Introduce CLI for a configurable data-dir

core-primitives/enclave-api/ffi/src/lib.rs

@@ -25,6 +25,8 @@ extern "C" {
 		mu_ra_addr_size: u32,
 		untrusted_worker_addr: *const u8,
 		untrusted_worker_addr_size: u32,
+		encoded_base_dir_str: *const u8,
+		encoded_base_dir_size: u32,
 	) -> sgx_status_t;
 
 	pub fn init_enclave_sidechain_components(

core-primitives/enclave-api/src/enclave_base.rs

@@ -33,7 +33,12 @@ use sp_core::ed25519;
 /// Trait for base/common Enclave API functions
 pub trait EnclaveBase: Send + Sync + 'static {
 	/// Initialize the enclave (needs to be called once at application startup).
-	fn init(&self, mu_ra_addr: &str, untrusted_worker_addr: &str) -> EnclaveResult<()>;
+	fn init(
+		&self,
+		mu_ra_addr: &str,
+		untrusted_worker_addr: &str,
+		base_dir: &str,
+	) -> EnclaveResult<()>;
 
 	/// Initialize the enclave sidechain components.
 	fn init_enclave_sidechain_components(&self) -> EnclaveResult<()>;
@@ -67,11 +72,17 @@ pub trait EnclaveBase: Send + Sync + 'static {
 
 /// EnclaveApi implementation for Enclave struct
 impl EnclaveBase for Enclave {
-	fn init(&self, mu_ra_addr: &str, untrusted_worker_addr: &str) -> EnclaveResult<()> {
+	fn init(
+		&self,
+		mu_ra_addr: &str,
+		untrusted_worker_addr: &str,
+		base_dir: &str,
+	) -> EnclaveResult<()> {
 		let mut retval = sgx_status_t::SGX_SUCCESS;
 
 		let encoded_mu_ra_addr = mu_ra_addr.encode();
 		let encoded_untrusted_worker_addr = untrusted_worker_addr.encode();
+		let encoded_base_dir = base_dir.encode();
 
 		let result = unsafe {
 			ffi::init(
@@ -81,6 +92,8 @@ impl EnclaveBase for Enclave {
 				encoded_mu_ra_addr.len() as u32,
 				encoded_untrusted_worker_addr.as_ptr(),
 				encoded_untrusted_worker_addr.len() as u32,
+				encoded_base_dir.as_ptr(),
+				encoded_base_dir.len() as u32,
 			)
 		};
 

enclave-runtime/Enclave.edl

@@ -39,7 +39,8 @@ enclave {
 		/* define ECALLs here. */
 		public sgx_status_t init(
 			[in, size=mu_ra_addr_size] uint8_t* mu_ra_addr, uint32_t mu_ra_addr_size,
-			[in, size=untrusted_worker_addr_size] uint8_t* untrusted_worker_addr, uint32_t untrusted_worker_addr_size
+			[in, size=untrusted_worker_addr_size] uint8_t* untrusted_worker_addr, uint32_t untrusted_worker_addr_size,
+			[in, size=encoded_base_dir_size] uint8_t* encoded_base_dir_str, uint32_t encoded_base_dir_size
 		);
 
 		public sgx_status_t init_enclave_sidechain_components();

enclave-runtime/src/lib.rs

@@ -106,19 +106,12 @@ pub unsafe extern "C" fn init(
 	mu_ra_addr_size: u32,
 	untrusted_worker_addr: *const u8,
 	untrusted_worker_addr_size: u32,
+	encoded_base_dir_str: *const u8,
+	encoded_base_dir_size: u32,
 ) -> sgx_status_t {
 	// Initialize the logging environment in the enclave.
 	env_logger::init();
 
-	// Todo: This will be changed to be a param of the `init` ecall:
-	// https://github.com/integritee-network/worker/issues/1292
-	//
-	// Until the above task is finished, we just fall back to the
-	// static behaviour, which uses the PWD already.
-	let pwd = std::env::current_dir().expect("Works on all supported platforms; qed");
-	info!("Setting base_dir to pwd: {}", pwd.display());
-	BASE_PATH.set(pwd.clone()).expect("We only init this once here; qed.");
-
 	let mu_ra_url =
 		match String::decode(&mut slice::from_raw_parts(mu_ra_addr, mu_ra_addr_size as usize))
 			.map_err(Error::Codec)
@@ -137,7 +130,21 @@ pub unsafe extern "C" fn init(
 		Err(e) => return e.into(),
 	};
 
