-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathclickhouse.manifest.template
More file actions
executable file
·115 lines (103 loc) · 4.29 KB
/
clickhouse.manifest.template
File metadata and controls
executable file
·115 lines (103 loc) · 4.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# This is a general manifest template for running DuckDB.
# Don't use this manifest in production
loader.entrypoint = "file:{{ gramine.libos }}"
libos.entrypoint = "/usr/bin/clickhouse-server"
#libos.entrypoint = "/usr/bin/ls"
#libos.entrypoint = "{{ execdir }}/clickhouse/clickhouse"
#loader.log_level = "{{ log_level }}"
loader.log_level = "trace"
#loader.log_level = "debug"
#loader.log_level = "error"
# This is to enable calling the benchmark securely with different scripts
loader.insecure__use_cmdline_argv = true
loader.insecure__use_host_env = true
sys.insecure__allow_eventfd = true
#loader.insecure__use_host_env = true
#loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}"
#loader.env.PATH = "{{ execdir }}"
# Set HOME to suppress "warning: cannot find home directory"
#loader.env.HOME = "/"
#loader.env.MALLOC_ARENA_MAX = "1"
fs.mounts = [
{ path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
{ path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
{ path = "/bin", uri = "file:/bin" },
{ path = "/usr/bin", uri = "file:/usr/bin" },
{ path = "/etc", uri = "file:/etc" },
{ path = "/usr/share/zoneinfo", uri = "file:/usr/share/zoneinfo" },
{ path = "/usr/{{ arch_libdir }}", uri = "file:/usr/{{ arch_libdir }}" },
{ path = "/tmp", uri = "file:/tmp" },
{ path = "/usr/local/lib/python3.11/dist-packages", uri = "file:/usr/local/lib/python3.11/dist-packages" },
{ path = "/usr/lib/python3/dist-packages", uri = "file:/usr/lib/python3/dist-packages" },
{ path = "/usr/lib/python3.11", uri = "file:/usr/lib/python3.11" },
{ path = "{{ execdir }}", uri = "file:{{ execdir }}" },
]
# Unfortunately, non-SGX Gramine cannot use special keys such as "_sgx_mrenclave", so for this
# example to work on both non-SGX and SGX versions we hardcode a dummy key. In SGX production case,
# it is recommended to remove this insecure key and instead use "_sgx_mrenclave"/"_sgx_mrsigner".
fs.insecure__keys.default = "ffeeddccbbaa99887766554433221100"
sgx.debug = true
sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
sgx.enclave_size = "32G"
# Do not change the number of maximum threads
sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '256' }}
#sgx.enable_stats = true
sgx.preheat_enclave = true
#sgx.profile.mode = "ocall_inner"
#sgx.profile.with_stack = 1
sgx.trusted_files = [
"file:{{ gramine.libos }}",
"file:{{ gramine.runtimedir() }}/",
"file:{{ arch_libdir }}/",
#"file:/usr/bin/clickhouse-server",
#"file:/usr/bin/clickhouse",
"file:/bin/",
"file:/usr/bin/",
"file:/usr/{{ arch_libdir }}/",
"file:/usr/lib/",
"file:clickhouse-encrypted/benchmark_clickhouse.py",
#"file:/usr/bin/clickhouse-client",
"file:/usr/local/lib/python3.11/dist-packages/",
"file:/usr/lib/python3/dist-packages/",
"file:/usr/lib/python3.11/",
#"file:/usr/lib/python3/dist-packages/duckdb/",
#"file:{{ execdir }}/clickhouse/clickhouse",
]
sgx.allowed_files = [
"file:duckdb/log.txt",
"file:duckdb/my-db.duckdb",
"file:duckdb/queries.sql",
"file:duckdb-parquet/my-db.duckdb.wal",
"file:/tmp/testfile",
"file:duckdb-parquet/log.txt",
"file:duckdb-parquet/queries.sql",
"file:duckdb-parquet-partitioned/log.txt",
"file:duckdb-parquet-partitioned/queries.sql",
"file:duckdb/my-db.duckdb.wal",
"file:duckdb/explain.txt",
"file:duckdb/explain_query.sql",
"file:duckdb-parquet/my-db.duckdb",
"file:duckdb-parquet-partitioned/hits_encrypted.parquet/",
"file:duckdb-parquet/hits.parquet",
"file:duckdb-parquet-partitioned/my-db.duckdb",
"file:duckdb-parquet-partitioned/my-db.duckdb.wal",
"file:duckdb-parquet-encrypted/my-db.duckdb",
"file:duckdb-parquet-encrypted/my-db.duckdb.wal",
"file:duckdb-parquet-encrypted/log.txt",
"file:duckdb-parquet-encrypted/queries.sql",
"file:duckdb-parquet-encrypted/hits_encrypted.parquet",
"file:clickhouse/clickhouse",
"file:clickhouse/status",
"file:clickhouse/result.csv",
"file:clickhouse/queries.sql",
"file:clickhouse-encrypted/clickhouse",
"file:clickhouse-encrypted/status",
"file:clickhouse-encrypted/result.csv",
"file:clickhouse-encrypted/queries.sql",
"file:/etc/",
"file:/usr/share/zoneinfo/",
"file:/data/clickhouse-encrypted/",
"file:/usr/share/dpkg/cputable",
"file:/usr/lib/python3/dist-packages/__pycache__/",
"file:/usr/lib/python3.11/__pycache__/",
]