《云原生机密计算最佳实践白皮书》——07解决方案——Intel Confidential Computing Zoo: Intel机密计算开源解决方案——部署TensorFlow Serving在线推理服务(2) https://developer.aliyun.com/article/1230818?groupCode=aliyun_linux
步骤二:部署Anolis OS SGX端
1、下载本实践所用的TensorFlow Serving脚本代码
git clone https://github.com/intel/confifidential-computing-zoo.git cd confifidential-computing-zoo/cczoo/tensorflflow-serving-cluster/tensorflflow-serving/docker/ tf_serving/
2、复制客户端的 ssl_confifigure 和 models 目录到Anolis OS SGX中的 tf_serving 目录中
scp -r tf@192.168.XX.XX:/<Tensorflflow_Serving>/client/models <Tensorflflow_Serving>/dock er/tf_serving scp -r tf@192.168.XX.XX<Tensorflflow_Serving>/client/ssl_confifigure <Tensorflflow_Serving>/ docker/tf_serving
3、创建TensorFlow Serving镜像
用户可以通过下面任意方式获取TensorFlow Serving镜像:
• a. 切换到secrec_prov_server目录
sudo docker pull intelcczoo/tensorflflow_serving:anolis_tensorflflow_serving_latest
• b. 自行编译TensorFlow Serving镜像
sudo ./build_gramine_tf_serving_image.sh image_tag
4、配置域名访问
sudo sh -c 'echo "remote_ip attestation.service.com" >> /etc/hosts' #remote_ip请修改为客户端IP
说明:当客户端与vSGX端部署在同一台ECS实例上, remote_ip 为容器IP
5、运行TensorFlow Serving
cp ssl_confifigure/ssl.cfg . sudo ./run_gramine_tf_serving.sh -i ${image_id} -p 8500-8501 -m resnet50-v15-fp32 -s ssl.cfg -a attestation.service.com:remote_ip
说明: ${image_id} 需修改为TensorFlow Serving的 image id 。 -p 8500-8501为TensorFlow Serving对应主机的端口。 remote_ip 需修改为 secret prov server 所在机器的IP或者容器IP(TF Serving与secretprov sever位于同一台机器)
《云原生机密计算最佳实践白皮书》——07解决方案——Intel Confidential Computing Zoo: Intel机密计算开源解决方案——部署TensorFlow Serving在线推理服务(4) https://developer.aliyun.com/article/1230816?groupCode=aliyun_linux