-	match initialization::init_enclave(mu_ra_url, untrusted_worker_url, pwd) {
+	let base_dir = match String::decode(&mut slice::from_raw_parts(
+		encoded_base_dir_str,
+		encoded_base_dir_size as usize,
+	))
+	.map_err(Error::Codec)
+	{
+		Ok(b) => b,
+		Err(e) => return e.into(),
+	};
+
+	info!("Setting base_dir to {}", base_dir);
+	let path = PathBuf::from(base_dir);
+	BASE_PATH.set(path.clone()).expect("We only init this once here; qed.");
+
+	match initialization::init_enclave(mu_ra_url, untrusted_worker_url, path) {
 		Err(e) => e.into(),
 		Ok(()) => sgx_status_t::SGX_SUCCESS,
 	}

local-setup/config/one-worker.json

@@ -30,7 +30,9 @@
         "2001",
         "-h",
         "4545",
-        "--ws-external"
+        "--ws-external",
+        "--data-dir",
+        "/tmp/data-dir"
       ],
       "subcommand_flags": [
         "--skip-ra",

local-setup/config/two-workers.json

@@ -30,7 +30,9 @@
         "2001",
         "-h",
         "4545",
-        "--ws-external"
+        "--ws-external",
+        "--data-dir",
+        "/tmp/data-dir"
       ],
       "subcommand_flags": [
         "--skip-ra",
@@ -51,7 +53,9 @@
         "3001",
         "-h",
         "4546",
-        "--ws-external"
+        "--ws-external",
+        "--data-dir",
+        "/tmp/data-dir"
       ],
       "subcommand_flags": [
         "--skip-ra",

service/src/cli.yml

@@ -19,11 +19,16 @@ args:
         takes_value: true
         default_value: "ws://127.0.0.1"
     - node-port:
-        short: p
-        long: node-port
-        help: Set the websocket port to listen for substrate events
-        takes_value: true
-        default_value: "9944"
+          short: p
+          long: node-port
+          help: Set the websocket port to listen for substrate events
+          takes_value: true
+          default_value: "9944"
+    - data-dir:
+          short: d
+          long: data-dir
+          help: Data dir where the worker stores it's keys and other data.
+          takes_value: true
     - ws-external:
         long: ws-external
         help: Set this flag in case the worker should listen to external requests.

service/src/config.rs

@@ -19,7 +19,11 @@ use clap::ArgMatches;
 use itc_rest_client::rest_client::Url;
 use parse_duration::parse;
 use serde::{Deserialize, Serialize};
-use std::time::Duration;
+use std::{
+	fs,
+	path::{Path, PathBuf},
+	time::Duration,
+};
 
 static DEFAULT_NODE_SERVER: &str = "ws://127.0.0.1";
 static DEFAULT_NODE_PORT: &str = "9944";
@@ -31,29 +35,31 @@ static DEFAULT_UNTRUSTED_HTTP_PORT: &str = "4545";
 
 #[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
 pub struct Config {
-	pub node_ip: String,
-	pub node_port: String,
-	pub worker_ip: String,
+	node_ip: String,
+	node_port: String,
+	worker_ip: String,
 	/// Trusted worker address that will be advertised on the parentchain.
-	pub trusted_external_worker_address: Option<String>,
+	trusted_external_worker_address: Option<String>,
 	/// Port to directly communicate with the trusted tls server inside the enclave.
-	pub trusted_worker_port: String,
+	trusted_worker_port: String,
 	/// Untrusted worker address that will be returned by the dedicated trusted ws rpc call.
-	pub untrusted_external_worker_address: Option<String>,
+	untrusted_external_worker_address: Option<String>,
 	/// Port to the untrusted ws of the validateer.
-	pub untrusted_worker_port: String,
+	untrusted_worker_port: String,
 	/// Mutual remote attestation address that will be returned by the dedicated trusted ws rpc call.
-	pub mu_ra_external_address: Option<String>,
+	mu_ra_external_address: Option<String>,
 	/// Port for mutual-remote attestation requests.
-	pub mu_ra_port: String,
+	mu_ra_port: String,
 	/// Enable the metrics server
-	pub enable_metrics_server: bool,
+	enable_metrics_server: bool,
 	/// Port for the metrics server
-	pub metrics_server_port: String,
+	metrics_server_port: String,
 	/// Port for the untrusted HTTP server (e.g. for `is_initialized`)
-	pub untrusted_http_port: String,
+	untrusted_http_port: String,
+	/// Data directory used by all the services.
+	data_dir: PathBuf,
 	/// Config of the 'run' subcommand
-	pub run_config: Option<RunConfig>,
+	run_config: Option<RunConfig>,
 }
 
