Installation
Get started and install BastionLab Client and BastionLab Server.
Pre-requisites
Technical requirements
To install BastionLab Client and BastionLab Server, ensure the following are already installed in your system:
- Python3.7 or greater (get the latest version of Python at https://www.python.org/downloads/ or with your operating systemβs package manager)
- Python Pip (PyPi), the package manager
To install BastionLab Server, you'll also need:
Here's the Docker official tutorial to set it up on your computer.
Installing BastionLab Client
From PyPI
From source
First, you'll need to clone BastionLab repository:
Then install the client library:Installing BastionLab Server
From PyPI
For testing purposes only, BastionLab server can be installed using our pip package.
Warning
This package is meant to quickly setup a running instance of the server and is particularly useful in colab notebooks. It does not provide any mean to configure the server which makes certain features impossible to use (like authentication).
For production, please use the Docker image or install the server from source.
Once installed, the server can be launched using the following script:
And stoped this way:
Using the official Docker image
Configuring the Docker image
If you want to use a custom configuration file, you can do so with the following code block:
docker create -p 50056:50056 --name bastionlab-srv mithrilsecuritysas/bastionlab:latest
docker cp <your_updated_config>.toml bastionlab-srv:/app/bin
docker start bastionlab-srv
To serve as a reference, here's the default config.toml:
client_to_enclave_untrusted_url = "https://0.0.0.0:50056"
public_keys_directory = "keys/"
session_expiry_in_secs = 1500
By locally building the Docker image
Clone the repository and build the image using the Dockerfile:
git clone https://github.com/mithril-security/bastionlab.git
cd ./bastionlab/server
docker build -t bastionlab:0.1.0 -t bastionlab:latest .
Building the Docker image with GPU access
Prerequisites
Visit the for downloading and installing the appropriate drivers.
Reboot your system and make sure your GPU is running and accessible.
Install nvidia-container-runtime
For Debian-like systems or others.
Add the nvidia-container-runtime repository to your list of repositories:
# Get the GPG key
curl -s -L https://nvidia.github.io/nvidia-container-runtime/gpgkey | \
sudo apt-key add -
# Get the distribution
distribution=$(. /etc/os-release && echo $ID$VERSION_ID)
# Add repository to list
curl -s -L https://nvidia.github.io/nvidia-container-runtime/$distribution/nvidia-container-runtime.list | \
sudo tee /etc/apt/sources.list.d/nvidia-container-runtime.list
sudo apt update
Build and run the image
Clone the repository and build the image using the Dockerfile:
git clone https://github.com/mithril-security/bastionlab.git
cd ./bastionlab/server
docker build -t bastionlab:0.3.7-gpu -f Dockerfile.gpu.sev .
docker run --gpus all --ipc=host --ulimit memlock=-1 --ulimit stack=67108864 -p 50056:50056 bastionlab:0.3.7-gpu
From source
Automated build
Before using the automated build, make sure to run it in a RHEL, Debian or Arch based linux distro. The script will detect on the run on which distro it is running.
The build.sh script must be ran inside the server's directory, it will check and install all the necessary dependencies to build the server, if needed, and then it will start building it.
Environmental variables
LIBTORCH- If the LIBTORCH envar is already set, the script will use this path to build the server.
CUDA- If the CUDA envar is already set, the script will use this path to build the server.
INSTALL_RUST_OPT- It is to set the options for rustup installation (To choose the default host, toolchain, profile, ...).
BASTIONLAB_BUILD_AS_ROOT- If it is necessary to build the project as the root user, you need to set this variable before running the script.
- If the variable is not set when running as root, the dependencies will be installed but the project will not be built.
BASTIONLAB_CPP11- If it is necessary to build the project using C++11, you need to set this variable before running the script.
- It will install and setup C++11 before building.
Flow chart
%%{ init: { 'flowchart': { 'curve': 'stepBefore' } } }%%
flowchart LR
subgraph PR[Privileges at run]
direction LR
z(Start) --> a
a{Sudo privileges?} ==Yes==> b[Run as superuser]
a -.No.-> c[Run as user] -.-> d{Dependencies\nmissing?}
d -.Yes.-> b
end
subgraph MF[Main flow]
direction LR
A[Install\ndependencies] ===> D{Ran script as user\nor flag\nBUILD_AS_ROOT is set?}
D -.Yes.-> B
B[Build server]
D ==No==> C(End)
B ---> C
end
b ==> A
d -.No.-> B
PR === MFManual build
First make sure that the following build dependencies (Debian-like systems) are installed on your machine:
Then, clone our repository:
Download and unzip libtorch (Pytorch's C++ backend) from Pytorch's website (you can chose the right build according to your cuda version):cd ./bastionlab
curl -o libtorch.zip $(. ./.env.vars && echo "${TORCH_CXX11_URL}")
unzip libtorch.zip
To run the server, use: