Merge pull request #63 from Dstack-TEE/tappd-vsock

tappd: Implement vsock-based guest API

Cargo.toml

@@ -28,8 +28,9 @@ members = [
     "supervisor",
     "supervisor/client",
     "rocket-vsock-listener",
-    "host-api",
     "http-client",
+    "host-api",
+    "guest-api",
 ]
 resolver = "2"
 
@@ -49,6 +50,7 @@ tdx-attest-sys = { path = "tdx-attest-sys" }
 certbot = { path = "certbot" }
 rocket-vsock-listener = { path = "rocket-vsock-listener" }
 host-api = { path = "host-api", default-features = false }
+guest-api = { path = "guest-api", default-features = false }
 http-client = { path = "http-client", default-features = false }
 
 # Core dependencies
@@ -95,6 +97,8 @@ rocket = { git = "https://github.com/rwf2/Rocket", branch = "master", features =
 rocket-apitoken = { git = "https://github.com/kvinwang/rocket-apitoken", branch = "dev" }
 tokio = { version = "1.42.0" }
 tokio-vsock = "0.6.0"
+sysinfo = "0.33.0"
+default-net = "0.22.0"
 
 # Cryptography/Security
 aes-gcm = "0.10.3"

basefiles/app-compose.service

@@ -9,7 +9,7 @@ RemainAfterExit=true
 EnvironmentFile=-/tapp/env
 WorkingDirectory=/tapp
 ExecStart=/usr/bin/env app-compose.sh
-ExecStop=/usr/bin/env docker compose down
+ExecStop=/usr/bin/env docker compose stop
 StandardOutput=journal+console
 StandardError=journal+console
 

basefiles/app-compose.sh

@@ -12,4 +12,4 @@ if ! docker compose up -d; then
     exit 1
 fi
 
-tdxctl notify-host -e "boot.progress" -d "containers started" || true
+tdxctl notify-host -e "boot.progress" -d "done" || true

guest-api/Cargo.toml

@@ -0,0 +1,21 @@
+[package]
+name = "guest-api"
+version.workspace = true
+authors.workspace = true
+edition.workspace = true
+license.workspace = true
+
+[dependencies]
+prpc.workspace = true
+prost.workspace = true
+serde = { workspace = true, features = ["derive"] }
+serde_json.workspace = true
+anyhow.workspace = true
+http-client = { workspace = true, optional = true, features = ["prpc"] }
+
+[build-dependencies]
+prpc-build.workspace = true
+
+[features]
+default = ["client"]
+client = ["dep:http-client"]

guest-api/build.rs

@@ -0,0 +1,11 @@
+fn main() {
+    prpc_build::configure()
+        .out_dir("./src/generated")
+        .mod_prefix("super::")
+        .build_scale_ext(false)
+        .disable_service_name_emission()
+        .disable_package_emission()
+        .enable_serde_extension()
+        .compile_dir("./proto")
+        .expect("failed to compile proto files");
+}

guest-api/proto/guest_api.proto

@@ -0,0 +1,133 @@
+
+syntax = "proto3";
+
+import "google/protobuf/empty.proto";
+
+package guest_api;
+
+message Id {
+  string id = 1;
+}
+
+message GuestInfo {
+  // Guest software version
+  string version = 1;
+  // App ID
+  string app_id = 2;
+  // App Instance ID
+  string instance_id = 3;
+  // App certificate
+  string app_cert = 4;
+  // TCB info
+  string tcb_info = 5;
+}
+
+message IpAddress {
+  string address = 1;
+  uint32 prefix = 2;
+}
+
+message Interface {
+  string name = 1;
+  repeated IpAddress addresses = 2;
+  uint64 rx_bytes = 3;
+  uint64 tx_bytes = 4;
+  uint64 rx_errors = 5;
+  uint64 tx_errors = 6;
+}
+
+message Gateway {
+  string address = 1;
+}
+
+message NetworkInformation {
+  repeated string dns_servers = 1;
+  repeated Gateway gateways = 2;
+  repeated Interface interfaces = 3;
+}
+
+message ListContainersResponse {
+  repeated Container containers = 1;
+}
+
+message Container {
+  // The ID of this container
+  string id = 1;
+  // The names that this container has been given
+  repeated string names = 2;
+  // The name of the image used when creating this container
+  string image = 3;
+  // The ID of the image that this container was created from
+  string image_id = 4;
+  // Command to run when starting the container
+  string command = 5;
+  // When the container was created
+  int64 created = 6;
+  // The state of this container (e.g. Exited)
+  string state = 7;
+  // The status of this container (e.g. Exited)
+  string status = 8;
+}
+
+// The system info
+message SystemInfo {
+  // Operating system
+  string os_name = 1;
+  // Operating system version
+  string os_version = 2;
+  // Kernel version
+  string kernel_version = 3;
+  // Cpu model
+  string cpu_model = 4;
+  // Number of logical CPUs
+  uint32 num_cpus = 5;
+  // Total memory
+  uint64 total_memory = 6;
+  // Available memory
+  uint64 available_memory = 7;
+  // Used memory
+  uint64 used_memory = 8;
+  // Free memory
+  uint64 free_memory = 9;
+  // Total swap memory
+  uint64 total_swap = 10;
+  // Used swap memory
+  uint64 used_swap = 11;
+  // Free swap memory
+  uint64 free_swap = 12;
+  // Uptime
+  uint64 uptime = 13;
+  // Load average
+  uint32 loadavg_one = 14;
+  uint32 loadavg_five = 15;
+  uint32 loadavg_fifteen = 16;
+  // Disks
+  repeated DiskInfo disks = 17;
+}
+
+message DiskInfo {
+  // Device name
+  string name = 1;
+  // Mount point
+  string mount_point = 2;
+  // Total size
+  uint64 total_size = 3;
+  // Free size
+  uint64 free_size = 5;
+}
+
+service GuestApi {
+  rpc Info(google.protobuf.Empty) returns (GuestInfo);
+  rpc SysInfo(google.protobuf.Empty) returns (SystemInfo);
+  rpc NetworkInfo(google.protobuf.Empty) returns (NetworkInformation);
+  rpc ListContainers(google.protobuf.Empty) returns (ListContainersResponse);
+  rpc Shutdown(google.protobuf.Empty) returns (google.protobuf.Empty);
+}
+
+service ProxiedGuestApi {
+  rpc Info(Id) returns (GuestInfo);
+  rpc SysInfo(Id) returns (SystemInfo);
+  rpc NetworkInfo(Id) returns (NetworkInformation);
+  rpc ListContainers(Id) returns (ListContainersResponse);
+  rpc Shutdown(Id) returns (google.protobuf.Empty);
+}

guest-api/src/client.rs

@@ -0,0 +1,8 @@
+use crate::guest_api_client::GuestApiClient;
+use http_client::prpc::PrpcClient;
+
+pub type DefaultClient = GuestApiClient<PrpcClient>;
+
+pub fn new_client(base_url: String) -> DefaultClient {
+    DefaultClient::new(PrpcClient::new(base_url))
+}

guest-api/src/generated/mod.rs

@@ -0,0 +1,4 @@
+pub use guest_api::*;
+
+#[allow(async_fn_in_trait)]
+mod guest_api;

guest-api/src/lib.rs

@@ -0,0 +1,8 @@
+extern crate alloc;
+
+pub use generated::*;
+
+mod generated;
+
+#[cfg(feature = "client")]
+pub mod client;