 #[allow(clippy::too_many_arguments)]
@@ -71,6 +77,7 @@ impl Config {
 		enable_metrics_server: bool,
 		metrics_server_port: String,
 		untrusted_http_port: String,
+		data_dir: PathBuf,
 		run_config: Option<RunConfig>,
 	) -> Self {
 		Self {
@@ -86,6 +93,7 @@ impl Config {
 			enable_metrics_server,
 			metrics_server_port,
 			untrusted_http_port,
+			data_dir,
 			run_config,
 		}
 	}
@@ -131,6 +139,18 @@ impl Config {
 		}
 	}
 
+	pub fn data_dir(&self) -> &Path {
+		self.data_dir.as_path()
+	}
+
+	pub fn run_config(&self) -> &Option<RunConfig> {
+		&self.run_config
+	}
+
+	pub fn enable_metrics_server(&self) -> bool {
+		self.enable_metrics_server
+	}
+
 	pub fn try_parse_metrics_server_port(&self) -> Option<u16> {
 		self.metrics_server_port.parse::<u16>().ok()
 	}
@@ -149,6 +169,25 @@ impl From<&ArgMatches<'_>> for Config {
 		let metrics_server_port = m.value_of("metrics-port").unwrap_or(DEFAULT_METRICS_PORT);
 		let untrusted_http_port =
 			m.value_of("untrusted-http-port").unwrap_or(DEFAULT_UNTRUSTED_HTTP_PORT);
+
+		let data_dir = match m.value_of("data-dir") {
+			Some(d) => {
+				let p = PathBuf::from(d);
+				if !p.exists() {
+					log::info!("Creating new data-directory for the service {}.", p.display());
+					fs::create_dir_all(p.as_path()).unwrap();
+				} else {
+					log::info!("Starting service in existing directory {}.", p.display());
+				}
+				p
+			},
+			None => {
+				log::warn!("[Config] defaulting to data-dir = PWD because it was previous behaviour. This might change soon.\
+				Please pass the data-dir explicitly to ensure nothing breaks in your setup.");
+				pwd()
+			},
+		};
+
 		let run_config = m.subcommand_matches("run").map(RunConfig::from);
 
 		Self::new(
@@ -167,6 +206,7 @@ impl From<&ArgMatches<'_>> for Config {
 			is_metrics_server_enabled,
 			metrics_server_port.to_string(),
 			untrusted_http_port.to_string(),
+			data_dir,
 			run_config,
 		)
 	}
@@ -225,6 +265,10 @@ fn add_port_if_necessary(url: &str, port: &str) -> String {
 	}
 }
 
+pub fn pwd() -> PathBuf {
+	std::env::current_dir().expect("works on all supported platforms; qed.")
+}
+
 #[cfg(test)]
 mod test {
 	use super::*;
@@ -235,6 +279,7 @@ mod test {
 		let empty_args = ArgMatches::default();
 		let config = Config::from(&empty_args);
 		let expected_worker_ip = "127.0.0.1";
+		let pwd = pwd().to_str().unwrap().to_string();
 
 		assert_eq!(config.node_ip, DEFAULT_NODE_SERVER);
 		assert_eq!(config.node_port, DEFAULT_NODE_PORT);
@@ -247,6 +292,7 @@ mod test {
 		assert!(config.mu_ra_external_address.is_none());
 		assert!(!config.enable_metrics_server);
 		assert_eq!(config.untrusted_http_port, DEFAULT_UNTRUSTED_HTTP_PORT);
+		assert_eq!(config.data_dir, pwd);
 		assert!(config.run_config.is_none());
 	}
 

