Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: CSCfi/HPCS
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: feea2b88c196925b2b7ae92f15197f327c2094ae
Choose a base ref
..
head repository: CSCfi/HPCS
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 6a5af1cb3a5a89edfa50d3578d1bd01480500ea1
Choose a head ref
Showing with 18 additions and 18 deletions.
  1. +8 −8 client/container_preparation/entrypoint.sh
  2. +9 −9 client/data_preparation/entrypoint.sh
  3. +1 −1 server/entrypoint.sh
16 changes: 8 additions & 8 deletions client/container_preparation/entrypoint.sh
View file
Original file line number Diff line number Diff line change
@@ -100,14 +100,14 @@ NC='\033[0m' # No Color
# Parse arguments from cli
parse_args "$@"

printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Entering entrypoint"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Entering entrypoint"

#
## [RUN] Perform node attestation (spawn agent, register it's and it's workload's spiffeID)
#

if [ -n "$encrypted" ]; then
printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Encryption mode is on. Registering and running SPIRE Agent"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Encryption mode is on. Registering and running SPIRE Agent"

python3 ./utils/spawn_agent.py --config "$config" >/dev/null 2>/dev/null &
spire_agent_pid=$!
@@ -123,7 +123,7 @@ ps "$spire_agent_pid" >/dev/null || (
## [END] Perform node attestation
#

printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Run container preparation"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Run container preparation"

#
## [RUN] Run container preparation (Preparation of new image, build of new image, build of Apptainer/Singularity image)
@@ -139,7 +139,7 @@ fi
## [END] Run container preparation
#

printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Container preparation ended"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Container preparation ended"

#
## [RUN] Ship private key to the vault (Creation of workload identity to give access to the key, writing key to the vault)
@@ -150,10 +150,10 @@ if [ -n "$encrypted" ]; then
fi

if [ -z "$encrypted" ]; then
printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Encryption mode is off, nothing to do"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Encryption mode is off, nothing to do"

else
printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Encryption mode is on, writing key to the vault, using spiffeID $spiffeID"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Encryption mode is on, writing key to the vault, using spiffeID $spiffeID"

if [ -z "$users" ]; then
# If the user provided only groups
@@ -166,13 +166,13 @@ else
python3 ./utils/ship_a_key.py --config "$config" --username "$username" -u "$users" -g "$groups" -c "$compute_nodes" --data-path "$data_path" --data-path-at-rest "$data_path_at_rest" -i "$spiffeID" || end_entrypoint "$spire_agent_pid" 1
fi

printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Key written to the vault"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Key written to the vault"
fi

#
## [END] Ship private key to the vault
#

printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Leaving entrypoint"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Container preparation]${NC} Leaving entrypoint"

end_entrypoint "$spire_agent_pid" 0
18 changes: 9 additions & 9 deletions client/data_preparation/entrypoint.sh
View file
Original file line number Diff line number Diff line change
@@ -86,21 +86,21 @@ NC='\033[0m' # No Color
# Parse arguments from cli
parse_args "$@"

printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Entering entrypoint"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Entering entrypoint"

#
## [RUN] Perform node attestation (spawn agent, register it's and it's workload's spiffeID)
#

printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Registering and running SPIRE Agent"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Registering and running SPIRE Agent"

python3 ./utils/spawn_agent.py --config "$config" >/dev/null 2>/dev/null &
spire_agent_pid=$!

until [ -e /tmp/agent.sock ]; do
printf "%b" "${RED}[LUMI-SD][Data preparation] Spire workload api socket doesn't exist, waiting 10 seconds ${NC}"
printf "%b\n" "${RED}[LUMI-SD][Data preparation] Spire workload api socket doesn't exist, waiting 10 seconds ${NC}"
sleep 10
if pgrep -q -f "$spire_agent_pid"; then
if pgrep -f "$spire_agent_pid" > /dev/null; then
echo "spire agent died, aborting"
end_entrypoint "$spire_agent_pid" 1
fi
@@ -110,7 +110,7 @@ done
## [END] Perform node attestation
#

printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Run Data preparation"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Run Data preparation"

#
## [RUN] Run Data preparation (Encryption of input data)
@@ -122,15 +122,15 @@ python3 ./prepare_data.py -i "$input_data" -o "$output_data" || end_entrypoint "
## [END] Run Data preparation
#

printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Data preparation ended"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Data preparation ended"

#
## [RUN] Ship private key to the vault (Creation of workload identity to give access to the key, writing key to the vault)
#

spiffeID=$(spire-agent api fetch --output json -socketPath /tmp/agent.sock | jq '.svids[0].spiffe_id' -r)

printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Writing key to the vault, using spiffeID $spiffeID"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Writing key to the vault, using spiffeID $spiffeID"

# Handle different cases of user provided compute nodes / user / groups
if [ -z "$users" ]; then
@@ -144,12 +144,12 @@ else
python3 ./utils/ship_a_key.py --config "$config" --username "$username" -u "$users" -g "$groups" -c "$compute_nodes" --data-path "$data_path" --data-path-at-rest "$data_path_at_rest" -i "$spiffeID" || end_entrypoint "$spire_agent_pid" 1
fi

printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Key written to the vault"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Key written to the vault"

#
## [END] Ship private key to the vault
#

printf "%b" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Leaving entrypoint"
printf "%b\n" "${YELLOW}[LUMI-SD]${NC}${BLUE}[Data preparation]${NC} Leaving entrypoint"

end_entrypoint "$spire_agent_pid" 0
2 changes: 1 addition & 1 deletion server/entrypoint.sh
View file
Original file line number Diff line number Diff line change
@@ -28,7 +28,7 @@ NC='\033[0m'

sleep 10
until [ -e "${agent_socket_path}" ]; do
printf "%b[LUMI-SD][Data preparation] Spire workload api socket doesn't exist, waiting 10 seconds %b" "${RED}" "${NC}"
printf "%b[LUMI-SD][Data preparation] Spire workload api socket doesn't exist, waiting 10 seconds %b" "${RED}" "${NC}\n"
sleep 10
done