Commit d2b0be96 authored by Robert Schambach's avatar Robert Schambach
Browse files

Rename policy setup

parent 38ce6fb7
[SCONE|WARN] src/enclave/dispatch.c:181:print_version(): Application runs in SGX debug mode. Its memory can be read from outside the enclave with a debugger! This is not secure!
mysqld: unknown option '--bootstrap'
[SCONE|WARN] src/enclave/dispatch.c:181:print_version(): Application runs in SGX debug mode. Its memory can be read from outside the enclave with a debugger! This is not secure!
2020-12-22 16:00:32 0 [Note] mysqld (mysqld 10.4.12-MariaDB) starting as process 49 ...
[SCONE|WARN] src/syscall/syscall.c:33:__scone_ni_syscall(): system call: membarrier, number 324 is not implemented.
2020-12-22 16:00:33 0 [Note] InnoDB: The first innodb_system data file 'ibdata1' did not exist. A new tablespace will be created!
2020-12-22 16:00:33 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2020-12-22 16:00:33 0 [Note] InnoDB: Uses event mutexes
2020-12-22 16:00:33 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2020-12-22 16:00:33 0 [Note] InnoDB: Number of pools: 1
2020-12-22 16:00:33 0 [Note] InnoDB: Using SSE2 crc32 instructions
2020-12-22 16:00:33 0 [Note] mysqld: O_TMPFILE is not supported on /var/tmp (disabling future attempts)
2020-12-22 16:00:33 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2020-12-22 16:00:34 0 [Note] InnoDB: Completed initialization of buffer pool
2020-12-22 16:00:34 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2020-12-22 16:00:34 0 [Warning] InnoDB: Failed to set memory to MADV_DODUMP: Invalid argument ptr 0x101e3b9000 size 2097152
2020-12-22 16:00:34 0 [Note] InnoDB: Setting file './ibdata1' size to 12 MB. Physically writing the file full; Please wait ...
2020-12-22 16:00:34 0 [Note] InnoDB: File './ibdata1' size is now 12 MB.
2020-12-22 16:00:34 0 [Note] InnoDB: Setting log file ./ib_logfile101 size to 50331648 bytes
2020-12-22 16:00:34 0 [Note] InnoDB: Setting log file ./ib_logfile1 size to 50331648 bytes
2020-12-22 16:00:35 0 [Note] InnoDB: Renaming log file ./ib_logfile101 to ./ib_logfile0
2020-12-22 16:00:35 0 [Note] InnoDB: New log files created, LSN=11452
2020-12-22 16:00:35 0 [Note] InnoDB: Doublewrite buffer not found: creating new
2020-12-22 16:00:35 0 [Note] InnoDB: Doublewrite buffer created
2020-12-22 16:00:35 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
2020-12-22 16:00:35 0 [Note] InnoDB: Creating foreign key constraint system tables.
2020-12-22 16:00:35 0 [Note] InnoDB: Creating tablespace and datafile system tables.
2020-12-22 16:00:35 0 [Note] InnoDB: Creating sys_virtual system tables.
2020-12-22 16:00:35 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2020-12-22 16:00:35 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2020-12-22 16:00:35 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2020-12-22 16:00:35 0 [Note] InnoDB: 10.4.12 started; log sequence number 0; transaction id 7
2020-12-22 16:01:14 0 [Warning] InnoDB: Failed to set memory to MADV_DODUMP: Invalid argument ptr 0x101c3b9000 size 33554432
2020-12-22 16:01:14 0 [Warning] InnoDB: Failed to set memory to MADV_DODUMP: Invalid argument ptr 0x1013b99000 size 134217728
Two all-privilege accounts were created.
One is root@localhost, it has no password, but you need to
be system 'root' user to connect. Use, for example, sudo mysql
The second is mysql@localhost, it has no password either, but
you need to be the system 'mysql' user to connect.
After connecting you can set the password, if you would need to be
able to connect as any of these users with a password and without sudo
See the MariaDB Knowledgebase at http://mariadb.com/kb or the
MySQL manual for more instructions.
Please report any problems at http://mariadb.org/jira
The latest information about MariaDB is available at http://mariadb.org/.
You can find additional information about the MySQL part at:
http://dev.mysql.com
Consider joining MariaDB's strong and vibrant community:
https://mariadb.org/get-involved/
Waiting for mariadb running (120s max)
[SCONE|WARN] src/enclave/dispatch.c:181:print_version(): Application runs in SGX debug mode. Its memory can be read from outside the enclave with a debugger! This is not secure!
