def test_cli_single_server_provision_model_key(tmp_path):
model = SQUEEZENET
port = 8001
encrypted_model_path = tmp_path / 'model.onnx.enc'
key = confonnx.encrypt_model.generate_key()
confonnx.encrypt_model.encrypt_model(model['model'],
encrypted_model_path,
key=key)
with Server(model_path=encrypted_model_path,
port=port,
use_model_key_provisioning=True):
confonnx.main.main([
'--url', f'http://localhost:{port}/', '--enclave-allow-debug',
'--mode', 'provision-model-key', '--model-key', key
])
confonnx.main.main([
'--url', f'http://localhost:{port}/', '--enclave-allow-debug',
'--pb-in',
str(model['input']['data_0']), '--pb-in-names', 'data_0',
'--pb-out',
str(tmp_path)
])
tensorproto_diff.check_equal(model['ref_output']['softmaxout_1'],
tmp_path / 'output_0.pb')
def test_api_akv_hsm_key_rollover_single_server():
model = MATMUL_1
port = 8001
key_name = random_akv_key_name()
try:
client = Client(f'http://localhost:{port}/', enclave_allow_debug=True)
with Server(model_path=model['model'],
port=port,
key_rollover_interval=5,
key_sync_interval=5,
use_akv=True,
akv_app_id=os.environ['CONFONNX_TEST_APP_ID'],
akv_app_pwd=os.environ['CONFONNX_TEST_APP_PWD'],
akv_service_key_name=key_name,
akv_vault_url=os.environ['CONFONNX_TEST_VAULT_HSM_URL'],
akv_attestation_url=os.
environ['CONFONNX_TEST_ATTESTATION_URL']):
for i in range(12):
print(f'Request #{i}')
client.predict(model['input'])
print(f'Request #{i} -- done')
time.sleep(1)
assert client.key_rollover_count in [1, 2]
assert client.key_invalid_count == 0
finally:
delete_akv_key(os.environ['CONFONNX_TEST_APP_ID'],
os.environ['CONFONNX_TEST_APP_PWD'],
os.environ['CONFONNX_TEST_VAULT_HSM_URL'],
key_name,
is_hsm=True)
def test_api_invalid_key():
model = MATMUL_1
port = 8001
client = Client(f'http://localhost:{port}/', enclave_allow_debug=True)
with Server(model_path=model['model'], port=port):
client.predict(model['input'])
assert client.key_invalid_count == 0
# Simulate multiple key rollovers by restarting the server (without using AKV).
# The client's key then becomes invalid.
with Server(model_path=model['model'], port=port):
# If the client does not repeat the key exchange,
# then the following request will fail.
client.predict(model['input'])
assert client.key_invalid_count == 1
def test_api_basic():
model = MATMUL_1
port = 8001
client = Client(f'http://localhost:{port}/', enclave_allow_debug=True)
with Server(model_path=model['model'], port=port):
output = client.predict(model['input'])
assert_output_allclose(output, model['ref_output'])
def proxy(domain, port, fn):
conf = Server(
Location(
"/",
include="proxy_params",
proxy_pass=f"http://127.0.0.1:{port}",
),
listen=NGINX_PORT,
server_name=domain,
)
with open(f"/etc/nginx/sites-enabled/{fn}", "w") as f:
f.write(str(conf))
def test_cli_single_server_single_inference(tmp_path):
model = SQUEEZENET
port = 8001
with Server(model_path=model['model'], port=port):
confonnx.main.main([
'--url', f'http://localhost:{port}/', '--enclave-allow-debug',
'--pb-in',
str(model['input']['data_0']), '--pb-in-names', 'data_0',
'--pb-out',
str(tmp_path)
])
tensorproto_diff.check_equal(model['ref_output']['softmaxout_1'],
tmp_path / 'output_0.pb')
def test_api_local_key_rollover():
model = MATMUL_1
port = 8001
client = Client(f'http://localhost:{port}/', enclave_allow_debug=True)
with Server(model_path=model['model'],
port=port,
key_rollover_interval=5,
key_sync_interval=1):
for _ in range(12):
client.predict(model['input'])
time.sleep(1)
assert client.key_rollover_count in [2, 3]
assert client.key_invalid_count == 0
def test_api_akv_multiple_servers():
model = MATMUL_1
num_servers = 3
start_port = 8001
ports = list(range(start_port, start_port + num_servers))
key_name = random_akv_key_name()
servers = []
try:
for port in ports:
servers.append(
Server(model_path=model['model'],
port=port,
use_akv=True,
akv_app_id=os.environ['CONFONNX_TEST_APP_ID'],
akv_app_pwd=os.environ['CONFONNX_TEST_APP_PWD'],
akv_service_key_name=key_name,
akv_vault_url=os.environ['CONFONNX_TEST_VAULT_URL']))
client = Client(f'http://foo/', enclave_allow_debug=True)
for port in ports:
client.url = f'http://localhost:{port}/'
client.predict(model['input'])
# All servers should have the same key from AKV.
# This assumes that the key itself exists already in AKV,
# which will be the case due to running of other AKV tests above.
assert client.key_rollover_count == 0
assert client.key_invalid_count == 0
finally:
stop_errors = []
for server in servers:
try:
server.stop()
except Exception as e:
stop_errors.append(e)
delete_akv_key(os.environ['CONFONNX_TEST_APP_ID'],
os.environ['CONFONNX_TEST_APP_PWD'],
os.environ['CONFONNX_TEST_VAULT_URL'],
key_name,
is_hsm=False)
for e in stop_errors:
print(e)
if stop_errors:
raise stop_errors[0]
def main():
logger.info('Servers waiting for external connections. Run "main.py" on client.')
