work in progress: No native runtime for docker

AmozPay · AmozPay · commit f6b575a72581 · 2022-10-28T09:40:08.000Z
diff --git a/.gitignore b/.gitignore
@@ -13,6 +13,8 @@ __pycache__
 /pydantic/
 node_modules
 *.squashfs
+.vscode
+rootfs/
 /examples/example_http_rust/target/
 /examples/example_django/static/admin/
 /runtimes/aleph-debian-11-python/rootfs/
diff --git a/docker/vm_supervisor-dev-docker.dockerfile b/docker/vm_supervisor-dev-docker.dockerfile
@@ -0,0 +1,50 @@
+# This is mainly a copy of the installation instructions from [vm_supervisor/README.md]
+
+FROM debian:bullseye
+
+RUN apt-get update && apt-get -y upgrade && apt-get install -y \
+    sudo acl curl squashfs-tools git \
+    python3 python3-aiohttp python3-msgpack python3-pip python3-aiodns python3-aioredis  \
+    python3-psutil python3-setproctitle python3-sqlalchemy python3-packaging \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN useradd jailman
+
+RUN mkdir /opt/firecracker
+RUN chown $(whoami) /opt/firecracker
+RUN curl -fsSL https://github.com/firecracker-microvm/firecracker/releases/download/v1.0.0/firecracker-v1.0.0-x86_64.tgz | tar -xz --directory /opt/firecracker
+RUN curl -fsSL -o /opt/firecracker/vmlinux.bin https://github.com/aleph-im/aleph-vm/releases/download/0.1.0/vmlinux.bin
+
+# Link binaries on version-agnostic paths:
+RUN ln /opt/firecracker/release-*/firecracker-v* /opt/firecracker/firecracker
+RUN ln /opt/firecracker/release-*/jailer-v* /opt/firecracker/jailer
+
+RUN pip3 install typing-extensions 'aleph-message>=0.1.19'
+
+RUN mkdir -p /var/lib/aleph/vm/jailer
+
+ENV PYTHONPATH /mnt
+
+# Networking only works in privileged containers
+ENV ALEPH_VM_ALLOW_VM_NETWORKING False
+ENV ALEPH_VM_NETWORK_INTERFACE "tap0"
+# Jailer does not work in Docker containers
+ENV ALEPH_VM_USE_JAILER False
+# Use fake test data
+ENV ALEPH_VM_FAKE_DATA True
+# Allow connections from host
+ENV ALEPH_VM_SUPERVISOR_HOST "0.0.0.0"
+
+# Make it easy to enter this command from a shell script
+RUN echo "python3 -m vm_supervisor --print-settings --very-verbose --system-logs --profile -f ./examples/example_docker_container > log.txt 2>&1"  >> /root/.bash_history
+
+RUN mkdir /opt/aleph-vm/
+COPY ./vm_supervisor /opt/aleph-vm/vm_supervisor
+COPY ./firecracker /opt/aleph-vm/firecracker
+COPY ./guest_api /opt/aleph-vm/guest_api
+COPY ./examples /opt/aleph-vm/examples
+COPY ./runtimes /opt/aleph-vm/runtimes
+
+WORKDIR /opt/aleph-vm
+
+CMD "bash"
diff --git a/examples/example_docker_container/entrypoint.sh b/examples/example_docker_container/entrypoint.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+docker image ls
+docker run --rm -p 8080:8080 amozpay/hello_node
diff --git a/examples/message_from_aleph_docker_runtime.json b/examples/message_from_aleph_docker_runtime.json
@@ -0,0 +1,94 @@
+{
+    "_id": {
+        "$oid": "6080402d7f44efefd611dc1e"
+    },
+    "chain": "ETH",
+    "item_hash": "fake-hash-fake-hash-fake-hash-fake-hash-fake-hash-fake-hash-hash",
+    "sender": "0x9319Ad3B7A8E0eE24f2E639c40D8eD124C5520Ba",
+    "type": "PROGRAM",
+    "channel": "Fun-dApps",
+    "confirmed": true,
