Commit a7a6308

authored

Add Pyspark listener (#248)

This PR adds support for a Pyspark listener that is intended to receive queries from the MC2 Client. It contains SBT code to generate Python protobuf files and package them into a zip automatically for submitting to a standalone Spark cluster. The instructions for running the listener are in the client docs. Unfortunately, it also introduces a Python dependency to Opaque SQL, since there are required packages to start the Python listener service.

1 parent 2cc3f6e commit a7a6308Copy full SHA for a7a6308

File tree

15 files changed

+122

-16

lines changed

.github/scripts
- build.sh
.gitignore
build.sbt
docker
- Dockerfile
opaque-sql-docs/src
- install
  - install.rst
- usage
scripts
- install.sh
src
- main/resources
  - log4j.properties
- python
  - intp_handler.py
  - listener.py
  - opaque_sql.py
  - protobuf
    - README.md
    - __init__.py

15 files changed

+122

-16

lines changed

`‎.github/scripts/build.sh`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@ sudo apt-get -y install clang-8 libssl-dev gdb libsgx-enclave-common libsgx-quot`
`11`	`11`
`12`	`12`	`# Install Opaque Dependencies`
`13`	`13`	`sudo apt-get -y install wget build-essential openjdk-8-jdk python libssl-dev libmbedtls-dev`
	`14`	`+pip3 install grpcio grpcio-tools # Needed for PySpark listener`
`14`	`15`
`15`	`16`	`# Install a newer version of CMake (3.15)`
`16`	`17`	`wget https://github.com/Kitware/CMake/releases/download/v3.15.6/cmake-3.15.6-Linux-x86_64.sh`

`‎.gitignore`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,11 @@ lint-r-report.log`
`68`	`68`	`/.tags`
`69`	`69`	`.metals/`
`70`	`70`
	`71`	`+# For generated Python protobuf files`
	`72`	`+/src/python/protobuf/`
	`73`	`+!/src/python/protobuf/__init__.py`
	`74`	`+!/src/python/protobuf/README.md`
	`75`	`+`
`71`	`76`	`# For Hive`
`72`	`77`	`metastore_db/`
`73`	`78`	`metastore/`

`‎build.sbt`

Lines changed: 34 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -161,8 +161,6 @@ resourceGenerators in Compile += copyEnclaveLibrariesToResourcesTask.taskValue`
`161`	`161`	`// Add the managed resource directory to the resource classpath so we can find libraries at runtime`
`162`	`162`	`managedResourceDirectories in Compile += resourceManaged.value`
`163`	`163`
`164`		`-unmanagedResources in Compile ++= ((sourceDirectory.value / "python") ** "*.py").get`
`165`		`-`
`166`	`164`	`Compile / PB.protoSources := Seq(sourceDirectory.value / "protobuf")`
`167`	`165`	`Compile / PB.targets := Seq(scalapb.gen() -> (Compile / sourceManaged).value / "scalapb")`
`168`	`166`
`@@ -192,6 +190,13 @@ def data = Command.command("data") { state =>`
`192`	`190`	`state`
`193`	`191`	`}`
`194`	`192`
	`193`	`+val zipPythonFilesTask = TaskKey[Unit](`
	`194`	`+ "zipPythonFilesTask",`
	`195`	`+ "Creates a zip of all the Python files (including generated protobuf files) and the listener in the target directory."`
	`196`	`+)`
	`197`	`+`
	`198`	`+compile in Compile := { (compile in Compile).dependsOn(zipPythonFilesTask).value }`
	`199`	`+`
`195`	`200`	`commands += oeGdbCommand`
`196`	`201`	`commands += data`
`197`	`202`
`@@ -438,3 +443,30 @@ synthBenchmarkDataTask := {`
`438`	`443`	`}`
`439`	`444`	`}`
`440`	`445`	`}`
	`446`	`+`
	`447`	`+zipPythonFilesTask := {`
	`448`	`+ val pythonDir = sourceDirectory.value / "python"`
	`449`	`+`
	`450`	`+ // First generate the Python protobuf files`
	`451`	`+ val protoSourceDir = sourceDirectory.value / "protobuf"`
	`452`	`+ val pythonProtoDir = pythonDir / "protobuf"`
	`453`	`+ Process(`
	`454`	`+ Seq(`
	`455`	`+ "python3",`
	`456`	`+ "-m",`
	`457`	`+ "grpc_tools.protoc",`
	`458`	`+ s"-I=${protoSourceDir}",`
	`459`	`+ s"--python_out=${pythonProtoDir}",`
	`460`	`+ s"--grpc_python_out=${pythonProtoDir}",`
	`461`	`+ s"${protoSourceDir}/client.proto",`
	`462`	`+ s"${protoSourceDir}/listener.proto"`
	`463`	`+ )`
	`464`	`+ ).!`
	`465`	`+`
	`466`	`+ // Then move all Python files`
	`467`	`+ Process(Seq("cp", "-a", s"${pythonDir}", s"${target.value}")).!`
	`468`	`+`
	`469`	`+ // Finally zip everything together`
	`470`	`+ val pythonBuildDir = target.value / "python"`
	`471`	`+ IO.zip(Path.allSubpaths(pythonBuildDir), target.value / "python.zip")`
	`472`	`+}`

