Deploying & Managing Workloads

1. Deploying the Vorta Cluster

• Starting the Vorta Mainframe:

  Bash

  Copy

  ./bin/vorta-mainframe --config config/mainframe.yaml

  The Mainframe initializes, starts its API, and listens for workers.

• Starting a Vorta Worker:

  Bash

  Copy

  ./bin/vorta-worker --config config/worker.yaml --node-id worker-01-zoneA

  The worker registers with the Mainframe.

• Deploying Smart Contracts (Optional):

  If using blockchain components:

  Bash

  Copy

  cd contracts
  forge script script/DeployVortaRegistry.s.sol --rpc-url $RPC_URL --private-key $PRIV_KEY --broadcast

2. Preparing a Secure Workload

• Create a Dockerfile for your application (e.g., AI model, ZK verifier).

• Build and Push the Docker image to a registry accessible by workers.

• Prepare a Gramine Manifest Template for your application, specifying how it runs in SGX.

3. Submitting a Job

• Define a Job Specification (example_job.json):

  JSON

  Copy

  {
    "job_name": "secure_computation_task_001",
    "workload": {
      "container_image": "your-repo/your-secure-app:v1",
      "entrypoint": "/app/run_app.sh",
      "sgx_requirements": { "min_epc_mb": 64 }
    },
    "inputs": [ { "name": "input_data", "source_url": "s3://bucket/input.dat", "mount_path": "/data/input.dat" } ],
    "outputs": [ { "name": "output_data", "destination_url": "s3://bucket/output.dat", "path_in_enclave": "/app/results/output.dat" } ],
    "attestation_policy": {
      "required_mrenclave": "expected_mrenclave_for_app_v1",
      "required_mrsigner": "expected_mrsigner_for_your_org"
    }
  }

• Submit using vorta-cli (Placeholder Command):

  Bash

  Copy

  vorta-cli submit \
    --endpoint http://<mainframe-ip-or-dns>:50051 \
    --job-spec ./jobs/example_job.json

4. Monitoring Job Status and Cluster Health

• Get Job Status:

  Bash

  Copy

  vorta-cli status --job-id <job_id> --endpoint <mainframe_api_url>

• List All Jobs:

  Bash

  Copy

  vorta-cli list-jobs --endpoint <mainframe_api_url>

• View Cluster Metrics: Via Prometheus scraping the Mainframe's /metrics endpoint and visualizing in Grafana.

5. Retrieving Attestation Reports and Results

• Get Attestation Report for a Job:

  Bash

  Copy

  vorta-cli get-attestation --job-id <job_id> --output-file attestation_report.json --endpoint <mainframe_api_url>

  The report contains the SGX quote and collateral for independent verification.

• Accessing Job Outputs: Outputs are available at the destination_url specified in the job spec upon successful, attested completion.

📄 Page: Example: ZK-Proof Verification Job

This page details submitting a specific ZK-Proof verification job.

• Job Spec for ZKP (zkp_verify_job.json):

  JSON

  Copy

  {
    "job_name": "verify_payment_proof_tx123",
    "job_type": "zkp_verification",
    "workload": {
      "container_image": "vorta/rust-groth16-verifier:0.2.1",
      "entrypoint": "/app/verify_groth16",
      "command_args": [
        "--vk-path", "/mnt/proof_data/vk.bin",
        "--proof-path", "/mnt/proof_data/proof.bin",
        "--public-inputs-path", "/mnt/proof_data/inputs.json"
      ],
      "sgx_requirements": { "min_epc_mb": 128 }
    },
    "inputs": [
      { "name": "vk", "source_url": "...", "mount_path": "/mnt/proof_data/vk.bin" },
      { "name": "proof", "source_url": "...", "mount_path": "/mnt/proof_data/proof.bin" },
      { "name": "public_inputs", "source_url": "...", "mount_path": "/mnt/proof_data/inputs.json" }
    ],
    "outputs": [
      { "name": "result", "destination_url": "...", "path_in_enclave": "/app/outputs/verification_result.txt" }
    ],
    "attestation_policy": {
      "required_mrenclave": "zkp_verifier_v1_mrenclave_hash",
      "required_mrsigner": "vorta_official_signing_key_mrsigner_hash"
    }
  }

• Submission:

  Bash

  Copy

  vorta-cli submit --job-spec ./zkp_verify_job.json --endpoint <mainframe_api_url>