+    "content": {
+        "type": "vm-function",
+        "address": "0x9319Ad3B7A8E0eE24f2E639c40D8eD124C5520Ba",
+        "allow_amend": false,
+        "code": {
+            "encoding": "squashfs",
+            "entrypoint": "entrypoint.sh",
+            "ref": "7eb2eca2378ea8855336ed76c8b26219f1cb90234d04441de9cf8cb1c649d003",
+            "use_latest": false
+        },
+        "variables": {
+            "VM_CUSTOM_NUMBER": "32",
+            "DOCKER_MOUNTPOINT": "/opt/docker"
+        },
+        "on": {
+            "http": true,
+            "message": [
+                {
+                    "sender": "0xb5F010860b0964090d5414406273E6b3A8726E96",
+                    "channel": "TEST"
+                },
+                {
+                    "content": {
+                        "ref": "4d4db19afca380fdf06ba7f916153d0f740db9de9eee23ad26ba96a90d8a2920"
+                    }
+                }
+            ]
+        },
+        "environment": {
+            "reproducible": true,
+            "internet": true,
+            "aleph_api": true,
+            "shared_cache": true
+        },
+        "resources": {
+            "vcpus": 1,
+            "memory": 512,
+            "seconds": 30
+        },
+        "runtime": {
+            "ref": "5f31b0706f59404fad3d0bff97ef89ddf24da4761608ea0646329362c662ba51",
+            "use_latest": false,
+            "comment": "Aleph Alpine Linux with Python 3.8"
+        },
+        "volumes": [
+            {
+                "mount": "/opt/docker",
+                "ref": "5f31b0706f59404fad3d0bff97ef89ddf24da4761608ea0646329362c662ba51",
+                "use_latest": false
+            },
+            {
+                "comment": "Working data persisted on the VM supervisor, not available on other nodes",
+                "mount": "/var/lib/example",
+                "name": "data",
+                "persistence": "host",
+                "size_mib": 5
+            }
+        ],
+        "data": {
+            "encoding": "zip",
+            "mount": "/data",
+            "ref": "7eb2eca2378ea8855336ed76c8b26219f1cb90234d04441de9cf8cb1c649d003",
+            "use_latest": false
+        },
+        "export": {
+            "encoding": "zip",
+            "mount": "/data"
+        },
+        "replaces": "0x9319Ad3B7A8E0eE24f2E639c40D8eD124C5520Ba",
+        "time": 1619017773.8950517
+    },
+    "item_content": "{\"type\": \"vm-function\", \"address\": \"0x9319Ad3B7A8E0eE24f2E639c40D8eD124C5520Ba\", \"allow_amend\": false, \"code\": {\"encoding\": \"squashfs\", \"entrypoint\": \"main:app\", \"ref\": \"7eb2eca2378ea8855336ed76c8b26219f1cb90234d04441de9cf8cb1c649d003\", \"use_latest\": false}, \"on\": {\"http\": true, \"message\": [{\"sender\": \"0xB31B787AdA86c6067701d4C0A250c89C7f1f29A5\", \"channel\": \"TEST\"}, {\"content\": {\"ref\": \"4d4db19afca380fdf06ba7f916153d0f740db9de9eee23ad26ba96a90d8a2920\"}}]}, \"environment\": {\"reproducible\": true, \"internet\": true, \"aleph_api\": true, \"shared_cache\": false}, \"resources\": {\"vcpus\": 1, \"memory\": 128, \"seconds\": 