Skip to content

feat(deploy_tee): seismic-tee status + configure progress bar for LUKS wipe#45

Merged
samlaf merged 1 commit into
mainfrom
seismic-tee-status-progress
Jun 30, 2026
Merged

feat(deploy_tee): seismic-tee status + configure progress bar for LUKS wipe#45
samlaf merged 1 commit into
mainfrom
seismic-tee-status-progress

Conversation

@samlaf

@samlaf samlaf commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Add seismic-tee status --node <descriptor>: polls enclave-server's getLuksProvisioningStatus (:7878) and renders a progress bar for the first-boot LUKS wipe — the long (1h+), otherwise-opaque phase. configure now watches the same wipe by default after POSTing (--no-wait to skip); ctrl-C stops watching without affecting the node, since the POST already landed.

The shared poller (status.watch_luks_provisioning) is conservative about idle: it treats idle as "done" only after seeing provisioning, and otherwise waits a short grace for the wipe to start before concluding none is in progress (covers fast-unlock restarts). Connection-refused is treated as enclave-server still coming up, not an error. Renders an in-place bar on a TTY, plain lines otherwise. This watches the wipe only — it is not a node-readiness gate.

Tests cover the formatters (incl. bytes_total=0 indeterminate and bar clamping) and the JSON-RPC request/parse path.

What it looks like

When posting a config to a node from the CLI, output now looks like:

$ uv run seismic-tee configure --node deploy_tee/pulumi/descriptors/dev-bootstrap-node-1.json --config deploy_tee/pulumi/seismic_node/node.bootstrap.toml --manifest ../enclave/crates/seismic-attestation/fixtures/network-manifest-v1.json
2026-06-30 23:30:45,281 - INFO - Merged deploy_tee/pulumi/seismic_node/node.bootstrap.toml + ../enclave/crates/seismic-attestation/fixtures/network-manifest-v1.json -> /var/folders/gg/mz6fwrdn0kvdxz5y1ksrgdkh0000gn/T/seismic-node-config-ilmmyy8n.toml
2026-06-30 23:30:45,281 - INFO - Configuring node dev-bootstrap-node-1.seismicdev.net (20.115.27.207)...
2026-06-30 23:30:45,281 - INFO - Waiting for tdx-init listener at http://20.115.27.207:8080/...
2026-06-30 23:30:45,817 - INFO - tdx-init accepted config from /var/folders/gg/mz6fwrdn0kvdxz5y1ksrgdkh0000gn/T/seismic-node-config-ilmmyy8n.toml
2026-06-30 23:30:45,818 - INFO - config delivered to tdx-init.
[##############################] 100.0%  31.6/31.6 GiB

with the progress bar getting updated on every poll every 5s.

…S wipe

Add `seismic-tee status --node <descriptor>`: polls enclave-server's
getLuksProvisioningStatus (:7878) and renders a progress bar for the
first-boot LUKS wipe — the long (1h+), otherwise-opaque phase. `configure`
now watches the same wipe by default after POSTing (--no-wait to skip);
ctrl-C stops watching without affecting the node, since the POST already
landed.

The shared poller (status.watch_luks_provisioning) is conservative about
`idle`: it treats idle as "done" only after seeing provisioning, and
otherwise waits a short grace for the wipe to start before concluding none
is in progress (covers fast-unlock restarts). Connection-refused is treated
as enclave-server still coming up, not an error. Renders an in-place bar on
a TTY, plain lines otherwise. This watches the wipe only — it is not a
node-readiness gate.

Tests cover the formatters (incl. bytes_total=0 indeterminate and bar
clamping) and the JSON-RPC request/parse path.
@samlaf samlaf merged commit 05c876c into main Jun 30, 2026
1 check passed
@samlaf samlaf deleted the seismic-tee-status-progress branch June 30, 2026 15:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant