Enable debug mode
Generally, it is not possible to see console logs of enclaves deployed in production. Oyster however allows enclaves to be deployed in debug mode so console logs are visible. This tutorial will guide you through deploying enclaves in debug mode and querying console logs.
Create a docker compose file
Create a file named docker-compose.yml describing the service being deployed:
cat > docker-compose.yml <<EOF
services:
echo-server:
image: marlinorg/oyster-cvm-tutorials-echo-server
network_mode: host
restart: unless-stopped
EOF
Deploy an enclave in debug mode
We use a similar deployment command as the previous tutorials, except with an additional debug flag.
You can increase durations or deposit additional funds if you find your enclaves expiring before you get through all the commands you want to run!
# replace <key> with private key of the wallet
oyster-cvm deploy --wallet-private-key <key> --duration-in-minutes 15 --docker-compose docker-compose.yml --debug
The command should deploy the enclave and start streaming deployment logs.
Interact with the enclave
In a new terminal, interact with the echo server using
# Replace <ip> with the IP you obtained above
nc <ip> 8080
and exiting it. Repeat this as many time as you like.
You should see new connection and disconnection logs getting streamed to you in the other terminal. You can find logs from the echo server towards the end.
Explicitly stream logs
You can also explicitly stream logs of enclaves running in debug mode by using the logs command:
# Replace <ip> with the IP you obtained above
oyster-cvm logs --ip <ip> --start-from 0
Verify a remote attestation
Run
# Replace <ip> with the IP you obtained above
# Replace <image_id> with the image id obtained above
oyster-cvm verify --enclave-ip <ip> --image-id <image_id>
See anything odd about the output?
Enclaves in debug mode automatically have their PCRs set to zero for security. This helps distinguish them from enclaves in production mode.