1+ ---
2+ toc_max_heading_level : 4
3+ ---
4+
15# ` rofl.yaml ` Manifest File
26
37## Metadata {#metadata}
@@ -61,42 +65,44 @@ Each app running in ROFL can request different storage options, depending on its
6165use case. The storage kind is specified in the `kind` field with the following
6266values currently supported :
6367
64- - ` disk-persistent` provisions a persistent disk of the given size. The disk is
68+ - `disk-persistent` : Provisions a persistent disk of the given size. The disk is
6569 encrypted and authenticated using a key derived by the decentralized on-chain
6670 key management system after successful attestation.
6771
68- - ` disk-ephemeral` provisions an ephemeral disk of the given size. The disk is
72+ - `disk-ephemeral` : Provisions an ephemeral disk of the given size. The disk is
6973 encrypted and authenticated using an ephemeral key randomly generated on each
7074 boot.
7175
72- - ` ram` provisions an ephemeral filesystem entirely contained in encrypted
76+ - `ram` : Provisions an ephemeral filesystem entirely contained in encrypted
7377 memory.
7478
75- - ` none` does not provision any kind of storage. Specifying this option will not
76- work for containerized apps.
79+ - `none` : Does not provision any kind of storage. Specifying this option will
80+ not work for containerized apps.
7781
7882The `size` argument defines the amount of storage to provision in megabytes.
7983
80- # # Deployments (`deployments`)
84+ # # Deployments (`deployments`) {#deployments}
8185
8286This section contains ROFL deployments on specific networks.
8387
84- # ## `<deployment name>`
88+ # ## `<deployment_name>`
89+
90+ User-defined deployment name.
8591
8692# ### `policy`
8793
8894Contains the policy under which the app will be allowed to spin up :
8995
90- - `quotes` : defines a TEE-specific policy requirements such as the TCB validity
96+ - `quotes` : A TEE-specific policy requirements such as the TCB validity
9197 period, and the minimum TCB-R number which indicates what security updates
9298 must be applied to the given platform.
93- - `enclaves` : defines the allowed enclave IDs for running this app.
94- - `endorsements` : a list of conditions that define who can run this app.
95- - `- any : {}`: any node is allowed to run the app.
96- - `- node : <node_id>`: node with a specific node ID is allowed to run the app.
97- - `- provider : <address>`: nodes belonging to the specified ROFL provider
99+ - `enclaves` : Allowed enclave IDs for running this app.
100+ - `endorsements` : A list of conditions that define who can run this app.
101+ - `- any : {}`: Any node is allowed to run the app.
102+ - `- node : <node_id>`: Node with a specific node ID is allowed to run the app.
103+ - `- provider : <address>`: Nodes belonging to the specified ROFL provider
98104 are allowed to run the app.
99- - `- provider_instance_admin : <address>`: machines having the specified admin
105+ - `- provider_instance_admin : <address>`: Machines having the specified admin
100106 are allowed to run the app.
101107
102108 You can also nest conditions with `and` and `or` operators. For example :
@@ -113,6 +119,22 @@ Contains the policy under which the app will be allowed to spin up:
113119 In the example the app will only run on a specified provider and on machines
114120 owned by either of the two admin addresses.
115121
116- - `fees : <fee_policy>`: who pays for the registration and other fees:
117- - `endorsing_node` : the node running the app pays the fees.
122+ - `fees : <fee_policy>`: Who pays for the registration and other fees:
123+ - `endorsing_node` : The node running the app pays the fees.
118124 - `instance` : The app instance pays the fees.
125+
126+ # ### `machines`
127+
128+ Contains machines which the specific app deployment lives on. A new `default`
129+ machine is created during [`oasis rofl deploy`] if none exists yet. Otherwise,
130+ the existing machine is considered for redeployment of the app.
131+
132+ - `<machine_name>` : User-defined machine name.
133+ - `provider : <provider_address>`: Oasis native address of the ROFL provider
134+ hosting the machine.
135+ - `offer : <offer_name>`: The name of the offer used.
136+ - `id : <machine_id>`: Unique ID of the machine per provider.
137+ - `permissions` (optional) : ROFL scheduler-specific permissions.
138+ - `log.view` : List of Oasis native addresses that can access machine logs
139+
140+ [`oasis rofl deploy`] : https://github.com/oasisprotocol/cli/blob/master/docs/rofl.md#deploy
0 commit comments