Skip to main content

Update deployments

Oyster lets you update the enclave image, docker compose file and other initialization parameters on an existing deployment in case you need to make updates to your code. It also lets you switch the debug mode on or off on the deployment. While these updates could be done by deploying new enclaves, updating in-place lets you retain the same IP and job id for the deployment. This tutorial will guide you through updating these parameters for existing deployments.

Create a docker compose file

Create a file named docker-compose.yml describing the service being deployed:

cat > docker-compose.yml <<EOF
services:
  echo-server:
    image: marlinorg/oyster-cvm-tutorials-echo-server
    network_mode: host
    restart: unless-stopped
EOF

Deploy an enclave

Deploy an enclave using:

# Replace <key> with private key of the wallet
oyster-cvm deploy --wallet-private-key <key> --duration-in-minutes 30 --docker-compose docker-compose.yml

Make a note of the job id and image id from the logs.

Interact with the echo server running on port 8080 by default:

nc <ip> 8080

Update the docker compose file

Update the docker compose file to specify a different port as an env var:

cat > docker-compose.yml <<EOF
services:
  echo-server:
    image: marlinorg/oyster-cvm-tutorials-echo-server
    environment:
      - PORT=8081
    network_mode: host
    restart: unless-stopped
EOF

Update the enclave using:

# Replace <key> with private key of the wallet
# Replace <job_id> with job id of the wallet
oyster-cvm update --job-id <job_id> --wallet-private-key <key> --docker-compose docker-compose.yml

Make a note of the image id in the logs. Do you see anything different?

important

All of the initialization parameters have to be specified while updating any one of them, including the docker compose file.

Wait for a minute and try interacting with the server, now running on port 8081:

nc <ip> 8081

Update debug mode

Run

# replace <job id> with the job id obtained above
# replace <key> with private key of the wallet
oyster-cvm update --job-id <job id> --wallet-private-key <key> --debug true

Wait for a minute and run

# Replace <ip> with the IP you obtained above
oyster-cvm verify --enclave-ip <ip>

The PCRs should all be zero now!

Here are some exercises for you to test what you have learned so far and explore these concepts further:

  • Do you remember how to see enclave logs?
  • Can you work out how to put the enclave back in production mode?
  • Can you change the port by adding initialization parameters to the update command and using an env file in the docker compose file?
  • Can you try changing both parameters at the same time?