Skip to content

Commit

Permalink
cocokeyprovider: add support for daemonize
Browse files Browse the repository at this point in the history
Fixes #185

Signed-off-by: Xynnn007 <[email protected]>
  • Loading branch information
Xynnn007 authored and fitzthum committed Jan 11, 2024
1 parent f20d4b5 commit 07ff380
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 1 deletion.
10 changes: 10 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions attestation-agent/coco_keyprovider/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ anyhow.workspace = true
base64.workspace = true
clap = { workspace = true, features = ["derive"] }
ctr.workspace = true
daemonize = "0.5.0"
env_logger = "0.10.0"
futures = "0.3.5"
jwt-simple = "0.11.4"
Expand Down
32 changes: 31 additions & 1 deletion attestation-agent/coco_keyprovider/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,10 @@

use anyhow::*;
use clap::{arg, command, Parser};
use daemonize::Daemonize;
use log::*;
use std::{net::SocketAddr, path::PathBuf};
use std::{fs::File, net::SocketAddr, path::PathBuf};
use tokio::fs;

pub mod enc_mods;
pub mod grpc;
Expand All @@ -30,6 +32,15 @@ struct Cli {
/// will be automatically registered into the KBS.
#[arg(long)]
kbs: Option<String>,

/// Whether this process is launched in daemon mode. If it is set to
/// true, the stdio and stderr will be redirected to
/// `/run/confidential-containers/coco_keyprovider.out` and
/// `/run/confidential-containers/coco_keyprovider.err`.
/// The pid will be recorded in
/// `/run/confidential-containers/coco_keyprovider.pid`
#[arg(short, long, default_value = "false")]
daemon: bool,
}

#[tokio::main]
Expand All @@ -48,6 +59,25 @@ async fn main() -> Result<()> {
);
}

if cli.daemon {
fs::create_dir_all("/run/confidential-containers")
.await
.context("create coco run dir failed.")?;
let stdout = File::create("/run/confidential-containers/coco_keyprovider.out")
.context("create stdout redirect file failed.")?;
let stderr = File::create("/run/confidential-containers/coco_keyprovider.err")
.context("create stderr redirect file failed.")?;

let daemonize = Daemonize::new()
.pid_file("/run/confidential-containers/coco_keyprovider.pid")
.chown_pid_file(true)
.working_directory("/run/confidential-containers")
.stdout(stdout)
.stderr(stderr);

daemonize.start().context("daemonize failed")?;
}

grpc::start_service(cli.socket, cli.auth_private_key, cli.kbs).await?;

Ok(())
Expand Down

0 comments on commit 07ff380

Please sign in to comment.