Introduction
In this example we will create two applications: Spring MySQL DB and Spring application to verify the functionality of TomCat.
Spring MySQL DB Application
Fetch a Bearer Token
Using the credentials used for signing up a new user, fetch the bearer token.
BEARER_TOKEN=$(curl -s -u $username:$password -X POST https://em.fortanix.com/v1/sys/auth | jq -r .access_token)
Get all Accounts
After fetching the bearer token, select the account using the bearer token. To select an account, use the GET command to get all the accounts and select the account using the account_id.
curl -H 'Authorization: Bearer <Bearer Token>' -X GET https://em.fortanix.com/v1/accounts
Select the Account
Note the account_id of the account you want to select.
curl -H 'Authorization: Bearer <Bearer Token>' -X POST https://em.fortanix.com/v1/accounts/select_account/<account-id>
Create an Application
Create a Spring MySQL DB application using the configuration provided in the app.json file below.
Create Application
curl -s -H 'Content-Type: application/json' -d @app.json -H "Authorization: Bearer <Bearer token>" -X POST https://em.fortanix.com/v1/apps
Create App.json Config File that Contains the Application Details
{
"name": "spring-mysql-db",
"description": "",
"input_image_name": "fortanix/spring-mysql-db",
"output_image_name": "/spring-mysql-db-converted",
"isvprodid": 1,
"isvsvn": 1,
"mem_size": 2048,
"threads": 80,
"advanced_settings": {
"rw_dirs":["/etc","/var/lib/_mysql","/var/lib/mysql","/tmp","/run/mysqld"],
"manifestEnv":["MALLOC_ARENA_MAX=1"],
"caCertificate":{
"system":"false"
}
}
}
Fetch the Domain Whitelisting Tasks
curl -s -H "Authorization: Bearer <Bearer Token>" -X GET https://em.fortanix.com/v1/tasks?task_type=DOMAIN_WHITELIST > all_domain_tasks.json
All the tasks fetched will be stored in all_domain_tasks.json file. Select the task_id to approve the task in the next step.
Approve a Task
Among the tasks fetched in the previous step, approve the application-specific task using the task_id.
curl -s -H 'Content-Type: application/json' -d '{"status":"APPROVED"}' -H "Authorization: Bearer <Bearer Token>" -X PATCH https://em.fortanix.com/v1/tasks/<task_id>
Create an Image
Create an image of the application.
curl -s -H 'Content-Type: application/json' -d @build.json -H "Authorization: Bearer <Bearer token>" -X POST https://em.fortanix.com/v1/builds/convert-app
The build.json is as below.
{
"app_id": <app_id>,
"docker_version": <tag>,
"inputAuthConfig":
{"username": <username>,
"password": <password>
},
"outputAuthConfig":
{"username": <username>,
"password": <password>
}
}
Fetch all the Image Whitelist Tasks
curl -s -H "Authorization: Bearer <Bearer token>" -X GET https://em.fortanix.com/v1/tasks?task_type=BUILD_WHITELIST > all_build_tasks.json
All the image whitelist tasks will be stored in all_build_tasks.json file. Select the image whitelist task ID to approve the image in the next step.
Approve the Image Whitelist Task
curl -s -H 'Content-Type: application/json' -d '{"status":"APPROVED"}' -H "Authorization: Bearer <Bearer token>" -X PATCH https://em.fortanix.com/v1/tasks/<task_id>
The image is created and whitelisted.
Next, run the following command on a machine running the node agent to run the application.
Run the Application
docker run -d -it --device /dev/isgx:/dev/isgx --device /dev/gsgx:/dev/gsgx -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket -e DB_URL=<URL-Of-MySQL-DB> -e NODE_AGENT_BASE_URL=http://<node-agent-ip>:9092/v1/ --network=host <spring mysql converted image>
Where,
- <URL-Of-MySQL-DB> is the URL of the server on which spring MySQL converted application is running
- <node-agent-ip> is the IP address of the compute node registered on Fortanix Confidential Computing Manager (CCM).
- 9092 is the port on which Node Agent listens up
- converted-image-id is the converted app that can be found in the Images tab under Image Name column in the Images table.
NOTE:
- Please use your own inputs for Node IP, Port, and Converted Image in the above format. The information in the example above is just a sample.
