Deploying & Managing Workloads

1. Deploying the Vorta Cluster

Starting the Vorta Mainframe:
Bash
```
./bin/vorta-mainframe --config config/mainframe.yaml
```
The Mainframe initializes, starts its API, and listens for workers.

Starting a Vorta Worker:

Bash

./bin/vorta-worker --config config/worker.yaml --node-id worker-01-zoneA

The worker registers with the Mainframe.

Deploying Smart Contracts (Optional):

If using blockchain components:

Bash

cd contracts
forge script script/DeployVortaRegistry.s.sol --rpc-url $RPC_URL --private-key $PRIV_KEY --broadcast

2. Preparing a Secure Workload

Create a Dockerfile for your application (e.g., AI model, ZK verifier).
Build and Push the Docker image to a registry accessible by workers.
Prepare a Gramine Manifest Template for your application, specifying how it runs in SGX.

3. Submitting a Job

Define a Job Specification (example_job.json):

JSON

{
  "job_name": "secure_computation_task_001",
  "workload": {
    "container_image": "your-repo/your-secure-app:v1",
    "entrypoint": "/app/run_app.sh",
    "sgx_requirements": { "min_epc_mb": 64 }
  },
  "inputs": [ { "name": "input_data", "source_url": "s3://bucket/input.dat", "mount_path": "/data/input.dat" } ],
  "outputs": [ { "name": "output_data", "destination_url": "s3://bucket/output.dat", "path_in_enclave": "/app/results/output.dat" } ],
  "attestation_policy": {
    "required_mrenclave": "expected_mrenclave_for_app_v1",
    "required_mrsigner": "expected_mrsigner_for_your_org"
  }
}

Submit using vorta-cli (Placeholder Command):

Bash

vorta-cli submit \
  --endpoint http://<mainframe-ip-or-dns>:50051 \
  --job-spec ./jobs/example_job.json

4. Monitoring Job Status and Cluster Health

Get Job Status:

Bash

vorta-cli status --job-id <job_id> --endpoint <mainframe_api_url>

List All Jobs:

Bash

vorta-cli list-jobs --endpoint <mainframe_api_url>

View Cluster Metrics: Via Prometheus scraping the Mainframe's /metrics endpoint and visualizing in Grafana.

5. Retrieving Attestation Reports and Results

Get Attestation Report for a Job:
Bash
```
vorta-cli get-attestation --job-id <job_id> --output-file attestation_report.json --endpoint <mainframe_api_url>
```
The report contains the SGX quote and collateral for independent verification.
Accessing Job Outputs: Outputs are available at the destination_url specified in the job spec upon successful, attested completion.

📄 Page: Example: ZK-Proof Verification Job

This page details submitting a specific ZK-Proof verification job.

Job Spec for ZKP (zkp_verify_job.json):

JSON

{
  "job_name": "verify_payment_proof_tx123",
  "job_type": "zkp_verification",
  "workload": {
    "container_image": "vorta/rust-groth16-verifier:0.2.1",
    "entrypoint": "/app/verify_groth16",
    "command_args": [
      "--vk-path", "/mnt/proof_data/vk.bin",
      "--proof-path", "/mnt/proof_data/proof.bin",
      "--public-inputs-path", "/mnt/proof_data/inputs.json"
    ],
    "sgx_requirements": { "min_epc_mb": 128 }
  },
  "inputs": [
    { "name": "vk", "source_url": "...", "mount_path": "/mnt/proof_data/vk.bin" },
    { "name": "proof", "source_url": "...", "mount_path": "/mnt/proof_data/proof.bin" },
    { "name": "public_inputs", "source_url": "...", "mount_path": "/mnt/proof_data/inputs.json" }
  ],
  "outputs": [
    { "name": "result", "destination_url": "...", "path_in_enclave": "/app/outputs/verification_result.txt" }
  ],
  "attestation_policy": {
    "required_mrenclave": "zkp_verifier_v1_mrenclave_hash",
    "required_mrsigner": "vorta_official_signing_key_mrsigner_hash"
  }
}

Submission:

Bash

vorta-cli submit --job-spec ./zkp_verify_job.json --endpoint <mainframe_api_url>

PreviousConfiguration NextAPI Reference

Last updated 7 months ago