Add MySQL server example

mysql/Makefile

@@ -0,0 +1,43 @@
+ARCH_LIBDIR ?= /lib/$(shell $(CC) -dumpmachine)
+UID ?= $(shell id -u)
+GID ?= $(shell id -g)
+
+ifeq ($(DEBUG),1)
+GRAMINE_LOG_LEVEL = debug
+else
+GRAMINE_LOG_LEVEL = error
+endif
+
+.PHONY: all
+all: mysqld.manifest
+ifeq ($(SGX),1)
+all: mysqld.manifest.sgx mysqld.sig
+endif
+
+mysqld.manifest: mysqld.manifest.template
+	gramine-manifest \
+        -Dlog_level=$(GRAMINE_LOG_LEVEL) \
+        -Darch_libdir=$(ARCH_LIBDIR) \
+        -Duid=$(UID) \
+        -Dgid=$(GID) \
+        -Dentrypoint=$(realpath $(shell sh -c "command -v mysqld")) \
+         $< >$@
+
+# Make on Ubuntu <= 20.04 doesn't support "Rules with Grouped Targets" (`&:`),
+# for details on this workaround see
+# https://github.com/gramineproject/gramine/blob/e8735ea06c/CI-Examples/helloworld/Makefile
+mysqld.manifest.sgx mysqld.sig: sgx_sign
+	@:
+
+.INTERMEDIATE: sgx_sign
+sgx_sign: mysqld.manifest
+	gramine-sgx-sign \
+        --manifest $< \
+        --output $<.sgx
+
+.PHONY: clean
+clean:
+	$(RM) *.sig *.manifest.sgx *.manifest
+
+.PHONY: distclean
+distclean: clean

mysql/README.md

@@ -0,0 +1,54 @@
+# MySQL example
+
+This example was tested with MySQL version 8.0.35 and Ubuntu 20.04.
+
+This directory contains an example for running MySQL server in Gramine,
+including the Makefile and a template for generating the manifest.
+
+## Pre-requisites
+
+- `sudo apt-get install mysql-server` to install MySQL server.
+- `sudo sed -i "s|^\(log_error.*\)|#\1|g" /etc/mysql/mysql.conf.d/mysqld.cnf`
+  to see the MySQL logs on console instead of log file.
+- `sudo systemctl stop mysql.service` to stop the default MySQL service. We
+  will manually run MySQL process.
+- `sudo mkdir /var/run/mysqld && sudo chown -R $USER:$USER /var/run/mysqld`
+  to allow MySQL server to create socket file `mysqld.sock`.
+- `sudo chown -R $USER:$USER /var/lib/mysql-files` to allow running MySQL
+  server under the current non-root user.
+- `mysqld --initialize-insecure --datadir=/tmp/mysql-data` to initialize data
+  directory. For details on '--initialize-insecure', please see the
+  https://dev.mysql.com/doc/mysql-linuxunix-excerpt/5.7/en/data-directory-initialization.html
+  page.
+
+## Build
+
+Run `make` to build the non-SGX version and `make SGX=1` to build the SGX
+version.
+
+## Run
+
+Execute any one of the following commands to run the workload:
+
+- Natively: `mysqld --datadir /tmp/mysql-data`.
+- Gramine w/o SGX: `gramine-direct mysqld --datadir /tmp/mysql-data`.
+- Gramine with SGX: `gramine-sgx mysqld --datadir /tmp/mysql-data`.
+
+## Testing client connection and running Sysbench
+
+Run below commands from new terminal:
+
+- `mysql -P 3306 --protocol=tcp -u root` to connect a client to MySQL server.
+- `mysql> exit` to disconnect the client.
+
+Run Sysbench:
+
+- `sudo apt install -y sysbench` to install Sysbench.
+- `sudo mysqladmin -h 127.0.0.1 -P 3306 create sbtest` to create test database.
+
+- `sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=sbtest --time=20 --report-interval=5 oltp_read_write --tables=2 --table_size=100000 --threads=32 prepare`
+  to create records in test database.
+- `sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=sbtest --time=20 --report-interval=5 oltp_read_write --tables=2 --table_size=100000 --threads=32 run`
+  to run the Sysbench benchmarks.
+- `sysbench --db-driver=mysql --mysql-host=127.0.0.1 --mysql-port=3306 --mysql-user=root --mysql-db=sbtest --time=20 --report-interval=5 oltp_read_write --tables=2 --table_size=100000 --threads=32 cleanup`
+  to delete the records from test database.

mysql/mysqld.manifest.template

@@ -0,0 +1,43 @@
+# MySQL manifest example
+
+loader.entrypoint = "file:{{ gramine.libos }}"
+libos.entrypoint = "{{ entrypoint }}"
+
+loader.log_level = "{{ log_level }}"
+
+loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/lib:/usr/{{ arch_libdir }}"
+
+loader.insecure__use_cmdline_argv = true
+sys.enable_sigterm_injection = true
+
+sgx.nonpie_binary = true
+sgx.enclave_size = "8G"
+sgx.max_threads = {{ '1' if env.get('EDMM', '0') == '1' else '128' }}
+
+loader.uid = {{ uid }}
+loader.gid = {{ gid }}
+
+fs.mounts = [
+  { path = "/lib", uri = "file:{{ gramine.runtimedir() }}" },
+  { path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" },
+  { path = "/usr/{{ arch_libdir }}", uri = "file:/usr/{{ arch_libdir }}" },
+  { path = "{{ entrypoint }}", uri = "file:{{ entrypoint }}" },
+  { path = "/usr/lib/mysql", uri = "file:/usr/lib/mysql" },
+  { path = "/var/lib/mysql-files", uri = "file:/var/lib/mysql-files" },
+  { path = "/var/run/mysqld", uri = "file:/var/run/mysqld" },
+  { path = "/tmp", uri = "file:/tmp" },
+]
+
+sgx.trusted_files = [
+  "file:{{ gramine.libos }}",
+  "file:{{ entrypoint }}",
+  "file:{{ gramine.runtimedir() }}/",
+  "file:{{ arch_libdir }}/",
+  "file:/usr/{{ arch_libdir }}/",
+  "file:/usr/lib/mysql/",
+]
+
+sgx.allowed_files = [
+  "file:/var/run/mysqld/",
+  "file:/tmp/",     # MySQL data will be stored in plaintext; this is insecure!
+]