
+      - ./packages/:/app/packages/
+  attestation:
+    ports:
+      - "8081:8080"
+    volumes:
+      - ./nilai-attestation/:/app/nilai-attestation/
+      - ./packages/:/app/packages/
   redis:
     ports:
       - "6379:6379"

docker-compose.dev.yml

@@ -2,10 +2,15 @@ services:
   api:
     ports:
       - "8080:8080"
-      - "8443:8443"
     volumes:
       - ./nilai-api/:/app/nilai-api/
       - ./packages/:/app/packages/
+  attestation:
+    ports:
+      - "8081:8080"
+    volumes:
+      - ./nilai-attestation/:/app/nilai-attestation/
+      - ./packages/:/app/packages/
   redis:
     ports:
       - "6379:6379"

docker-compose.prod.yml

@@ -1,5 +1,5 @@
 services:
-  api:
+  attestation:
     deploy:
       resources:
         reservations:

docker-compose.yml

@@ -4,6 +4,7 @@ services:
     environment:
       - ALLOW_NONE_AUTHENTICATION=yes
       - ETCD_ADVERTISE_CLIENT_URLS=http://etcd:2379
+    restart: unless-stopped
     healthcheck:
       test: ["CMD", "etcdctl", "endpoint", "health"]
       interval: 10s
@@ -16,6 +17,7 @@ services:
     image: 'redis:latest'
     networks:
       - frontend_net
+    restart: unless-stopped
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
       interval: 30s
@@ -126,6 +128,20 @@ services:
       retries: 3
       start_period: 15s
       timeout: 10s
+  attestation:
+    image: nillion/nilai-attestation:latest
+    restart: unless-stopped
+    networks:
+      - backend_net
+    env_file:
+      - .env
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
+      interval: 30s
+      retries: 3
+      start_period: 15s
+      timeout: 10s
+
   caddy:
     image: caddy:latest
     container_name: caddy

docker/README.md

@@ -7,7 +7,6 @@ docker build -t nillion/nilai-api:latest -f docker/api.Dockerfile .
 
  docker run -it --rm \
  -p 8080:8080 \
- -p 8443:8443 \
  -v hugging_face_models:/root/.cache/huggingface \
  -v $(pwd)/db/users.sqlite:/app/db/users.sqlite \
  nillion/nilai-api:latest
@@ -34,4 +33,4 @@ docker run -d --name etcd-server \
     --env ALLOW_NONE_AUTHENTICATION=yes \
     --env ETCD_ADVERTISE_CLIENT_URLS=http://etcd-server:2379 \
     bitnami/etcd:latest
-```
+```