2020-12-22 16:01:25 0 [Note] mysqld (mysqld 10.4.12-MariaDB) starting as process 73 ...
[SCONE|WARN] src/syscall/syscall.c:33:__scone_ni_syscall(): system call: membarrier, number 324 is not implemented.
2020-12-22 16:01:26 0 [Note] InnoDB: The first innodb_system data file 'ibdata1' did not exist. A new tablespace will be created!
2020-12-22 16:01:26 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2020-12-22 16:01:26 0 [Note] InnoDB: Uses event mutexes
2020-12-22 16:01:26 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2020-12-22 16:01:26 0 [Note] InnoDB: Number of pools: 1
2020-12-22 16:01:26 0 [Note] InnoDB: Using SSE2 crc32 instructions
2020-12-22 16:01:26 0 [Note] mysqld: O_TMPFILE is not supported on /var/tmp (disabling future attempts)
2020-12-22 16:01:26 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2020-12-22 16:01:27 0 [Note] InnoDB: Completed initialization of buffer pool
2020-12-22 16:01:27 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2020-12-22 16:01:27 0 [Warning] InnoDB: Failed to set memory to MADV_DODUMP: Invalid argument ptr 0x101ea3e000 size 2097152
2020-12-22 16:01:27 0 [Note] InnoDB: Setting file '/external/ibdata1' size to 12 MB. Physically writing the file full; Please wait ...
2020-12-22 16:01:27 0 [Note] InnoDB: File '/external/ibdata1' size is now 12 MB.
2020-12-22 16:01:27 0 [Note] InnoDB: Setting log file /external/ib_logfile101 size to 50331648 bytes
2020-12-22 16:01:27 0 [Note] InnoDB: Setting log file /external/ib_logfile1 size to 50331648 bytes
2020-12-22 16:01:27 0 [Note] InnoDB: Renaming log file /external/ib_logfile101 to /external/ib_logfile0
2020-12-22 16:01:27 0 [Note] InnoDB: New log files created, LSN=11472
2020-12-22 16:01:27 0 [Note] InnoDB: Doublewrite buffer not found: creating new
2020-12-22 16:01:27 0 [Note] InnoDB: Doublewrite buffer created
2020-12-22 16:01:27 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
2020-12-22 16:01:27 0 [Note] InnoDB: Creating foreign key constraint system tables.
2020-12-22 16:01:27 0 [Note] InnoDB: Creating tablespace and datafile system tables.
2020-12-22 16:01:27 0 [Note] InnoDB: Creating sys_virtual system tables.
2020-12-22 16:01:27 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2020-12-22 16:01:27 0 [Note] InnoDB: Setting file '/external/ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2020-12-22 16:01:27 0 [Note] InnoDB: File '/external/ibtmp1' size is now 12 MB.
2020-12-22 16:01:27 0 [Note] InnoDB: 10.4.12 started; log sequence number 0; transaction id 7
2020-12-22 16:01:27 0 [Note] InnoDB: Creating #1 encryption thread id 69287181088 total threads 4.
2020-12-22 16:01:27 0 [Note] InnoDB: Creating #2 encryption thread id 69289282336 total threads 4.
2020-12-22 16:01:27 0 [Note] InnoDB: Creating #3 encryption thread id 69291383584 total threads 4.
2020-12-22 16:01:27 0 [Note] InnoDB: Creating #4 encryption thread id 69293484832 total threads 4.
2020-12-22 16:01:27 0 [Note] Plugin 'FEEDBACK' is disabled.
2020-12-22 16:01:27 0 [Note] Using encryption key id 1 for temporary files
2020-12-22 16:01:28 0 [Note] Server socket created on IP: '0.0.0.0'.
2020-12-22 16:01:28 0 [Warning] 'user' entry '@mariadb-mariadb-scone-0' ignored in --skip-name-resolve mode.
2020-12-22 16:01:28 0 [Warning] 'proxies_priv' entry '@% root@mariadb-mariadb-scone-0' ignored in --skip-name-resolve mode.
2020-12-22 16:01:28 6 [Warning] Failed to load slave replication state from table mysql.gtid_slave_pos: 1932: Table 'mysql.gtid_slave_pos' doesn't exist in engine
2020-12-22 16:01:28 0 [Note] Reading of all Master_info entries succeeded
2020-12-22 16:01:28 0 [Note] Added new Master_info '' to hash table
2020-12-22 16:01:28 0 [Note] mysqld: ready for connections.