service/src/enclave/api.rs

@@ -23,9 +23,11 @@ use itp_settings::files::{ENCLAVE_FILE, ENCLAVE_TOKEN};
 use log::*;
 use sgx_types::*;
 use sgx_urts::SgxEnclave;
-/// keep this api free from chain-specific types!
-use std::io::{Read, Write};
-use std::{fs::File, path::PathBuf};
+use std::{
+	fs::File,
+	io::{Read, Write},
+	path::PathBuf,
+};
 
 pub fn enclave_init(config: &Config) -> EnclaveResult<Enclave> {
 	const LEN: usize = 1024;
@@ -103,7 +105,11 @@ pub fn enclave_init(config: &Config) -> EnclaveResult<Enclave> {
 
 	// create an enclave API and initialize it
 	let enclave_api = Enclave::new(enclave);
-	enclave_api.init(&config.mu_ra_url_external(), &config.untrusted_worker_url_external())?;
+	enclave_api.init(
+		&config.mu_ra_url_external(),
+		&config.untrusted_worker_url_external(),
+		&config.data_dir().display().to_string(),
+	)?;
 
 	Ok(enclave_api)
 }

service/src/main.rs

@@ -117,13 +117,6 @@ fn main() {
 	let yml = load_yaml!("cli.yml");
 	let matches = App::from_yaml(yml).get_matches();
 
-	// Todo: This will be changed to be a param of the CLI:
-	// https://github.com/integritee-network/worker/issues/1292
-	//
-	// Until the above task is finished, we just fall back to the
-	// static behaviour, which uses the PWD already.
-	let pwd = std::env::current_dir().expect("Works on all supported platforms; qed");
-
 	let config = Config::from(&matches);
 
 	GlobalTokioHandle::initialize();
@@ -144,8 +137,12 @@ fn main() {
 
 	// build the entire dependency tree
 	let tokio_handle = Arc::new(GlobalTokioHandle {});
-	let sidechain_blockstorage =
-		Arc::new(SidechainStorageLock::<SignedSidechainBlock>::from_base_path(pwd).unwrap());
+	let sidechain_blockstorage = Arc::new(
+		SidechainStorageLock::<SignedSidechainBlock>::from_base_path(
+			config.data_dir().to_path_buf(),
+		)
+		.unwrap(),
+	);
 	let node_api_factory =
 		Arc::new(NodeApiFactory::new(config.node_url(), AccountKeyring::Alice.pair()));
 	let enclave = Arc::new(enclave_init(&config).unwrap());
@@ -177,7 +174,7 @@ fn main() {
 		enclave_metrics_receiver,
 	)));
 
-	if let Some(run_config) = &config.run_config {
+	if let Some(run_config) = config.run_config() {
 		let shard = extract_shard(&run_config.shard, enclave.as_ref());
 
 		println!("Worker Config: {:?}", config);
@@ -296,7 +293,7 @@ fn start_worker<E, T, D, InitializationHandler, WorkerModeProvider>(
 	InitializationHandler: TrackInitialization + IsInitialized + Sync + Send + 'static,
 	WorkerModeProvider: ProvideWorkerMode,
 {
-	let run_config = config.run_config.clone().expect("Run config missing");
+	let run_config = config.run_config().clone().expect("Run config missing");
 	let skip_ra = run_config.skip_ra;
 
 	println!("Integritee Worker v{}", VERSION);
@@ -356,7 +353,7 @@ fn start_worker<E, T, D, InitializationHandler, WorkerModeProvider>(
 
 	// ------------------------------------------------------------------------
 	// Start prometheus metrics server.
-	if config.enable_metrics_server {
+	if config.enable_metrics_server() {
 		let enclave_wallet =
 			Arc::new(EnclaveAccountInfoProvider::new(node_api.clone(), tee_accountid.clone()));
 		let metrics_handler = Arc::new(MetricsHandler::new(enclave_wallet));