Posting a Session¶
We show how to interact with CAS s with the help of
curl - this might be helpful during development since it simplifies scripting. Alternatively, we provide a
scone command line interface that can be executed inside of an enclave itself.
If you use our public CAS instance, set it as follows:
To interact with CAS, we need to create a client certificate. When we create a session, it is associated with the client certificate of the creator. Any access to this session requires that the client knows the private key of the client certificate.
Let's create a client certificate without a password. Note that you would typically add a password!
mkdir -p conf if [[ ! -f conf/client.crt || ! -f conf/client-key.key ]] ; then openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=EU/ST=CAS/L=CLIENT/O=Internet/CN=scontain.com" -out conf/client.crt -keyout conf/client-key.key fi
Hello World Session¶
Let's create a minimal session:
cat > session.yml <<EOF name: blender digest: create services: - name: application image_name: sconecuratedimages/iexec:blender mrenclaves: [96936b6760d1f59b18f2c1a3fa2be205a91d6667dfc6635e8d0bbc1687bc03f2] command: blender -b /encryptedInputs/iexec-rlc.blend -o /encryptedOutputs/ -f 1 pwd: / environment: SCONE_MODE: hw images: - name: sconecuratedimages/iexec:blender mrenclaves: [96936b6760d1f59b18f2c1a3fa2be205a91d6667dfc6635e8d0bbc1687bc03f2] tags: [demo] EOF
We can now upload the session as follows:
curl -k -s --cert conf/client.crt --key conf/client-key.key --data-binary @session.yml -X POST https://$SCONE_CAS_ADDR:8081/session
This results in an output similar like this:
Created Session[id=00ed7ade-bba6-4d43-9135-51d0ca2da9ba, name=blender, status=Pending]
Session already exists
If the session with name "blender" already exists - which will be the case when you use scone.ml - the following error message is issued:
Could not create successor session. Invalid previous session digest: ...
In case the session with name
blender already exists, you must chose a different session name.
We can read the session as follows:
curl -k -s --cert conf/client.crt --key conf/client-key.key https://$SCONE_CAS_ADDR:8081/session/blender
This will result in an output like this:
--- name: blender digest: 313c6c3b824f0a560c445c8ef0cf69781345aae753bdbeaedbfff15c5a348099 board_members:  board_policy: minimum: 0 timeout: 30 images: - name: "sconecuratedimages/iexec:blender" mrenclaves: - 96936b6760d1f59b18f2c1a3fa2be205a91d6667dfc6635e8d0bbc1687bc03f2 tags: - demo services: - name: application image_name: "sconecuratedimages/iexec:blender" mrenclaves: - 96936b6760d1f59b18f2c1a3fa2be205a91d6667dfc6635e8d0bbc1687bc03f2 environment: SCONE_MODE: hw command: blender -b /encryptedInputs/iexec-rlc.blend -o /encryptedOutputs/ -f 1 pwd: /