Version: '10.4.12-MariaDB' socket: '/run/mysqld/mysqld.sock' port: 3306 MariaDB Server
[SCONE|WARN] src/enclave/dispatch.c:181:print_version(): Application runs in SGX debug mode. Its memory can be read from outside the enclave with a debugger! This is not secure!
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/run/mysqld/mysqld.sock' (111)
/demo/start.sh: line 69: 73 Killed su mysql -c 'mysqld --innodb-use-native-aio=0 --datadir=${MYSQL_DATADIR}'
export DB_POLICY_FSPF_KEY=08c7b1dd2ec1eeb876be8ecf7f26ce9a778ba0c1d2921f1fc34d287f8a9e1c8e
export DB_POLICY_FSPF_TAG=7b3d30df3e66ac0682c8edc974314393
export MEMCACHED_POLICY_FSPF_KEY=497316b884850114d9095a40f6033e1e3347e5e3568ffa90163ac6b6006e56c9
export MEMCACHED_POLICY_FSPF_TAG=c290d5d3e656963812d58fc734a78277
export NGINX_POLICY_FSPF_KEY=ed161a9f3024e412874a6bcb1148befefa6ef1ca7d9f526ba46d94622d2edae0
export NGINX_POLICY_FSPF_TAG=05d3d0578870ce9869ff18f0d29fed27
export FASTAPI_POLICY_FSPF_KEY=c31c5c342ebd2988d3fac61a5c6b993a263b2af0a207eee2462545d62f420e5d
export FASTAPI_POLICY_FSPF_TAG=5abd6a7479c5d043a5d564eb954a12e6
export DB_POLICY_FSPF_KEY=f66dfe669dff6a4ed7c504ac2031bd0899618cdf44c3cd9664990efe0d6f034c
export DB_POLICY_FSPF_TAG=14a683c2b708f80f6b4ba290d7be29b5
export MEMCACHED_POLICY_FSPF_KEY=d0445c96c0a33fae9ce6a3f91b02f134f505d6573ebc068673df0dd098a80284
export MEMCACHED_POLICY_FSPF_TAG=3f5698ddebaec38f865087677b8528c9
export NGINX_POLICY_FSPF_KEY=43afedc32782c0f405ce1d0d996a65575dacafb623683a6c5ef6ebe39580d7df
export NGINX_POLICY_FSPF_TAG=3e205b1f5cf1dab4a8c131610d8f665b
export FASTAPI_POLICY_FSPF_KEY=022739a503d782e0b6fcb3179337abb59ac17c27e566673b1c2e48e0957a0ac6
export FASTAPI_POLICY_FSPF_TAG=d380a2606f9e54eeb5277bef9b3cfb9a
......@@ -2,6 +2,6 @@ export CAS_MRENCLAVE="fd7efd68adeb23b5e60bca27f6fb3aec98d7fe1f4dee8fc5cf9e797299
export MRENCLAVE_MYSQLD="1bfbc131f7abcb972c5afd27c1e9554f5d6678448c24d478f2b51f1a7a557c92"
export MRENCLAVE_MYSQL="52908b023e66059e30f1ac5e16a91c8acd43027875a2a61113daddfd670b1376"
export MRENCLAVE_MY_PRINT_DEFAULTS="37fb68a5697ea48586d04d74f69a4cd08b152bbaa6597b5a7d92d9ef3a4581e9"
export MRENCLAVE_SIMPLECLIENT_FASTAPI="2808559c02d5611b4fbf76230f5e73ddb48064830a83ffaf22a10695fac60770"
export MRENCLAVE_MEMCACHED="dabbadf48faf46d7b0200d168f4f4d04aa5d79704f69f0bdb5a15745c962ea29"
export MRENCLAVE_SIMPLECLIENT_FASTAPI="46665319d80e7c16367d38bec7a0fdea96694c435fe8aa86e02329a826da979e"
export MRENCLAVE_MEMCACHED="6f39aca52f7788e8fa08dd44595b69199530a8efbbeb7142102e87917d0ef0c0"
export MRENCLAVE_NGINX="361170281c51805d00a6d62d270d4a129083cbba897675de08d55cd64b8275e2"
......@@ -33,11 +33,11 @@ echo "Determining the MRENCLAVES."
