Update kms compose file

Author: kvinwang

kms/dstack-app/compose-dev.yaml

@@ -27,11 +27,20 @@ services:
     build:
       context: .
       dockerfile_inline: |
-        FROM rust:1.86.0@sha256:300ec56abce8cc9448ddea2172747d048ed902a3090e6b57babb2bf19f754081
+        FROM golang:1.22-alpine@sha256:1699c10032ca2582ec89a24a1312d986a3f094aed3d5c1147b19880afe40e052 AS dstack-mr-builder
+        WORKDIR /app
+        RUN apk add --no-cache git
+        RUN git clone https://github.com/kvinwang/dstack-mr.git
+        WORKDIR /app/dstack-mr
+        RUN git checkout 5cf6d917e076f3624eab1b6b662f222ece15600f
+        RUN CGO_ENABLED=0 go build -ldflags="-extldflags -static" -o /usr/local/bin/dstack-mr
+
+        FROM rust:1.86.0@sha256:300ec56abce8cc9448ddea2172747d048ed902a3090e6b57babb2bf19f754081 AS kms-builder
         WORKDIR /app
         RUN apt-get update && apt-get install -y \
             git \
             build-essential \
+            musl-tools \
             libssl-dev \
             protobuf-compiler \
             libprotobuf-dev \
@@ -43,11 +52,20 @@ services:
             cd dstack && \
             git checkout ${GIT_REV}
         WORKDIR /app/dstack
-        RUN cargo build --release -p dstack-kms
-        CMD ["./target/release/dstack-kms"]
+        RUN rustup target add x86_64-unknown-linux-musl
+        RUN cargo build --release -p dstack-kms --target x86_64-unknown-linux-musl
+
+        FROM alpine:latest
+        COPY --from=kms-builder /app/dstack/target/x86_64-unknown-linux-musl/release/dstack-kms /usr/local/bin/dstack-kms
+        COPY --from=kms-builder /app/dstack/kms/dstack-app/entrypoint.sh /entrypoint.sh
+        COPY --from=dstack-mr-builder /usr/local/bin/dstack-mr /usr/local/bin/dstack-mr
+        WORKDIR /app/kms
+        CMD ["/entrypoint.sh"]
     volumes:
       - kms-volume:/etc/kms
       - /var/run/dstack.sock:/var/run/dstack.sock
+    environment:
+      - IMAGE_DOWNLOAD_URL=${IMAGE_DOWNLOAD_URL}
     ports:
       - 8000:8000
     depends_on:

kms/dstack-app/deploy-to-vmm.sh

@@ -29,6 +29,9 @@ else
 # The address of the guest agent service listening on Host machine
 # GUEST_AGENT_ADDR=127.0.0.1:9205
 
+# The URL of the dstack app image download URL
+# IMAGE_DOWNLOAD_URL=https://files.kvin.wang/images/mr_{MR_IMAGE}.tar.gz
+
 # The URL of the Ethereum RPC service
 ETH_RPC_URL=https://rpc.phala.network
 
@@ -49,6 +52,7 @@ required_env_vars=(
   "GUEST_AGENT_ADDR"
   "KMS_CONTRACT_ADDR"
   "ETH_RPC_URL"
+  "IMAGE_DOWNLOAD_URL"
 )
 
 for var in "${required_env_vars[@]}"; do

kms/dstack-app/entrypoint.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+cat <<EOF > ./kms.toml
+[core.image]
+verify = true
+cache_dir = "./images"
+download_url = "${IMAGE_DOWNLOAD_URL}"
+download_timeout = "2m"
+EOF
+
+exec dstack-kms -c ./kms.toml

kms/src/onboard_service.rs

@@ -256,7 +256,11 @@ pub(crate) async fn update_certs(cfg: &KmsConfig) -> Result<()> {
     let k256_key_bytes = fs::read(cfg.k256_key())?;
     let k256_key = SigningKey::from_slice(&k256_key_bytes)?;
 
-    let domain = fs::read_to_string(cfg.rpc_domain())?;
+    let domain = if cfg.onboard.auto_bootstrap_domain.is_empty() {
+        fs::read_to_string(cfg.rpc_domain())?
+    } else {
+        cfg.onboard.auto_bootstrap_domain.clone()
+    };
     let domain = domain.trim();
 
     // Regenerate certificates using existing keys