`‎docker/Dockerfile`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,8 @@ RUN apt-get update && \`
`4`	`4`	`apt-get install -y git wget build-essential openjdk-8-jdk-headless python cmake libssl-dev libmbedtls-dev && \`
`5`	`5`	`rm -rf /var/lib/apt/lists/*`
`6`	`6`
	`7`	`+RUN pip3 install grpcio grpcio-tools # Needed for PySpark listener`
	`8`	`+`
`7`	`9`	`RUN wget -O sgx_installer.bin https://download.01.org/intel-sgx/linux-2.3.1/ubuntu16.04/sgx_linux_x64_sdk_2.3.101.46683.bin && \`
`8`	`10`	`chmod +x ./sgx_installer.bin && \`
`9`	`11`	`echo $'no\n/usr/local' \| ./sgx_installer.bin && \`

`‎opaque-sql-docs/src/install/install.rst`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ After downloading the Opaque codebase, install necessary dependencies as follows`
`27`	`27`
`28`	`28`	`# For Ubuntu 18.04:`
`29`	`29`	`sudo apt -y install wget build-essential openjdk-8-jdk python libssl-dev libmbedtls-dev`
	`30`	`+ pip3 install grpcio grpcio-tools # Needed for PySpark listener`
`30`	`31`
`31`	`32`	`# Install a newer version of CMake (3.15)`
`32`	`33`	`wget https://github.com/Kitware/CMake/releases/download/v3.15.6/cmake-3.15.6-Linux-x86_64.sh`

`‎opaque-sql-docs/src/usage/client.rst`

Lines changed: 26 additions & 8 deletions

Original file line number	Diff line number	Diff line change
@@ -9,36 +9,54 @@ Query submission via the MC\ :sup:`2` Client
`9`	`9`	Overview of Opaque SQL running with the MC\ :sup:`2` Client
`10`	`10`
`11`	`11`
`12`		`-Starting Opaque SQL`
`13`		`-###################`
`14`		`-`
`15`		-Here we outline how to use `the client <https://github.com/mc2-project/mc2>`_ to submit queries. This is the primary method of running Opaque SQL and integrates with the rest of the MC\ :sup:`2` projects, such as `Secure XGBoost <https://github.com/mc2-project/secure-xgboost>`_.
	`12`	+In this section, we outline how to use `the client <https://github.com/mc2-project/mc2>`_ for submitting queries to Opaque SQL. This is the primary method of running Opaque SQL and integrates with the rest of the MC\ :sup:`2` projects, such as `Secure XGBoost <https://github.com/mc2-project/secure-xgboost>`_.
`16`	`13`
`17`	`14`	`.. warning::`
`18`	`15`	Note that, by default, Opaque SQL uses a pre-generated RSA private key for enclave signing located at ``${OPAQUE_HOME}/src/test/keys/mc2_test_key.pem``. This key should not be used in a production environment. This can be reconfigured by changing the environment variable ``PRIVATE_KEY_PATH`` to another key file and having the MC\ :sup:`2` Client use its public peer to verify the signature.
`19`	`16`
`20`	`17`	Running in this mode enables the driver to be located on untrusted hardware while still providing the complete security guarantees of the MC\ :sup:`2` platform.
`21`	`18`
`22`	`19`	`Starting the gRPC Listeners`
`23`		`-***************************`
	`20`	`+###########################`
`24`	`21`
`25`	`22`	Opaque SQL uses two listeners: the first for remote attestation on port 50051, and the second for query requests on port 50052. The MC\ :sup:`2` Client uses these by default to connect to the Opaque SQL driver.
`26`	`23`
	`24`	`+Opaque SQL supports running both regular (Scala) Spark as well as PySpark.`
	`25`	`+`
	`26`	`+Scala Instructions`
	`27`	`+******************`
	`28`	`+`
`27`	`29`	1. To run both listeners locally using ``sbt``:
`28`	`30`
`29`	`31`	`.. code-block:: bash`
`30`	`32`
`31`	`33`	`build/sbt run`
`32`	`34`
`33`		`-2. To launch the listener on a standalone Spark cluster:`
	`35`	`+2. To launch the listeners on a standalone Spark cluster:`
`34`	`36`
`35`	`37`	`.. code-block:: bash`
`36`	`38`
`37`	`39`	`build/sbt assembly # create a fat jar with all necessary dependencies`
`38`	`40`
`39`	`41`	`spark-submit --class edu.berkeley.cs.rise.opaque.rpc.Listener \`
`40`		`- <Spark configuration parameters> \`
`41`		`- --deploy-mode client ${OPAQUE_HOME}/target/scala-2.12/opaque-assembly-0.1.jar`
	`42`	`+ <Spark configuration parameters> \`
	`43`	`+ --deploy-mode client ${OPAQUE_HOME}/target/scala-2.12/opaque-assembly-0.1.jar`
	`44`	`+`
	`45`	`+Python Instructions`
	`46`	`+*******************`
	`47`	`+`
	`48`	`+To launch the listeners on a standalone Spark cluster:`
	`49`	`+`
	`50`	`+.. code-block:: bash`
	`51`	`+`
	`52`	`+ build/sbt assembly # create a fat jar with all necessary dependencies`
	`53`	`+`
	`54`	`+ spark-submit --class edu.berkeley.cs.rise.opaque.rpc.Listener \`
	`55`	`+ <Spark configuration parameters> \`
	`56`	`+ --deploy-mode client \`
	`57`	`+ --jars ${OPAQUE_HOME}/target/scala-2.12/opaque-assembly-0.1.jar \`
	`58`	`+ --py-files ${OPAQUE_HOME}/target/python.zip \`
	`59`	`+ ${OPAQUE_HOME}/target/python/listener.py \`
`42`	`60`
`43`	`61`	Using the MC\ :sup:`2` Client
`44`	`62`	`#############################`

