merge

worldcoin · Jan 8, 2025 · 0e20fb5 · 0e20fb5
2 parents 6777942 + a659204
commit 0e20fb5
Show file tree

Hide file tree

Showing 49 changed files with 2,109 additions and 700 deletions.
diff --git a/.github/workflows/temp-branch-build-and-push.yaml b/.github/workflows/temp-branch-build-and-push.yaml
@@ -0,0 +1,47 @@
+name: Branch - Build and push docker image
+
+on:
+  push:
+    branches:
+      - "ps/potential-phantom-match"
+
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+  cancel-in-progress: true
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  docker:
+    runs-on:
+      labels: ubuntu-22.04-64core
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and Push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -32,10 +32,11 @@ bytemuck = { version = "1.17", features = ["derive"] }
 dotenvy = "0.15"
 eyre = "0.6"
 futures = "0.3.30"
-hawk-pack = { git = "https://github.com/Inversed-Tech/hawk-pack.git", rev = "29e888ed" }
+hawk-pack = { git = "https://github.com/Inversed-Tech/hawk-pack.git", rev = "ba995e09" }
 hex = "0.4.3"
 itertools = "0.13"
 num-traits = "0.2"
+memmap2 = "0.9.5"
 serde = { version = "1.0", features = ["derive"] }
 serde-big-array = "0.5.1"
 serde_json = "1"

diff --git a/Dockerfile.nocuda b/Dockerfile.nocuda
@@ -29,12 +29,12 @@ FROM --platform=linux/amd64 build-image as build-app
 WORKDIR /src/gpu-iris-mpc
 COPY . .
 
-RUN cargo build --release --target x86_64-unknown-linux-gnu --bin seed-v1-dbs --bin upgrade-server --bin upgrade-client --bin upgrade-checker --bin reshare-server  --bin reshare-server --bin reshare-client
+RUN cargo build --release --target x86_64-unknown-linux-gnu --bin seed-v1-dbs --bin upgrade-server --bin upgrade-client --bin upgrade-checker --bin reshare-server  --bin reshare-server --bin reshare-client --bin key-manager
 
 FROM --platform=linux/amd64 ubuntu:22.04
 ENV DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update && apt-get install -y ca-certificates
+RUN apt-get update && apt-get install -y ca-certificates awscli
 COPY certs /usr/local/share/ca-certificates/
 RUN update-ca-certificates
 
@@ -44,6 +44,7 @@ COPY --from=build-app /src/gpu-iris-mpc/target/x86_64-unknown-linux-gnu/release/
 COPY --from=build-app /src/gpu-iris-mpc/target/x86_64-unknown-linux-gnu/release/upgrade-checker /bin/upgrade-checker
 COPY --from=build-app /src/gpu-iris-mpc/target/x86_64-unknown-linux-gnu/release/reshare-server /bin/reshare-server
 COPY --from=build-app /src/gpu-iris-mpc/target/x86_64-unknown-linux-gnu/release/reshare-client /bin/reshare-client
+COPY --from=build-app /src/gpu-iris-mpc/target/x86_64-unknown-linux-gnu/release/key-manager /bin/key-manager
 
 USER 65534
 ENTRYPOINT ["/bin/upgrade-server"]
diff --git a/deny.toml b/deny.toml
@@ -11,6 +11,7 @@ ignore = [
     { id = "RUSTSEC-2024-0388", reason = "waiting for `mongodb` crate to remove the deprecated dependency" },
     { id = "RUSTSEC-2024-0402", reason = "wating for `index-map` crate to remove the dependency" },
     { id = "RUSTSEC-2024-0421", reason = "wating for `mongodb` crate to remove the dependency" },
+    { id = "RUSTSEC-2024-0421", reason = "waiting for `mongodb` crate to remove the deprecated dependency" },
 ]
 
 [sources]

