CCF
CCF copied to clipboard
microsoft
The result is different when using sandbox.sh and using cmd
Describe the bug
We missed some files such as 0.pem when using sandbox.sh to start CCF Node. But it worked when we use the same command line to run. Could you give us some idea to solve this problem?
To Reproduce Print the cmd var in remote.py and run it manually.
Expected behavior Generate files such as 0.pem
Environment information commit https://github.com/microsoft/CCF/commit/b21c981044d4674750d6cdd16dbf76c6f78bcce6 ccf-3.0.0-dev1 Linux 0ed7cf5f0771 5.10.60-9.al8.x86_64 https://github.com/microsoft/CCF/pull/1 SMP Mon Sep 6 21:30:37 CST 2021 x86_64 x86_64 x86_64 GNU/Linux
LINUX KERNEL WITH BUILT-IN SGX SUPPORT (5.11+):
5.10.60-9.al8.x86_64
AESM DAEMON:
Not running
PSW INFO:
libsgx-ae-id-enclave/unknown,now 1.14.100.3-focal1 amd64 [installed,automatic]
libsgx-ae-pce/unknown,now 2.17.100.3-focal1 amd64 [installed]
libsgx-ae-qe3/unknown,now 1.14.100.3-focal1 amd64 [installed]
libsgx-ae-qve/unknown,now 1.14.100.3-focal1 amd64 [installed]
libsgx-dcap-ql-dev/unknown,now 1.14.100.3-focal1 amd64 [installed]
libsgx-dcap-ql/unknown,now 1.14.100.3-focal1 amd64 [installed]
libsgx-enclave-common/unknown,now 2.17.100.3-focal1 amd64 [installed]
libsgx-headers/unknown,now 2.17.100.3-focal1 amd64 [installed,automatic]
libsgx-pce-logic/unknown,now 1.14.100.3-focal1 amd64 [installed]
libsgx-qe3-logic/unknown,now 1.14.100.3-focal1 amd64 [installed]
libsgx-quote-ex/unknown,now 2.17.100.3-focal1 amd64 [installed]
libsgx-urts/unknown,now 2.17.100.3-focal1 amd64 [installed]
DCAP CLIENT INFO:
az-dcap-client/now 1.11.2 amd64 [installed,upgradable to: 1.11.2]
SGX INFO:
CPU supports SGX_FLC:Flexible Launch Control
CPU supports Software Guard Extensions:SGX2
SGX1
MaxEnclaveSize_64: 2^(56)
CPU supports Key Sharing & Separation (KSS): true
EPC size on the platform: 33285996544
This is the output by using sandbox.sh
2022-07-22T08:10:06.470185Z 100 [info ] ../src/host/main.cpp:108 | CCF version: ccf-2.0.0-rc1-285-gb21c9810
2022-07-22T08:10:06.470239Z 100 [info ] ../src/host/main.cpp:117 | Check Ethereum Gateway
2022-07-22T08:10:06.470250Z 100 [info ] ../src/host/main.cpp:123 | Gateway endpoint: 127.0.0.1:8545
2022-07-22T08:10:06.771433Z 100 [info ] ../src/host/main.cpp:159 | Recovery threshold unset. Defaulting to number of initial consortium members with a public encryption key (1).
