Makefile: Changed old allocator script with new allocators binary

eraykaradag · eraykaradag · commit 23809768aa0d · 2025-05-13T16:07:51.000Z
Changed makefile to build allocator as a separated binary. Since binary and the bash script has the same the allocator.service will pick up the new one. Also i found this NITRO_CLI_INSTALL_DIR env variable. It fails to read config file if env variable is not exist. If env variable not exist then allocator will try to find the config file in / directory. Tried to build everything manually i bumped into this error in amazon linux and ubuntu instances. Also legacy allocator has the same mechanism but it was not failing. it was failing in Rust so i had to add a sanity check.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Makefile b/Makefile
@@ -93,7 +93,7 @@ aws-nitro-enclaves-cli.tar.gz:
 sources: aws-nitro-enclaves-cli.tar.gz crates-dependencies
 
 .PHONY: all
-all: build-setup nitro-cli vsock-proxy
+all: build-setup nitro-cli vsock-proxy nitro-enclaves-allocator
 
 .PHONY: driver-deps
 driver-deps:
@@ -289,6 +289,32 @@ vsock-proxy-native:
 		--manifest-path=${BASE_PATH}/vsock_proxy/Cargo.toml \
 		--target-dir=${OBJ_PATH}/vsock_proxy
 
+# See .build-container rule for explanation.
+.build-nitro-enclaves-allocator: $(shell find $(BASE_PATH)/allocator/src -name "*.rs")
+	$(DOCKER) run \
+		-v "$$(readlink -f ${BASE_PATH})":/nitro_src \
+		-v "$$(readlink -f ${OBJ_PATH})":/nitro_build \
+		$(CONTAINER_TAG) bin/bash -c \
+			'source /root/.cargo/env && \
+			CC=${CC} cargo build \
+				--release \
+				--target-dir=/nitro_build/allocator \
+				--target=${CARGO_TARGET} \
+				--manifest-path=/nitro_src/allocator/Cargo.toml && \
+			chmod -R 777 nitro_build '
+	ln -sf ../${CARGO_TARGET}/release/nitro-enclaves-allocator \
+		${OBJ_PATH}/allocator/release/nitro-enclaves-allocator
+	touch $@
+
+nitro-enclaves-allocator: build-setup build-container .build-nitro-enclaves-allocator
+
+.PHONY: nitro-enclaves-allocator-native
+nitro-enclaves-allocator-native:
+	cargo build \
+		--release \
+		--manifest-path=${BASE_PATH}/allocator/Cargo.toml \
+		--target-dir=${OBJ_PATH}/allocator
+
 .PHONY: install-command-executer
 install-command-executer:
 	$(INSTALL) -D -m 0755 $(OBJ_PATH)/command-executer/release/command-executer ${NITRO_CLI_INSTALL_DIR}/${BIN_DIR}/command-executer
@@ -300,7 +326,7 @@ install-tools:
 	$(INSTALL) -D -m 0755 $(OBJ_PATH)/vsock_proxy/release/vsock-proxy ${NITRO_CLI_INSTALL_DIR}${BIN_DIR}/vsock-proxy
 	$(INSTALL) -D -m 0644 vsock_proxy/service/nitro-enclaves-vsock-proxy.service ${NITRO_CLI_INSTALL_DIR}${UNIT_DIR}/nitro-enclaves-vsock-proxy.service
 	$(INSTALL) -D -m 0644 vsock_proxy/configs/vsock-proxy.yaml ${NITRO_CLI_INSTALL_DIR}${CONF_DIR}/nitro_enclaves/vsock-proxy.yaml
-	$(INSTALL) -D -m 0755 bootstrap/nitro-enclaves-allocator ${NITRO_CLI_INSTALL_DIR}${BIN_DIR}/nitro-enclaves-allocator
+	$(INSTALL) -D -m 0755 $(OBJ_PATH)/allocator/release/nitro-enclaves-allocator ${NITRO_CLI_INSTALL_DIR}${BIN_DIR}/nitro-enclaves-allocator
 	$(INSTALL) -D -m 0664 bootstrap/allocator.yaml ${NITRO_CLI_INSTALL_DIR}${CONF_DIR}/nitro_enclaves/allocator.yaml
 	$(INSTALL) -D -m 0644 bootstrap/nitro-enclaves-allocator.service ${NITRO_CLI_INSTALL_DIR}${UNIT_DIR}/nitro-enclaves-allocator.service
 	$(MKDIR) -p ${NITRO_CLI_INSTALL_DIR}${DATA_DIR}/nitro_enclaves/blobs
diff --git a/allocator/Cargo.toml b/allocator/Cargo.toml
@@ -1,5 +1,5 @@
 [package]
-name = "allocator"
+name = "nitro-enclaves-allocator"
 version = "0.1.0"
 edition = "2021"
 
diff --git a/allocator/src/configuration.rs b/allocator/src/configuration.rs
@@ -68,10 +68,12 @@ pub enum ResourcePoolConfig {
 /// Loads resource requirements from '/etc/nitro_enclaves/allocator.yaml'
 /// and returns a vector of resource pools for allocation.
 pub fn get_resource_pool_from_config() -> Result<Vec<ResourcePool>> {
-    let f = std::fs::File::open("/etc/nitro_enclaves/allocator.yaml")?;
+    let f = std::fs::File::open(format!(
+        "{}/etc/nitro_enclaves/allocator.yaml",
+        std::env::var("NITRO_CLI_INSTALL_DIR").unwrap_or("".to_string())
+    ))?;
     let config: ResourcePoolConfig =
         serde_yaml::from_reader(f).map_err(|_| Error::ConfigFileCorruption)?;
-
     Ok(configure_resource_pool(config))
 }
 /// Processes the configuration into a consistent format
diff --git a/bootstrap/allocator.yaml b/bootstrap/allocator.yaml
@@ -12,3 +12,15 @@ cpu_count: 2
 # Note: cpu_count and cpu_pool conflict with each other. Only use exactly one of them.
 # Example of reserving CPUs 2, 3, and 6 through 9:
 # cpu_pool: 2,3,6-9
+#
+# Allocator configuration for multiple enclaves
+# Each list item represents a separate enclave
+# Use YAML array like the example below.
+# Example:
+# - memory_mib: 512
+#   cpu_count: 2
+# - memory_mib: 512
+#   cpu_pool: 2,3,6-9
+# You can add more enclave configurations as needed.
+# Allocated Resources are not tied with enclaves.
+# It's a mechanism to separate resources from each other.