diff --git a/deploy/e2e/iris-mpc-0.yaml.tpl b/deploy/e2e/iris-mpc-0.yaml.tpl
@@ -0,0 +1,221 @@
+iris-mpc-0:
+  fullnameOverride: "iris-mpc-0"
+  image: "ghcr.io/worldcoin/iris-mpc:$IRIS_MPC_IMAGE_TAG"
+
+  environment: $ENV
+  replicaCount: 1
+
+  strategy:
+    type: Recreate
+
+  datadog:
+    enabled: false
+
+  ports:
+    - containerPort: 3000
+      name: health
+      protocol: TCP
+
+  livenessProbe:
+    httpGet:
+      path: /health
+      port: health
+
+  readinessProbe:
+    periodSeconds: 30
+    httpGet:
+      path: /ready
+      port: health
+
+  startupProbe:
+    initialDelaySeconds: 60
+    failureThreshold: 40
+    periodSeconds: 30
+    httpGet:
+      path: /ready
+      port: health
+
+  podSecurityContext:
+    runAsNonRoot: false
+    seccompProfile:
+      type: RuntimeDefault
+
+  resources:
+    limits:
+      cpu: 31
+      memory: 60Gi
+      nvidia.com/gpu: 1
+
+    requests:
+      cpu: 30
+      memory: 55Gi
+      nvidia.com/gpu: 1
+
+  imagePullSecrets:
+    - name: github-secret
+
+  nodeSelector:
+    kubernetes.io/arch: amd64
+
+  hostNetwork: false
+
+  tolerations:
+    - key: "gpuGroup"
+      operator: "Equal"
+      value: "dedicated"
+      effect: "NoSchedule"
+
+  keelPolling:
+    # -- Specifies whether keel should poll for container updates
+    enabled: true
+
+  libsDir:
+    enabled: true
+    path: "/libs"
+    size: 2Gi
+    files:
+      - path: "/usr/local/cuda-12.2/targets/x86_64-linux/lib/libcublasLt.so.12.2.5.6"
+        file: "libcublasLt.so.12.2.5.6"
+      - path: "/usr/local/cuda-12.2/targets/x86_64-linux/lib/libcublas.so.12.2.5.6"
+        file: "libcublas.so.12.2.5.6"
+
+  preStop:
+    # preStop.sleepPeriod specifies the time spent in Terminating state before SIGTERM is sent
+    sleepPeriod: 10
+
+  # terminationGracePeriodSeconds specifies the grace time between SIGTERM and SIGKILL
+  terminationGracePeriodSeconds: 180 # 3x SMPC__PROCESSING_TIMEOUT_SECS
+
+  env:
+    - name: RUST_LOG
+      value: "info"
+
+    - name: AWS_REGION
+      value: "$AWS_REGION"
+
+    - name: AWS_ENDPOINT_URL
+      value: "http://localstack:4566"
+
+    - name: RUST_BACKTRACE
+      value: "full"
+
+    - name: NCCL_SOCKET_IFNAME
+      value: "eth0"
+
+    - name: NCCL_COMM_ID
+      value: "iris-mpc-0.svc.cluster.local:4000"
+
+    - name: SMPC__ENVIRONMENT
+      value: "$ENV"
+
+    - name: SMPC__AWS__REGION
+      value: "$AWS_REGION"
+
+    - name: SMPC__SERVICE__SERVICE_NAME
+      value: "smpcv2-server-$ENV"
+
+    - name: SMPC__DATABASE__URL
+      valueFrom:
+        secretKeyRef:
+          key: DATABASE_AURORA_URL
+          name: application
+
+    - name: SMPC__DATABASE__MIGRATE
+      value: "true"
+
+    - name: SMPC__DATABASE__CREATE
+      value: "true"
+
+    - name: SMPC__DATABASE__LOAD_PARALLELISM
+      value: "8"
+
+    - name: SMPC__REQUESTS_QUEUE_URL
+      value: "arn:aws:sns:eu-central-1:000000000000:iris-mpc-input"
+
+    - name: SMPC__RESULTS_TOPIC_ARN
+      value: "arn:aws:sns:eu-central-1:000000000000:iris-mpc-results"
+
+    - name: SMPC__PROCESSING_TIMEOUT_SECS
+      value: "60"
+
+    - name: SMPC__PATH
+      value: "/data/"
+
+    - name: SMPC__KMS_KEY_ARNS
+      value: '["arn:aws:kms:$AWS_REGION:000000000000:key/00000000-0000-0000-0000-000000000000","arn:aws:kms:$AWS_REGION:000000000000:key/00000000-0000-0000-0000-000000000001","arn:aws:kms:$AWS_REGION:000000000000:key/00000000-0000-0000-0000-000000000002"]'
+
+    - name: SMPC__PARTY_ID
+      value: "0"
+
+    - name: SMPC__PUBLIC_KEY_BASE_URL
+      value: "http://wf-$ENV-public-keys.s3.localhost.localstack.cloud:4566"
+
+    - name: SMPC__ENABLE_S3_IMPORTER
+      value: "false"
+
+    - name: SMPC__SHARES_BUCKET_NAME
+      value: "wf-smpcv2-stage-sns-requests"
+
+    - name: SMPC__CLEAR_DB_BEFORE_INIT
+      value: "true"
+
+    - name: SMPC__INIT_DB_SIZE
+      value: "80000"
+
+    - name: SMPC__MAX_DB_SIZE
+      value: "110000"
+
+    - name: SMPC__MAX_BATCH_SIZE
+      value: "64"
+
+    - name: SMPC__SERVICE__METRICS__HOST
+      valueFrom:
+        fieldRef:
+          fieldPath: status.hostIP
+
+    - name: SMPC__SERVICE__METRICS__PORT
+      value: "8125"
+
+    - name: SMPC__SERVICE__METRICS__QUEUE_SIZE
+      value: "5000"
+
+    - name: SMPC__SERVICE__METRICS__BUFFER_SIZE
+      value: "256"
+
+    - name: SMPC__SERVICE__METRICS__PREFIX
+      value: "smpcv2-$ENV-0"
+
+    - name: SMPC__RETURN_PARTIAL_RESULTS
+      value: "true"
+
+    - name: SMPC__NODE_HOSTNAMES
+      value: '["iris-mpc-0.svc.cluster.local","iris-mpc-1.svc.cluster.local","iris-mpc-2.svc.cluster.local"]'
+
+    - name: SMPC__IMAGE_NAME
+      value: "ghcr.io/worldcoin/iris-mpc:$IRIS_MPC_IMAGE_TAG"
+
+  initContainer:
+    enabled: true
+    image: "ghcr.io/worldcoin/iris-mpc:2694d8cbb37c278ed84951ef9aac3af47b21f146" # no-cuda image
+    name: "iris-mpc-0-copy-cuda-libs"
+    env:
+      - name: AWS_REGION
+        value: "$AWS_REGION"
+      - name: PARTY_ID
+        value: "1"
+      - name: MY_NODE_IP
+        valueFrom:
+          fieldRef:
+            fieldPath: status.hostIP
+    configMap:
+      name: "iris-mpc-0-init"
+      init.sh: |
+        #!/usr/bin/env bash
+        set -e
+
+        cd /libs
+
+        aws s3 cp s3://wf-smpcv2-stage-libs/libcublas.so.12.2.5.6 .
+        aws s3 cp s3://wf-smpcv2-stage-libs/libcublasLt.so.12.2.5.6 .
+
+        key-manager --node-id 0 --env $ENV --endpoint-url "http://localstack:4566" rotate --public-key-bucket-name wf-$ENV-stage-public-keys --region $AWS_REGION