camera_server = Server('',
settings.CAMERA_PORT,
camera_handle,
name='CameraServer').start()
remote_control_server = Server('',
settings.REMOTE_CONTROL_PORT,
remote_control_handle,
name='RemoteControlServer').start()
print(colors.green & colors.bold |
'\n *******************************\n'
' * *\n'
' * PRESS ENTER TO QUIT *\n'
' * *\n'
' *******************************\n')
input()
camera_server.shutdown()
remote_control_server.shutdown()
def test_cli_json_input_output(tmp_path):
model = MATMUL_1
port = 8001
json_in_path = tmp_path / 'in.json'
json_out_path = tmp_path / 'out.json'
save_json(json_in_path, model['input'])
with Server(model_path=model['model'], port=port):
confonnx.main.main([
'--url', f'http://localhost:{port}/', '--enclave-allow-debug',
'--json-in',
str(json_in_path), '--json-out',
str(json_out_path)
])
output = load_json(json_out_path)
assert_output_allclose(output, model['ref_output'])
def test_cli_single_server_parallel_inferences(tmp_path):
model = SQUEEZENET
port = 8001
with Server(model_path=model['model'], port=port):
def run_inference(i):
out_dir = tmp_path / str(i)
confonnx.main.main([
'--url', f'http://localhost:{port}/', '--enclave-allow-debug',
'--pb-in',
str(model['input']['data_0']), '--pb-in-names', 'data_0',
'--pb-out',
str(out_dir)
])
tensorproto_diff.check_equal(model['ref_output']['softmaxout_1'],
out_dir / 'output_0.pb')
with ThreadPoolExecutor(max_workers=8) as e:
for _ in e.map(run_inference, range(100)):
pass
def start():
username = request.form.get("username")
try:
sh("id", "-u", username)
user_exists = True
except subprocess.CalledProcessError:
user_exists = False
if not user_exists:
sh("useradd", "-b", "/save", "-m", username, "-s", "/bin/bash")
add_domain(
name=get_hosted_app_name(),
domain=f"{username}.{get_host()}",
proxy_set_header={
"Host": "$host",
"Upgrade": "$http_upgrade",
"Connection": "upgrade",
"Accept-Encoding": "gzip",
},
)
if not get_server_pid(username):
with db_lock("ide", username):
passwd = gen_salt(24)
config = {
"socket": f"/tmp/ide-{username}.sock",
"auth": "password",
"password": passwd,
"home": f"https://{get_host()}",
}
with open(f"/save/{username}/.code-server.yaml", "w") as csc:
yaml.dump(config, csc)
sanitized = os.environ.copy()
del sanitized["DATABASE_URL"]
del sanitized["APP_HOME"]
del sanitized["APP_MASTER_SECRET"]
del sanitized["ENV"]
del sanitized["INSTANCE_CONNECTION_NAME"]
subprocess.Popen(get_server_cmd(username), env=sanitized)
sh("sleep", "2") # give the server a couple of seconds to start up
sh("chmod", "666", f"/tmp/ide-{username}.sock")
conf = Server(
Location(
"/",
include="proxy_params",
proxy_pass=f"http://unix:/tmp/ide-{username}.sock",
proxy_set_header={
"Host": "$host",
"Upgrade": "$http_upgrade",
"Connection": "upgrade",
"Accept-Encoding": "gzip",
},
),
server_name=f"{username}.{get_host()}",
listen=NGINX_PORT,
error_page=f"502 https://{get_host()}",
)
with open(f"/etc/nginx/sites-enabled/{username}.{get_host()}",
"w") as f:
f.write(str(conf))
sh("nginx", "-s", "reload")
if not os.path.exists(f"/save/{username}/berkeley-cs61a"):
if os.path.exists("/save/berkeley-cs61a"):
shutil.copytree(
"/save/berkeley-cs61a",
f"/save/{username}/berkeley-cs61a",
symlinks=True,
)
sh("chown", "-R", username, f"/save/{username}/berkeley-cs61a")
return redirect(url_for("index"))
def broadcast(msg, prefix="", raw=False): # prefix is for name identification.
