From e92f9838309640853ab8cbafad34c351a16df0ab Mon Sep 17 00:00:00 2001 From: sean wibisono Date: Thu, 28 May 2026 18:40:22 +1000 Subject: [PATCH 1/2] wait until SKR is running before starting Operator --- scripts/azure-cc/azr.py | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/scripts/azure-cc/azr.py b/scripts/azure-cc/azr.py index 5ccfcb301..7721bca55 100644 --- a/scripts/azure-cc/azr.py +++ b/scripts/azure-cc/azr.py @@ -2,6 +2,7 @@ import json import os +import socket import time from typing import Dict import sys @@ -25,6 +26,8 @@ class AZR(ConfidentialCompute): default_optout_endpoint = f"https://optout-{env_name}.uidapi.com".lower() FINAL_CONFIG = "/tmp/final-config.json" + SKR_HOST = "localhost" + SKR_PORT = 9000 def __init__(self): super().__init__() @@ -118,27 +121,25 @@ def __run_operator(self): self.run_command(java_command, separate_process=False) def _validate_auxiliaries(self): - logging.info("Waiting for sidecar ...") - + # Block JVM start until SKR is accepting TCP connections on :9000. + # Without this, the first attestation calls race the sidecar's HTTP + # server warmup and Core sees BAD_PAYLOAD (signature on a + # half-bootstrapped MAA token). MAX_RETRIES = 15 - PING_URL = "http://169.254.169.254/ping" delay = 1 + logging.info(f"Waiting for SKR sidecar on {AZR.SKR_HOST}:{AZR.SKR_PORT} ...") + for attempt in range(1, MAX_RETRIES + 1): try: - response = requests.get(PING_URL, timeout=5) - if response.status_code in [200, 204]: - logging.info("Sidecar started successfully.") + with socket.create_connection((AZR.SKR_HOST, AZR.SKR_PORT), timeout=5): + logging.info("SKR sidecar is ready.") return - else: - logging.warning( - f"Attempt {attempt}: Unexpected status code {response.status_code}. Response: {response.text}" - ) - except Exception as e: - logging.info(f"Attempt {attempt}: Error during request - {e}") + except OSError as e: + logging.info(f"Attempt {attempt}: SKR sidecar not ready - {e}") if attempt == MAX_RETRIES: - raise RuntimeError(f"Unable to detect sidecar running after {MAX_RETRIES} attempts. Exiting.") + raise RuntimeError(f"SKR sidecar not ready after {MAX_RETRIES} attempts. Exiting.") logging.info(f"Retrying in {delay} seconds... (Attempt {attempt}/{MAX_RETRIES})") time.sleep(delay) @@ -152,10 +153,13 @@ def run_compute(self) -> None: self.validate_configuration() self.__create_final_config() self._setup_auxiliaries() + self._validate_auxiliaries() self.__run_operator() def _setup_auxiliaries(self) -> None: - """ setup auxiliary services are running.""" + # No-op for Azure CC: the SKR sidecar is a separate container declared + # in the ARM template and started by Azure ACI alongside this one. We + # only need to wait for it (see _validate_auxiliaries), not start it. pass if __name__ == "__main__": From fc1ef493a44c5bd2724203414bac0c84d9834572 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Thu, 28 May 2026 08:48:09 +0000 Subject: [PATCH 2/2] [CI Pipeline] Released Snapshot version: 5.70.111-alpha-259-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 35b19affb..4ccb4df8e 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.70.110 + 5.70.111-alpha-259-SNAPSHOT UTF-8