Azure-PPML-Example-Occlum
Prerequisites
You can pull the image from Dockerhub.
docker pull intelanalytics/bigdl-ppml-azure-occlum:2.1.0-SNAPSHOT
Or you can build image with build-docker-image.sh
. Configure environment variables in Dockerfile
and build-docker-image.sh
.
Build the docker image:
bash build-docker-image.sh
Run docker
docker run --rm -it \
--name=azure-ppml-example-with-occlum \
--device=/dev/sgx/enclave \
--device=/dev/sgx/provision \
intelanalytics/bigdl-ppml-azure-occlum:2.1.0-SNAPSHOT bash
Nytaxi example
Run the Nytaxi example with run_simple_query.sh
.
docker run --rm -it \
--name=azure-ppml-example-with-occlum \
--device=/dev/sgx/enclave \
--device=/dev/sgx/provision \
intelanalytics/bigdl-ppml-azure-occlum:2.1.0-SNAPSHOT bash
bash run_simple_query.sh
You should get Nytaxi dataframe count and aggregation duration when succeed.
Nytaxi on Kubernetes
Configure environment variables in run_nytaxi_k8s.sh
, driver.yaml
and executor.yaml
. Then you can submit Nytaxi query task with run_nytaxi_k8s.sh
.
bash run_nytaxi_k8s.sh
SparkPi example
Run the SparkPi example with run_spark_on_occlum_glibc.sh
.
docker run --rm -it \
--name=azure-ppml-example-with-occlum \
--device=/dev/sgx/enclave \
--device=/dev/sgx/provision \
intelanalytics/bigdl-ppml-azure-occlum:2.1.0-SNAPSHOT bash
cd /opt
bash run_spark_on_occlum_glibc.sh pi
MAA example
You need to set environment variable AZDCAP_DEBUG_LOG_LEVEL
first.
docker run --rm -it \
--name=azure-ppml-example-with-occlum \
--device=/dev/sgx/enclave \
--device=/dev/sgx/provision \
intelanalytics/bigdl-ppml-azure-occlum:2.1.0-SNAPSHOT bash
export AZDCAP_DEBUG_LOG_LEVEL=fatal
Run the sample code and get the Azure attestation token for doing Microsoft Azure Attestation in Occlum.
cd /opt
bash run_spark_on_occlum_glibc.sh maa
You should get the Azure attestation token when succeed.
SparkPi on Kubernetes
Configure environment variables in run_spark_pi.sh
, driver.yaml
and executor.yaml
. Then you can submit SparkPi task with run_spark_pi.sh
.
bash run_spark_pi.sh
Known issues
- If you meet the following error when running the docker image:
aesm_service[10]: Failed to set logging callback for the quote provider library.
aesm_service[10]: The server sock is 0x5624fe742330
This may be associated with SGX DCAP. And it's expected error message if not all interfaces in quote provider library are valid, and will not cause a failure.
- If you meet the following error when running MAA example:
[get_platform_quote_cert_data ../qe_logic.cpp:352] p_sgx_get_quote_config returned NULL for p_pck_cert_config.
thread 'main' panicked at 'IOCTRL IOCTL_GET_DCAP_QUOTE_SIZE failed', /opt/src/occlum/tools/toolchains/dcap_lib/src/occlum_dcap.rs:70:13
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
[ERROR] occlum-pal: The init process exit with code: 101 (line 62, file src/pal_api.c)
[ERROR] occlum-pal: Failed to run the init process: EINVAL (line 150, file src/pal_api.c)
[ERROR] occlum-pal: Failed to do ECall: occlum_ecall_broadcast_interrupts with error code 0x2002: Invalid enclave identification. (line 26, file src/pal_interrupt_thread.c)
/opt/occlum/build/bin/occlum: line 337: 3004 Segmentation fault (core dumped) RUST_BACKTRACE=1 "$instance_dir/build/bin/occlum-run" "$@"
This may be associated with [RFC] IOCTRL IOCTL_GET_DCAP_QUOTE_SIZE failed.