2022-07-22T08:10:07.211706Z 100 [info ] ../CCF/src/host/ledger.h:1021 | Recovered ledger entries up to 0, committed to 0
2022-07-22T08:10:07.211815Z 100 [info ] ../CCF/src/host/socket.h:45 | TCP Node Server listening on 127.0.0.1:44259
2022-07-22T08:10:07.211889Z 100 [info ] ../src/host/main.cpp:337 | Registering RPC interface primary_rpc_interface, on tcp 127.0.0.1:8000
2022-07-22T08:10:07.211904Z 100 [info ] ../CCF/src/host/socket.h:45 | TCP RPC Client listening on 127.0.0.1:8000
2022-07-22T08:10:07.211911Z 100 [info ] ../src/host/main.cpp:348 | Registered RPC interface primary_rpc_interface, on tcp 127.0.0.1:8000
2022-07-22T08:10:07.211961Z 100 [info ] ../src/host/main.cpp:417 | Startup host time: 2022-07-22 08:10:07
2022-07-22T08:10:07.212082Z 100 [info ] ../src/host/main.cpp:465 | Creating new node: new network (with 1 initial member(s) and 1 member(s) required for recovery)
2022-07-22T08:10:07.212088Z 100 [info ] ../src/host/main.cpp:539 | Initialising enclave: enclave_create_node
2022-07-22T08:10:07.312432Z 0 [info ] ./CCF/src/enclave/rpc_sessions.h:223 | Setting max open sessions on interface "primary_rpc_interface" (127.0.0.1:8000) to [1000, 1010] and endorsement authority to Service
2022-07-22T08:10:07.312457Z 0 [info ] ../CCF/src/node/node_state.h:1862 | Node TLS connections now accepted
And this is the output by using command line
2022-07-22T08:11:08.721549Z 100 [info ] ../src/host/main.cpp:108 | CCF version: ccf-2.0.0-rc1-285-gb21c9810
2022-07-22T08:11:08.721601Z 100 [info ] ../src/host/main.cpp:117 | Check Ethereum Gateway
2022-07-22T08:11:08.721615Z 100 [info ] ../src/host/main.cpp:123 | Gateway endpoint: 127.0.0.1:8545
2022-07-22T08:11:09.022790Z 100 [info ] ../src/host/main.cpp:159 | Recovery threshold unset. Defaulting to number of initial consortium members with a public encryption key (1).
2022-07-22T08:11:09.468343Z 100 [info ] ../CCF/src/host/ledger.h:1021 | Recovered ledger entries up to 0, committed to 0
2022-07-22T08:11:09.468376Z 100 [info ] ../CCF/src/host/snapshots.h:216 | Snapshots will be stored in existing directory: "0.snapshots"
2022-07-22T08:11:09.468386Z 100 [info ] ./CCF/src/host/lfs_file_handler.h:23 | Clearing contents from existing directory ".index"
2022-07-22T08:11:09.468521Z 100 [info ] ../CCF/src/host/socket.h:45 | TCP Node Server listening on 127.0.0.1:45521
2022-07-22T08:11:09.468617Z 100 [info ] ../src/host/main.cpp:337 | Registering RPC interface primary_rpc_interface, on tcp 127.0.0.1:8000
2022-07-22T08:11:09.468636Z 100 [info ] ../CCF/src/host/socket.h:45 | TCP RPC Client listening on 127.0.0.1:8000
2022-07-22T08:11:09.468642Z 100 [info ] ../src/host/main.cpp:348 | Registered RPC interface primary_rpc_interface, on tcp 127.0.0.1:8000
2022-07-22T08:11:09.468697Z 100 [info ] ../src/host/main.cpp:417 | Startup host time: 2022-07-22 08:11:09
2022-07-22T08:11:09.468822Z 100 [info ] ../src/host/main.cpp:465 | Creating new node: new network (with 1 initial member(s) and 1 member(s) required for recovery)
2022-07-22T08:11:09.468828Z 100 [info ] ../src/host/main.cpp:539 | Initialising enclave: enclave_create_node
2022-07-22T08:11:09.669007Z 0 [info ] ./CCF/src/enclave/rpc_sessions.h:223 | Setting max open sessions on interface "primary_rpc_interface" (127.0.0.1:8000) to [1000, 1010] and endorsement authority to Service
2022-07-22T08:11:09.669036Z 0 [info ] ../CCF/src/node/node_state.h:1862 | Node TLS connections now accepted
Azure Quote Provider: libdcap_quoteprov.so [ERROR]: Could not retrieve environment variable for 'AZDCAP_DEBUG_LOG_LEVEL'
2022-07-22T08:11:11.369996Z 0 [info ] ../CCF/src/consensus/aft/raft.h:1862 | Becoming leader n[df8084eb08caaf28720675621d24d2fd3b5a6ab28b7d63584da80c47e08f8a21]: 2
2022-07-22T08:11:11.370031Z 0 [info ] CF/src/node/rpc/node_frontend.h:1416 | Created service
2022-07-22T08:11:11.370163Z 0 [info ] ../CCF/src/node/node_state.h:419 | Created new node n[df8084eb08caaf28720675621d24d2fd3b5a6ab28b7d63584da80c47e08f8a21]
2022-07-22T08:11:11.370203Z 100 [info ] ../src/host/main.cpp:573 | Created new node
2022-07-22T08:11:11.370313Z 100 [info ] ../src/host/main.cpp:579 | Output self-signed node certificate to 0.pem
2022-07-22T08:11:11.370366Z 100 [info ] ../src/host/main.cpp:586 | Output service certificate to service_cert.pem
2022-07-22T08:11:11.370372Z 100 [info ] ../src/host/main.cpp:605 | Starting enclave thread(s)
2022-07-22T08:11:11.370399Z 100 [info ] ../src/host/main.cpp:613 | Entering event loop
2022-07-22T08:11:11.371486Z 0 [info ] ../src/enclave/main.cpp:329 | Starting thread: 0
2022-07-22T08:11:11.371493Z 0 [info ] ../src/enclave/main.cpp:335 | All threads are ready!