`‎opaque-sql-docs/src/usage/untrusted.rst`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ Encrypting a DataFrame with the Driver`
`78`	`78`	`######################################`
`79`	`79`
`80`	`80`	`.. note::`
`81`		`- The methods shown in this section are only supported in insecure mode.`
	`81`	`+ The Opaque SQL methods shown in this section are only supported in insecure mode, since the driver needs the key for encryption/decryption.`
`82`	`82`
`83`	`83`	`1. Create an unencrypted DataFrame.`
`84`	`84`

`‎opaque-sql-docs/src/usage/usage.rst`

Lines changed: 0 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,9 +4,6 @@ Usage`
`4`	`4`
`5`	`5`	`This section goes over how to manipulate an encrypted DataFrame in either client or insecure mode.`
`6`	`6`
`7`		`-.. note::`
`8`		`- Currently, Python is only supported while running in insecure mode.`
`9`		`-`
`10`	`7`	`.. _save_df:`
`11`	`8`
`12`	`9`	`Saving a DataFrame`

`‎scripts/install.sh`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ sudo apt -y install clang-8 libssl-dev gdb libsgx-enclave-common libsgx-quote-ex`
`26`	`26`
`27`	`27`	`# Install SBT dependencies`
`28`	`28`	`sudo apt -y install wget build-essential openjdk-8-jdk python libssl-dev libmbedtls-dev`
	`29`	`+pip3 install grpcio grpcio-tools # Needed for Pyspark listener`
`29`	`30`
`30`	`31`	`# Install a newer version of CMake (3.15)`
`31`	`32`	`wget https://github.com/Kitware/CMake/releases/download/v3.15.6/cmake-3.15.6-Linux-x86_64.sh`

`‎src/main/resources/log4j.properties`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`# Set everything to be logged to the console`
`2`		`-log4j.rootCategory=INFO, console`
	`2`	`+log4j.rootCategory=WARN, console`
`3`	`3`	`log4j.appender.console=org.apache.log4j.ConsoleAppender`
`4`	`4`	`log4j.appender.console.target=System.out`
`5`	`5`	`log4j.appender.console.layout=org.apache.log4j.PatternLayout`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit a7a6308

File tree

15 files changed

15 files changed

`‎.github/scripts/build.sh`

`‎.gitignore`

`‎build.sbt`

`‎docker/Dockerfile`

`‎opaque-sql-docs/src/install/install.rst`

`‎opaque-sql-docs/src/usage/client.rst`

`‎opaque-sql-docs/src/usage/untrusted.rst`

`‎opaque-sql-docs/src/usage/usage.rst`

`‎scripts/install.sh`

`‎src/main/resources/log4j.properties`

0 commit comments