Skip to content

Posting a Session

We show how to interact with CAS s with the help of curl - this might be helpful during development since it simplifies scripting. Alternatively, we provide a scone command line interface that can be executed inside of an enclave itself.

We assume that you already started a CAS instance and a LAS instance on your local host. Alternatively, you can use our public CAS instance at scone.ml. Hence, we set the address of CAS as follows:

export SCONE_CAS_ADDR=127.0.0.1

If you use our public CAS instance, set it as follows:

export SCONE_CAS_ADDR=scone.ml

Client Certificate

To interact with CAS, we need to create a client certificate. When we create a session, it is associated with the client certificate of the creator. Any access to this session requires that the client knows the private key of the client certificate.

Let's create a client certificate without a password. Note that you would typically add a password!

    mkdir -p conf
    if [[ ! -f conf/client.crt || ! -f conf/client-key.key  ]] ; then
        openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=EU/ST=CAS/L=CLIENT/O=Internet/CN=scontain.com" -out conf/client.crt -keyout conf/client-key.key
    fi

Hello World Session

Let's create a minimal session:

cat > session.yml <<EOF
name: blender
digest: create

services:
   - name: application
     image_name: sconecuratedimages/iexec:blender
     mrenclaves: [96936b6760d1f59b18f2c1a3fa2be205a91d6667dfc6635e8d0bbc1687bc03f2]
     command: blender -b /encryptedInputs/iexec-rlc.blend -o /encryptedOutputs/ -f 1
     pwd: /
     environment:
        SCONE_MODE: hw

images:
   - name: sconecuratedimages/iexec:blender
     mrenclaves: [96936b6760d1f59b18f2c1a3fa2be205a91d6667dfc6635e8d0bbc1687bc03f2]
     tags: [demo]
EOF

We can now upload the session as follows:

    curl -k -s --cert conf/client.crt --key conf/client-key.key --data-binary @session.yml -X POST https://$SCONE_CAS_ADDR:8081/session

This results in an output similar like this:

Created Session[id=00ed7ade-bba6-4d43-9135-51d0ca2da9ba, name=blender, status=Pending]

Session already exists

If the session with name "blender" already exists - which will be the case when you use scone.ml - the following error message is issued: Could not create successor session. Invalid previous session digest: ...

In case the session with name blender already exists, you must chose a different session name.

We can read the session as follows:

curl -k -s --cert conf/client.crt --key conf/client-key.key https://$SCONE_CAS_ADDR:8081/session/blender

This will result in an output like this:

---
name: blender
digest: 313c6c3b824f0a560c445c8ef0cf69781345aae753bdbeaedbfff15c5a348099
board_members: []
board_policy:
  minimum: 0
  timeout: 30
images:
  - name: "sconecuratedimages/iexec:blender"
    mrenclaves:
      - 96936b6760d1f59b18f2c1a3fa2be205a91d6667dfc6635e8d0bbc1687bc03f2
    tags:
      - demo
services:
  - name: application
    image_name: "sconecuratedimages/iexec:blender"
    mrenclaves:
      - 96936b6760d1f59b18f2c1a3fa2be205a91d6667dfc6635e8d0bbc1687bc03f2
    environment:
      SCONE_MODE: hw
    command: blender -b /encryptedInputs/iexec-rlc.blend -o /encryptedOutputs/ -f 1
    pwd: /

© scontain.com, June 2019. Questions or Suggestions?