2022-07-22T08:11:12.429115Z -0.003 0 [info ] ../CCF/src/consensus/aft/raft.h:571 | Election timer has become active
2022-07-22T08:11:12.429159Z -0.003 0 [info ] ../CCF/src/node/node_state.h:1876 | Network TLS connections now accepted
@thempp66 You can add a -v (--verbose) argument to sandbox.sh, and it will print the commands it runs (amongst other things). This will show all of the setup done by the sandbox infra (creating a workspace directory, copying the sample constitution, creating test members for the sandbox service), and eventually the command it uses to start cchost (from the logging command just below the print you added):
$ /opt/ccf/bin/sandbox.sh -v
Setting up Python environment...
...
13:01:50.929 | INFO | infra.remote:start:484 - [127.0.0.1] cd /data/src/1.CCF/build.debug/workspace/sandbox_0 && ./cchost --config /data/src/1.CCF/build.debug/workspace/sandbox_common/0.config.json 1> /data/src/1.CCF/build.debug/workspace/sandbox_0/out 2> /data/src/1.CCF/build.debug/workspace/sandbox_0/err (env: {})
The only differences I can see between the instance you ran by copying and pasting and this command run by sandbox.sh are the working directory, and the environment variables. The sandbox infra runs each node within its own directory in the workspace (build/workspace/sandbox_0/), whereas by copying and pasting just the command you are running it in the root build/ directory. This is why the 0.pem file generated by running cchost is at build/0.pem, rather than build/workspace/sandbox_0/0.pem. The environment variables generally shouldn't make a difference, but if you see any error related to those you may want to make sure the env you use when invoking cchost manually matches the env set by the sandbox infra.
@thempp66 You can add a
-v(--verbose) argument tosandbox.sh, and it will print the commands it runs (amongst other things). This will show all of the setup done by the sandbox infra (creating a workspace directory, copying the sample constitution, creating test members for the sandbox service), and eventually the command it uses to startcchost(from the logging command just below the print you added):$ /opt/ccf/bin/sandbox.sh -v Setting up Python environment... ... 13:01:50.929 | INFO | infra.remote:start:484 - [127.0.0.1] cd /data/src/1.CCF/build.debug/workspace/sandbox_0 && ./cchost --config /data/src/1.CCF/build.debug/workspace/sandbox_common/0.config.json 1> /data/src/1.CCF/build.debug/workspace/sandbox_0/out 2> /data/src/1.CCF/build.debug/workspace/sandbox_0/err (env: {})The only differences I can see between the instance you ran by copying and pasting and this command run by
sandbox.share the working directory, and the environment variables. The sandbox infra runs each node within its own directory in the workspace (build/workspace/sandbox_0/), whereas by copying and pasting just the command you are running it in the rootbuild/directory. This is why the0.pemfile generated by runningcchostis atbuild/0.pem, rather thanbuild/workspace/sandbox_0/0.pem. The environment variables generally shouldn't make a difference, but if you see any error related to those you may want to make sure the env you use when invokingcchostmanually matches the env set by the sandbox infra.
Thanks for your help. I notice that my system environment variables is reset by popen(CCF/tests/infra/remote.py:492) I need to set SGX_AESM_ADDR=1(which is already set in runtime environment variables by export command). So, is there any suggestions I can use to pass value for setting env in a friendly way? Or let the environment variables work? @eddyashton
@thempp66 you would need to modify the testing infra itself. The current logic deliberately does not propagate external environment variables to make tests as deterministic as possible.
Sorry for the late answer, I assume this is no longer a ongoing concern, and so I am closing the ticket.
@thempp66 you would need to modify the testing infra itself. The current logic deliberately does not propagate external environment variables to make tests as deterministic as possible.
Sorry for the late answer, I assume this is no longer a ongoing concern, and so I am closing the ticket.
OK, thanks!