"""Broadcasts a message to all the clients."""
for sock in socketToUser:
try:
send(prefix + msg, sock, raw)
except:
pass
def relay(msg, toID, raw=False):
send(msg, userToSocket[toID], raw)
HOST = '127.0.0.1'
PORT = 33001
BUFSIZ = 4096
HEADER_LENGTH = 10
USERNAME_LENGTH = 50
ADDR = (HOST, PORT)
SERVER = socket.socket(AF_INET, SOCK_STREAM)
SERVER.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
SERVER.bind(ADDR)
ServerObj = Server()
if __name__ == "__main__":
SERVER.listen(5)
print("Waiting for connection...")
ACCEPT_THREAD = Thread(target=accept_incoming_connections)
ACCEPT_THREAD.start()
ACCEPT_THREAD.join()
SERVER.close()
def start():
username = request.form.get("username")
try:
sh("id", "-u", username)
user_exists = True
except subprocess.CalledProcessError:
user_exists = False
if is_prod_build():
domain = f"{username}.{get_host()}"
else:
domain = f"{username}-{get_host()}"
if not user_exists:
print(f"User {username} doesn't exist, creating...", file=sys.stderr)
sh("useradd", "-b", "/save", "-m", username, "-s", "/bin/bash")
print(
f"Proxying {domain} to {get_hosted_app_name()}...",
file=sys.stderr,
)
add_domain(
name=get_hosted_app_name(),
domain=domain,
proxy_set_header={
"Host": "$host",
"Upgrade": "$http_upgrade",
"Connection": "upgrade",
"Accept-Encoding": "gzip",
},
)
sh("chown", "-R", username, f"/save/{username}")
print("Home folder owner set.", file=sys.stderr)
sh("mkdir", "-p", "/save/.cache")
sh("chmod", "a+rw", "/save/.cache")
if not get_server_pid(username):
print(f"Server for {username} is not running, starting...",
file=sys.stderr)
with db_lock("ide", username):
passwd = gen_salt(24)
port = get_open_port()
config = {
"bind-addr": f"127.0.0.1:{port}",
"auth": "password",
"password": passwd,
}
with open(f"/save/{username}/.code-server.yaml", "w") as csc:
yaml.dump(config, csc)
sh("chown", "-R", username, f"/save/{username}/.code-server.yaml")
print("Configuration ready.", file=sys.stderr)
sanitized = os.environ.copy()
del sanitized["DATABASE_URL"]
del sanitized["APP_HOME"]
del sanitized["APP_MASTER_SECRET"]
del sanitized["ENV"]
del sanitized["INSTANCE_CONNECTION_NAME"]
sanitized["PORT"] = str(port)
print("Environment sanitized.", file=sys.stderr)
subprocess.Popen(get_server_cmd(username), env=sanitized)
print("Subprocess opened.", file=sys.stderr)
conf = Server(
Location(
"/",
include="proxy_params",
proxy_pass=f"http://127.0.0.1:{port}",
proxy_set_header={
"Host": "$host",
"Upgrade": "$http_upgrade",
"Connection": "upgrade",
"Accept-Encoding": "gzip",
},
),
server_name=domain,
listen=NGINX_PORT,
error_page=f"502 https://{get_host()}",
)
with open(f"/etc/nginx/sites-enabled/{domain}", "w") as f:
f.write(str(conf))
sh("nginx", "-s", "reload")
print("NGINX configuration written and server restarted.",
file=sys.stderr)
if not os.path.exists(f"/save/{username}/berkeley-cs61a"):
print(f"Copy of repo for {username} not found.", file=sys.stderr)
if os.path.exists("/save/root/berkeley-cs61a"):
print("Found a known good repo, copying...", file=sys.stderr)
shutil.copytree(
"/save/root/berkeley-cs61a",
f"/save/{username}/berkeley-cs61a",
symlinks=True,
)
print(
"Tree copied. Writing Visual Studio Code associations...",
file=sys.stderr,
)
os.mkdir(f"/save/{username}/berkeley-cs61a/.vscode")
with open(f"/save/{username}/berkeley-cs61a/.vscode/settings.json",
"w") as f:
f.write(VSCODE_ASSOC)
print("Done.", file=sys.stderr)
sh("chown", "-R", username, f"/save/{username}/berkeley-cs61a")
print("Tree owner changed.", file=sys.stderr)
print("Waiting for code-server to come alive, if needed...",
file=sys.stderr)
while requests.get(f"https://{domain}").status_code != 200:
time.sleep(1)
print("code-server is alive.", file=sys.stderr)
print("IDE ready.", file=sys.stderr)
return redirect(session.pop(SK_RETURN_TO, url_for("index")))
from utils import configinit_setup
from utils import Server
if __name__ == "__main__":
configinit_setup()
Server().start()
import threading
import time
from utils import Server
addr_type = raw_input("input server address type(ipv4/ipv6):\n")
serv_type = raw_input("input server address type(tcp/udp): \n")
ip = raw_input("input server ip address: \n")
port = int(input("input server port: \n"))
myServer = Server(addr_type, serv_type, (ip, port))
thread = threading.Thread(target=myServer.start)
thread.start()
while thread.isAlive():
time.sleep(1.0)
thread._Thread__stop()
print("end")
from utils import Server
if __name__ == '__main__':
server = Server()
server.bind()
server.connect()