30}, \"runtime\": {\"ref\": \"5f31b0706f59404fad3d0bff97ef89ddf24da4761608ea0646329362c662ba51\", \"use_latest\": false, \"comment\": \"Aleph Alpine Linux with Python 3.8\"}, \"volumes\": [{\"mount\": \"/opt/venv\", \"ref\": \"5f31b0706f59404fad3d0bff97ef89ddf24da4761608ea0646329362c662ba51\", \"use_latest\": false}, {\"comment\": \"Working data persisted on the VM supervisor, not available on other nodes\", \"mount\": \"/var/lib/sqlite\", \"name\": \"database\", \"persistence\": \"host\", \"size_mib\": 5}], \"data\": {\"encoding\": \"zip\", \"mount\": \"/data\", \"ref\": \"7eb2eca2378ea8855336ed76c8b26219f1cb90234d04441de9cf8cb1c649d003\", \"use_latest\": false}, \"export\": {\"encoding\": \"zip\", \"mount\": \"/data\"}, \"replaces\": \"0x9319Ad3B7A8E0eE24f2E639c40D8eD124C5520Ba\", \"time\": 1619017773.8950517}",
+    "item_type": "inline",
+    "signature": "0x372da8230552b8c3e65c05b31a0ff3a24666d66c575f8e11019f62579bf48c2b7fe2f0bbe907a2a5bf8050989cdaf8a59ff8a1cbcafcdef0656c54279b4aa0c71b",
+    "size": 749,
+    "time": 1619017773.8950577,
+    "confirmations": [
+        {
+            "chain": "ETH",
+            "height": 12284734,
+            "hash": "0x67f2f3cde5e94e70615c92629c70d22dc959a118f46e9411b29659c2fce87cdc"
+        }
+    ]
+}
diff --git a/runtimes/aleph-docker/create_disk_image.sh b/runtimes/aleph-docker/create_disk_image.sh
@@ -0,0 +1,103 @@
+#!/bin/sh
+
+rm -f ./rootfs.squashfs
+
+set -euf
+
+rm -fr ./rootfs
+mkdir ./rootfs
+
+debootstrap --variant=minbase bullseye ./rootfs http://deb.debian.org/debian/
+
+chroot ./rootfs /bin/sh <<EOT
+
+set -euf
+
+apt-get install -y --no-install-recommends --no-install-suggests \
+  python3-minimal \
+  openssh-server \
+  socat libsecp256k1-0 \
+  \
+  python3-aiohttp python3-msgpack \
+  python3-setuptools \
+  python3-pip python3-cytoolz python3-pydantic \
+  iproute2 unzip \
+  curl\
+  docker.io\
+  cgroupfs-mount \
+  build-essential python3-dev
+pip3 install 'fastapi~=0.71.0'
+
+
+echo "Pip installing aleph-client"
+pip3 install 'aleph-client>=0.4.6' 'coincurve==15.0.0'
+
+# Compile all Python bytecode
+python3 -m compileall -f /usr/local/lib/python3.9
+
+echo "root:toor" | /usr/sbin/chpasswd
+
+mkdir -p /overlay
+
+# Set up a login terminal on the serial console (ttyS0):
+ln -s agetty /etc/init.d/agetty.ttyS0
+echo ttyS0 > /etc/securetty
+
+update-alternatives --set iptables /usr/sbin/iptables-legacy
+EOT
+# The docker service starts automatically on Debian based distributions. https://docs.docker.com/engine/install/debian/
+
+
+echo "PermitRootLogin yes" >> ./rootfs/etc/ssh/sshd_config
+
+echo -ne '{\n"storage-driver": "vfs"\n}\n' > ./rootfs/etc/docker/daemon.json
+rm -fr ./rootfs/var/lib/docker
+mkdir ./rootfs/var/lib/docker
+
+# Generate SSH host keys
+#systemd-nspawn -D ./rootfs/ ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key
+#systemd-nspawn -D ./rootfs/ ssh-keygen -q -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key
+#systemd-nspawn -D ./rootfs/ ssh-keygen -q -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
+#systemd-nspawn -D ./rootfs/ ssh-keygen -q -N "" -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
+
+cat <<EOT > ./rootfs/etc/inittab
+# /etc/inittab
+
+::sysinit:/sbin/init sysinit
+::sysinit:/sbin/init boot
+::wait:/sbin/init default
+
+# Set up a couple of getty's
+tty1::respawn:/sbin/getty 38400 tty1
+tty2::respawn:/sbin/getty 38400 tty2
+tty3::respawn:/sbin/getty 38400 tty3
+tty4::respawn:/sbin/getty 38400 tty4
+tty5::respawn:/sbin/getty 38400 tty5
+tty6::respawn:/sbin/getty 38400 tty6
+
+# Put a getty on the serial port
+ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100
+
+# Stuff to do for the 3-finger salute
+::ctrlaltdel:/sbin/reboot
+
+# Stuff to do before rebooting
+::shutdown:/sbin/init shutdown
+EOT
+
+# Reduce size
+rm -fr ./rootfs/root/.cache
+rm -fr ./rootfs/var/cache
+mkdir -p ./rootfs/var/cache/apt/archives/partial
+rm -fr ./rootfs/usr/share/doc
+rm -fr ./rootfs/usr/share/man
+rm -fr ./rootfs/var/lib/apt/lists/
+
+# Custom init
+rm -f ./rootfs/sbin/init
+cp ./init0.sh ./rootfs/sbin/init
+cp ./init1.py ./rootfs/root/init1.py
+chmod +x ./rootfs/sbin/init
+chmod +x ./rootfs/root/init1.py
+
+mksquashfs ./rootfs/ ./rootfs.squashfs
diff --git a/runtimes/aleph-docker/init0.sh b/runtimes/aleph-docker/init0.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -euf
+
+mount -t proc proc /proc -o nosuid,noexec,nodev
+
+log() {
+    echo "$(cat /proc/uptime | awk '{printf $1}')" '|S' "$@"
+}
+log "init0.sh is launching"
+
+# Switch root from read-only ext4 to to read-write overlay
+mkdir -p /overlay
+/bin/mount -t tmpfs -o noatime,mode=0755 tmpfs /overlay
+mkdir -p /overlay/root/rw /overlay/root/work
+/bin/mount -o noatime,lowerdir=/,upperdir=/overlay/root/rw,workdir=/overlay/root/work -t overlay "overlayfs:/overlay/root/rw" /mnt
+
+echo HERE
+stat -f -c %T /overlay/
+
+# Same for /var/lib/docker
+# /data
+
+# mkdir -p /overlay/docker/ro /overlay/docker/rw /overlay/docker/work
+# /bin/mount -o lowerdir=/opt/docker/ro,upperdir=/overlay/docker/rw,workdir=/overlay/docker/work -t overlay "overlayfs:/overlay/docker/rw" /var/lib
+
+
+mkdir -p /mnt/rom
+pivot_root /mnt /mnt/rom
+
+mount --move /rom/proc /proc
+mount --move /rom/dev /dev
+
+mkdir -p /dev/pts
+mkdir -p /dev/shm
+
+mount -t sysfs sys /sys -o nosuid,noexec,nodev
+mount -t tmpfs run /run -o mode=0755,nosuid,nodev
+#mount -t devtmpfs dev /dev -o mode=0755,nosuid
+mount -t devpts devpts /dev/pts -o mode=0620,gid=5,nosuid,noexec
+mount -t tmpfs shm /dev/shm -omode=1777,nosuid,nodev
+
+cgroupfs-mount
+# List block devices
+lsblk
+
+#cat /proc/sys/kernel/random/entropy_avail
+
+# TODO: Move in init1
+mkdir -p /run/sshd
+/usr/sbin/sshd &
+log "SSH UP"
+
+log "Setup socat"
+socat UNIX-LISTEN:/tmp/socat-socket,fork,reuseaddr VSOCK-CONNECT:2:53 &
+log "Socat ready"
+
+log "INIT 0 DONE"
+# Replace this script with the manager
+exec /root/init1.py
diff --git a/runtimes/aleph-docker/init1.py b/runtimes/aleph-docker/init1.py
diff --git a/runtimes/aleph-docker/update_inits.sh b/runtimes/aleph-docker/update_inits.sh
diff --git a/vm_supervisor/conf.py b/vm_supervisor/conf.py

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!/bin/sh`
	`2`	`+docker image ls`
	`3`	`+docker run --rm -p 8080:8080 amozpay/hello_node`