Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC] Use Occlum configuration in yaml format in NGO #276

Open
qzheng527 opened this issue Jul 12, 2022 · 3 comments
Open

[RFC] Use Occlum configuration in yaml format in NGO #276

qzheng527 opened this issue Jul 12, 2022 · 3 comments

Comments

@qzheng527
Copy link
Contributor

  • Feature Name: Use Occlum configuration in yaml format
  • Start Date: 2022-7-12

Summary

Current Occlum/NGO use the json format configuration file Occlum.json which is not friendly to users.
Because json file neither support adding comment, nor pasing OS environments directly.
Yaml format could support both above, making the Occlum configuration more friendly and easy to use for users.

Motivation

Yaml format can support adding comment and pasing OS environments directly which makes the Occlum configuration more friendly and easy to use for users.

Guide-level explanation

With the the new introduced yaml format Occlum configuration file, nothing changed for the whole occlum build process but with minor changes described below.

  • After occlum new or occlum init, there is a default Occlum.yaml (with comments in line) in the occlum_instance instead of the old Occlum.json file.
  • Users could use yaml tool, such as yq to modify the configuration items in Occlum.yaml.
  • When doing occlum build, one extra step added in the building process which is converting the Occlum.yaml to internal Occlum.json at first, then all the building keeps the same with the internal Occlum.json. That is to say, in the Occlum internal building/booting process, json format configuration file is still used. But users don't and shouldn't touch them.

Reference-level explanation

This new yaml way described provides much better user experience, and keeps the same flow internally which introduces no changes in LibOS but minor changes in building.

Drawbacks

Most demos should be updated to adapt to the new yaml configuration.
For NGO, I think it is acceptable since no NGO formal release till now.
We can still support old json way by adding compatibility check as below:
(although I doubt if it is necessary for NGO).

  • If there is Occlum.json in occlum_instance, then just use it instead of creating new Occlum.yaml.
@liqinggd
Copy link

Can the Occlum.yaml file accepts the bom file as one part of it. Users just write one file, then all the things can be done.

@qzheng527
Copy link
Contributor Author

Can the Occlum.yaml file accepts the bom file as one part of it. Users just write one file, then all the things can be done.

@liqinggd I remembered we dicussed this before.
The conclusion at that time was keeping the two yaml files seperated could give more flexibility.
Also, yaml by nature couldn't support "include".
But you provided a very good point, what exactly does NGO configuration shall be provided to users?

The same with Occlum.json but just with comments in line

# Resource limits
resource_limits:
  # The heap size of LibOS kernel
  kernel_space_heap_size: 32MB
  # The stack size of LibOS kernel
  kernel_space_stack_size: 1MB
  # The total size of enclave memory available to LibOS processes
  user_space_size: 256MB
  # min_num_of_cpus + 1 = TCSMinPool, which is the minimum number 
  # of available TCS at any time in the life cycle of an enclave 
  min_num_of_cpus: 1
  # max_num_of_cpus * 2 = TCSMaxNum, which is the maximum number 
  # of available TCS at any time in the life cycle of an enclave
  max_num_of_cpus: 128
...

This way keeps all items open and users can do what they want to modify.

All items are commented unless users uncommented it intentionally, otherwise use the ones from template.

# Resource limits
# resource_limits:
#   # The heap size of LibOS kernel
#   kernel_space_heap_size: 32MB
#   # The stack size of LibOS kernel
#   kernel_space_stack_size: 1MB
#   # The total size of enclave memory available to LibOS processes
#   user_space_size: 256MB
#   # min_num_of_cpus + 1 = TCSMinPool, which is the minimum number 
#   # of available TCS at any time in the life cycle of an enclave 
#   min_num_of_cpus: 1
#   # max_num_of_cpus * 2 = TCSMaxNum, which is the maximum number 
#   # of available TCS at any time in the life cycle of an enclave
#   max_num_of_cpus: 128
...

@guzongmin
Copy link
Contributor

The configuration file should align with the Occlum build process. I draw my ideal build process below.
image
It is the integrity-check-only mode. The diagram needs some changes when using the encrypted mode, working on SGX1 HW, or lazy-bind root FS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@qzheng527 @liqinggd @guzongmin