Spring MySQL Application
Fetch a Bearer Token
Using the credentials used for signing up a new user, fetch the bearer token.
BEARER_TOKEN=$(curl -s -u $username:$password -X POST https://em.fortanix.com/v1/sys/auth | jq -r .access_token)
Get all Accounts
After fetching the bearer token, select the account using the bearer token. To select an account, use the GET command to get all the accounts and select the account using the account_id.
curl -H 'Authorization: Bearer <Bearer Token>' -X GET https://em.fortanix.com/v1/accounts
Select the Account
Note the account_id of the account you want to select.
curl -H 'Authorization: Bearer <Bearer Token>' -X POST https://em.fortanix.com/v1/accounts/select_account/<account-id>
Create an Application
Create a Spring MySQL application using the configuration provided in the app.json file below.
Create Application
curl -s -H 'Content-Type: application/json' -d @app.json -H "Authorization: Bearer <Bearer token>" -X POST https://em.fortanix.com/v1/apps
Create App.json Config File that Contains the Application Details
{
"name": "spring-mysql-app",
"description": "",
"input_image_name": "fortanix/spring-mysql-app",
"output_image_name": "/spring-mysql-app-converted",
"isvprodid": 1,
"isvsvn": 1,
"mem_size": 2048,
"threads": 80,
"advanced_settings": {
"java_runtime":"OPENJDK",
"rw_dirs":["/tmp","/etc","/usr/lib","/root/gs-accessing-data-mysql"],
"caCertificate":{
"system":"false"
}
}
}
Fetch the Domain Whitelisting Tasks
curl -s -H "Authorization: Bearer <Bearer Token>" -X GET https://em.fortanix.com/v1/tasks?task_type=DOMAIN_WHITELIST > all_domain_tasks.json
All the tasks fetched will be stored in all_domain_tasks.json file. Select the task_id to approve the task in the next step.
Approve a Task
Among the tasks fetched in the previous step, approve the application-specific task using the task_id.
curl -s -H 'Content-Type: application/json' -d '{"status":"APPROVED"}' -H "Authorization: Bearer <Bearer Token>" -X PATCH https://em.fortanix.com/v1/tasks/<task_id>
Create an Image
Create an image of the application.
curl -s -H 'Content-Type: application/json' -d @build.json -H "Authorization: Bearer <Bearer token>" -X POST https://em.fortanix.com/v1/builds/convert-app
The build.json is as below.
{
"app_id": <app_id>,
"docker_version": <tag>,
"inputAuthConfig":
{"username": <username>,
"password": <password>
},
"outputAuthConfig":
{"username": <username>,
"password": <password>
}
}
Fetch all the Image Whitelist Tasks
curl -s -H "Authorization: Bearer <Bearer token>" -X GET https://em.fortanix.com/v1/tasks?task_type=BUILD_WHITELIST > all_build_tasks.json
All the image whitelist tasks will be stored in all_build_tasks.json file. Select the image whitelist task ID to approve the image in the next step.
Approve the Image Whitelist Task
curl -s -H 'Content-Type: application/json' -d '{"status":"APPROVED"}' -H "Authorization: Bearer <Bearer token>" -X PATCH https://em.fortanix.com/v1/tasks/<task_id>
The image is created and whitelisted.
Next, run the following command on a machine running the node agent to run the application.
Run the Application
docker run -d -it --device /dev/isgx:/dev/isgx --device /dev/gsgx:/dev/gsgx -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket -e NODE_AGENT_BASE_URL=http://<node agent ip>:9092/v1/ --network=host <converted spring app image>
Where,
- <node-agent-ip> is the IP address of the compute node registered on Fortanix CCM.
- 9092 is the port on which Node Agent listens up
- converted-image-id is the converted app that can be found in the Images tab under Image Name column in the Images table.
NOTE:
- Please use your own inputs for Node IP, Port, and Converted Image in the above format. The information in the example above is just a sample.
Once both the Spring MySQL DB application and Spring MySQL application are running, run the following commands to verify the functionality of TomCat.
- Enter some data in DB using TomCat:
curl 'http://<node agent IP>:8080/demo/add?name=test&email=test@test.com' - Fetch all the data entered:
curl http://<node agent IP>:8080/demo/all