# Determine MRENCLAVE of latest images.
CAS_MRENCLAVE=$(get_mrenclave $CAS_IMAGE cas)
MRENCLAVE_MYSQLD=$(get_mrenclave $MARIADB_IMAGE mysqld "-e SCONE_HEAP=2G -e SCONE_ALLOW_DLOPEN=1 --entrypoint=""")
MRENCLAVE_MYSQLD=$(get_mrenclave $MARIADB_IMAGE mysqld "-e SCONE_HEAP=2G -e SCONE_ALLOW_DLOPEN=1 -e SCONE_SYSLIBS=1 -e SCONE_FSPF_MUTABLE=1 --entrypoint=""")
MRENCLAVE_MY_PRINT_DEFAULTS=$(get_mrenclave $MARIADB_IMAGE my_print_defaults "-e SCONE_HEAP=2G -e SCONE_ALLOW_DLOPEN=1 --entrypoint=""")
MRENCLAVE_MYSQL=$(get_mrenclave $MARIADB_IMAGE mysql "-e SCONE_HEAP=2G -e SCONE_ALLOW_DLOPEN=1 --entrypoint=""")
MRENCLAVE_SIMPLECLIENT_FASTAPI=$(get_mrenclave $FASTAPI_IMAGE python3 "-e SCONE_HEAP=2G -e SCONE_ALLOW_DLOPEN=2")
MRENCLAVE_MEMCACHED=$(get_mrenclave $MEMCACHED_IMAGE memcached "-e SCONE_HEAP=2G -e SCONE_ALLOW_DLOPEN=2")
MRENCLAVE_SIMPLECLIENT_FASTAPI=$(get_mrenclave $FASTAPI_IMAGE python3 "-e SCONE_HEAP=2G -e SCONE_ALLOW_DLOPEN=1")
MRENCLAVE_MEMCACHED=$(get_mrenclave $MEMCACHED_IMAGE memcached "-e SCONE_HEAP=2G -e SCONE_ALLOW_DLOPEN=1")
MRENCLAVE_NGINX=$(get_mrenclave $NGINX_IMAGE nginx "-e SCONE_HEAP=2G -e SCONE_FORK=1")
cat > /tmp/mrenclaves.sh << EOF
......
......@@ -20,7 +20,7 @@ fastapi-scone:
repository: registry.scontain.com:5050/enterjazz/secure-doc-management
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: "fastapi-server"
tag: "fastapi-server-protected"
scone:
attestation:
FASTAPIConfigID: db_simpleclient_config/serve
......@@ -28,13 +28,13 @@ fastapi-scone:
- name: SCONE_HEAP
value: 2G
- name: SCONE_ALLOW_DLOPEN
value: "2"
value: "1"
imagePullSecrets:
- name: enterjazz-gitlab-scontain
mariadb-scone:
image: "enterjazz/scone-test-images:mariadb"
image: "registry.scontain.com:5050/enterjazz/secure-doc-management:mariadb-protected"
imagePullSecrets:
- name: enterjazz-gitlab-scontain
scone:
......@@ -65,7 +65,7 @@ nginx-scone:
repository: registry.scontain.com:5050/enterjazz/secure-doc-management
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: "nginx-proxy-server"
tag: "nginx-proxy-server-protected"
imagePullSecrets:
- name: enterjazz-gitlab-scontain
scone:
......
......@@ -9,14 +9,14 @@ set -o nounset
# Catch the error in case mysqldump fails (but gzip succeeds) in `mysqldump |gzip`
set -o pipefail
# Turn on traces, useful while debugging but commented out by default
set -o xtrace
#set -o xtrace
cd $PWD/mariadb
cd $PWD/policy-setup
# Define your base MariaDB image.
export MARIADB_BASE_IMAGE=${MARIADB_BASE_IMAGE:-registry.scontain.com:5050/sconecuratedimages/apps:mariadb-10.4-alpine-scone5.0.0}
# Define the image we are building. This one will be deployed to your servers.
export MARIADB_TARGET_IMAGE=${MARIADB_TARGET_IMAGE:-enterjazz/scone-test-images:mariadb}
export MARIADB_TARGET_IMAGE=${MARIADB_TARGET_IMAGE:-registry.scontain.com:5050/enterjazz/secure-doc-management:mariadb-protected}
# Download the latests images from registry.scontain.com:5050/sconecuratedimages.
export MEMCACHED_BASE_IMAGE=${MEMCACHED_BASE_IMAGE:-"registry.scontain.com:5050/enterjazz/secure-doc-management:memcached-tls"}
......@@ -61,6 +61,7 @@ echo "export FASTAPI_POLICY_FSPF_TAG=$FASTAPI_SCONE_FSPF_TAG" >> fspf_variables.
echo "Pushing protected images"
for img in $MARIADB_TARGET_IMAGE $MEMCACHED_TARGET_IMAGE $NGINX_TARGET_IMAGE $FASTAPI_TARGET_IMAGE; do
echo "Pushing $img"
docker push $img
done
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment