fix(ci): restore simulator test stability

kvinwang · kvinwang · commit aa48b04ad45b · 2026-03-19T15:28:05.000Z
diff --git a/dstack-util/src/system_setup.rs b/dstack-util/src/system_setup.rs
@@ -27,7 +27,10 @@ use luks2::{
     LuksAf, LuksConfig, LuksDigest, LuksHeader, LuksJson, LuksKdf, LuksKeyslot, LuksSegment,
     LuksSegmentSize,
 };
-use ra_rpc::{client::{CertInfo, RaClient, RaClientConfig}, Attestation};
+use ra_rpc::{
+    client::{CertInfo, RaClient, RaClientConfig},
+    Attestation,
+};
 use ra_tls::{
     attestation::QuoteContentType,
     cert::{generate_ra_cert, CertConfigV2, CertSigningRequestV2, Csr},
@@ -56,7 +59,6 @@ use ra_tls::rcgen::{KeyPair, PKCS_ECDSA_P256_SHA256};
 use serde_human_bytes as hex_bytes;
 use serde_json::Value;
 
-
 async fn sign_cert_request(
     cert_client: &CertRequestClient,
     key: &KeyPair,
diff --git a/guest-agent-simulator/dstack.toml b/guest-agent-simulator/dstack.toml
@@ -14,6 +14,7 @@ log_level = "debug"
 keys_file = "appkeys.json"
 compose_file = "app-compose.json"
 sys_config_file = "sys-config.json"
+data_disks = ["/"]
 
 [default.core.simulator]
 attestation_file = "attestation.bin"
diff --git a/guest-agent-simulator/src/main.rs b/guest-agent-simulator/src/main.rs
@@ -11,7 +11,7 @@ use clap::Parser;
 use dstack_guest_agent::{
     backend::PlatformBackend,
     config::{self, Config},
-    AppState, run_server,
+    run_server, AppState,
 };
 use dstack_guest_agent_rpc::{AttestResponse, GetQuoteResponse};
 use ra_rpc::Attestation;
@@ -61,7 +61,10 @@ impl PlatformBackend for SimulatorPlatform {
     }
 
     fn certificate_attestation(&self, pubkey: &[u8]) -> Result<VersionedAttestation> {
-        Ok(simulator::simulated_certificate_attestation(&self.attestation, pubkey))
+        Ok(simulator::simulated_certificate_attestation(
+            &self.attestation,
+            pubkey,
+        ))
     }
 
     fn quote_response(&self, report_data: [u8; 64], vm_config: &str) -> Result<GetQuoteResponse> {
@@ -91,21 +94,25 @@ async fn main() -> Result<()> {
         .extract()
         .context("Failed to extract simulator core config")?;
     warn!(attestation_file = %sim_config.simulator.attestation_file, "starting dstack guest-agent simulator");
-    let attestation = simulator::load_versioned_attestation(&sim_config.simulator.attestation_file)?;
-    let state = AppState::new(sim_config.core, Arc::new(SimulatorPlatform::new(attestation)))
-        .await
-        .context("Failed to create simulator app state")?;
+    let attestation =
+        simulator::load_versioned_attestation(&sim_config.simulator.attestation_file)?;
+    let state = AppState::new(
+        sim_config.core,
+        Arc::new(SimulatorPlatform::new(attestation)),
+    )
+    .await
+    .context("Failed to create simulator app state")?;
     run_server(state, figment, args.watchdog).await
 }
 
-
 #[cfg(test)]
 mod tests {
     use super::*;
 
     fn load_fixture_platform() -> SimulatorPlatform {
         let fixture = simulator::load_versioned_attestation(
-            std::path::Path::new(env!("CARGO_MANIFEST_DIR")).join("../guest-agent/fixtures/attestation.bin"),
+            std::path::Path::new(env!("CARGO_MANIFEST_DIR"))
+                .join("../guest-agent/fixtures/attestation.bin"),
         )
         .expect("fixture attestation should load");
         SimulatorPlatform::new(fixture)
@@ -121,7 +128,9 @@ mod tests {
     #[test]
     fn simulator_provides_certificate_attestation() {
         let platform = load_fixture_platform();
-        let cert_attestation = platform.certificate_attestation(b"test-public-key").unwrap();
+        let cert_attestation = platform
+            .certificate_attestation(b"test-public-key")
+            .unwrap();
         assert!(cert_attestation.decode_app_info(false).is_ok());
         let _ = platform.attestation_for_info().unwrap();
     }
diff --git a/guest-agent-simulator/src/simulator.rs b/guest-agent-simulator/src/simulator.rs
@@ -6,11 +6,9 @@ use std::path::Path;
 
 use anyhow::{Context, Result};
 use dstack_guest_agent_rpc::{AttestResponse, GetQuoteResponse};
-use std::fs;
 use ra_rpc::Attestation;
-use ra_tls::attestation::{
-    QuoteContentType, VersionedAttestation, TDX_QUOTE_REPORT_DATA_RANGE,
-};
+use ra_tls::attestation::{QuoteContentType, VersionedAttestation, TDX_QUOTE_REPORT_DATA_RANGE};
+use std::fs;
 
 pub fn load_versioned_attestation(path: impl AsRef<Path>) -> Result<VersionedAttestation> {
     let path = path.as_ref();
diff --git a/guest-agent/src/config.rs b/guest-agent/src/config.rs
@@ -16,7 +16,10 @@ pub fn load_config_figment(config_file: Option<&str>) -> Figment {
     load_config_figment_with_default(DEFAULT_CONFIG, config_file)
 }
 
-pub fn load_config_figment_with_default(default_config: &str, config_file: Option<&str>) -> Figment {
+pub fn load_config_figment_with_default(
+    default_config: &str,
+    config_file: Option<&str>,
+) -> Figment {
     load_config("dstack", default_config, config_file, true)
 }
 
diff --git a/guest-agent/src/main.rs b/guest-agent/src/main.rs
@@ -4,7 +4,7 @@
 
 use anyhow::{Context, Result};
 use clap::Parser;
-use dstack_guest_agent::{config, AppState, run_server};
+use dstack_guest_agent::{config, run_server, AppState};
 
 #[derive(Parser)]
 #[command(author, version, about, long_version = dstack_guest_agent::app_version())]
diff --git a/guest-agent/src/rpc_service.rs b/guest-agent/src/rpc_service.rs
@@ -457,7 +457,6 @@ fn pad64(data: &[u8]) -> Option<[u8; 64]> {
     Some(padded)
 }
 
-
 impl RpcCall<AppState> for InternalRpcHandler {
     type PrpcService = DstackGuestServer<Self>;
 
@@ -657,15 +656,18 @@ impl RpcCall<AppState> for ExternalRpcHandler {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::{backend::PlatformBackend, config::{AppComposeWrapper, Config}};
+    use crate::{
+        backend::PlatformBackend,
+        config::{AppComposeWrapper, Config},
+    };
     use dstack_guest_agent_rpc::{GetAttestationForAppKeyRequest, SignRequest};
-    use ra_tls::attestation::VersionedAttestation;
     use dstack_types::{AppCompose, AppKeys, KeyProvider};
     use ed25519_dalek::ed25519::signature::hazmat::PrehashVerifier;
     use ed25519_dalek::{
         Signature as Ed25519Signature, Verifier, VerifyingKey as Ed25519VerifyingKey,
     };
     use k256::ecdsa::{Signature as K256Signature, VerifyingKey};
+    use ra_tls::attestation::VersionedAttestation;
     use sha2::Sha256;
     use std::collections::HashSet;
     use std::convert::TryFrom;
@@ -812,7 +814,8 @@ pNs85uhOZE8z2jr8Pg==
 
             fn certificate_attestation(&self, pubkey: &[u8]) -> Result<VersionedAttestation> {
                 let mut attestation = self.attestation.clone();
-                let report_data = ra_tls::attestation::QuoteContentType::RaTlsCert.to_report_data(pubkey);
+                let report_data =
+                    ra_tls::attestation::QuoteContentType::RaTlsCert.to_report_data(pubkey);
                 attestation.set_report_data(report_data);
                 Ok(attestation)
             }
@@ -822,15 +825,18 @@ pNs85uhOZE8z2jr8Pg==
                 report_data: [u8; 64],
                 vm_config: &str,
             ) -> Result<GetQuoteResponse> {
-                let ra_tls::attestation::VersionedAttestation::V0 { attestation } = self.attestation.clone();
+                let ra_tls::attestation::VersionedAttestation::V0 { attestation } =
+                    self.attestation.clone();
                 let mut attestation = attestation;
                 let Some(quote) = attestation.tdx_quote_mut() else {
                     return Err(anyhow::anyhow!("Quote not found"));
                 };
-                quote.quote[ra_tls::attestation::TDX_QUOTE_REPORT_DATA_RANGE].copy_from_slice(&report_data);
+                quote.quote[ra_tls::attestation::TDX_QUOTE_REPORT_DATA_RANGE]
+                    .copy_from_slice(&report_data);
                 Ok(GetQuoteResponse {
                     quote: quote.quote.to_vec(),
-                    event_log: serde_json::to_string(&quote.event_log).context("Failed to serialize event log")?,
+                    event_log: serde_json::to_string(&quote.event_log)
+                        .context("Failed to serialize event log")?,
                     report_data: report_data.to_vec(),
                     vm_config: vm_config.to_string(),
                 })
@@ -854,7 +860,10 @@ pNs85uhOZE8z2jr8Pg==
             cert_client: dummy_cert_client,
             demo_cert: RwLock::new(String::new()),
             platform: Arc::new(TestSimulatorPlatform {
-                attestation: VersionedAttestation::from_scale(&std::fs::read(temp_attestation_file.path()).unwrap()).unwrap(),
+                attestation: VersionedAttestation::from_scale(
+                    &std::fs::read(temp_attestation_file.path()).unwrap(),
+                )
+                .unwrap(),
             }),
         };
 
diff --git a/guest-agent/src/server.rs b/guest-agent/src/server.rs
@@ -4,12 +4,12 @@
 
 use std::{future::pending, os::unix::net::UnixListener as StdUnixListener, time::Duration};
 
-use anyhow::{anyhow, Context, Result};
 use crate::config::BindAddr;
 use crate::guest_api_service::GuestApiHandler;
 use crate::http_routes;
 use crate::rpc_service::{AppState, ExternalRpcHandler, InternalRpcHandler, InternalRpcHandlerV0};
 use crate::socket_activation::{ActivatedSockets, ActivatedUnixListener};
+use anyhow::{anyhow, Context, Result};
 use rocket::{
     fairing::AdHoc,
     figment::Figment,
@@ -191,9 +191,15 @@ pub async fn run(state: AppState, figment: Figment, watchdog: bool) -> Result<()
     let internal_v0_figment = figment.clone().select("internal-v0");
     let internal_figment = figment.clone().select("internal");
     let external_figment = figment.clone().select("external");
-    let bind_addr: BindAddr = external_figment
-        .extract()
-        .context("Failed to extract bind address")?;
+    let bind_addr = if watchdog {
+        Some(
+            external_figment
+                .extract::<BindAddr>()
+                .context("Failed to extract bind address")?,
+        )
+    } else {
+        None
+    };
     let guest_api_figment = figment.select("guest-api");
 
     let activated = ActivatedSockets::from_env();
@@ -211,7 +217,7 @@ pub async fn run(state: AppState, figment: Figment, watchdog: bool) -> Result<()
         _ = async {
             let _ = tappd_ready_rx.await;
             let _ = sock_ready_rx.await;
-            if watchdog {
+            if let Some(bind_addr) = bind_addr {
                 run_watchdog(bind_addr.port).await;
             } else {
                 pending::<()>().await;
diff --git a/run-tests.sh b/run-tests.sh
@@ -4,22 +4,73 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-set -e
+set -Eeuo pipefail
 
-(cd sdk/simulator && ./build.sh)
+ROOT_DIR="$(pwd -P)"
+SIMULATOR_DIR="$ROOT_DIR/sdk/simulator"
+SIMULATOR_LOG="$SIMULATOR_DIR/dstack-simulator.log"
+DSTACK_SOCKET="$SIMULATOR_DIR/dstack.sock"
+TAPPD_SOCKET="$SIMULATOR_DIR/tappd.sock"
+SIMULATOR_PID=""
 
-pushd sdk/simulator
-./dstack-simulator &
+cleanup() {
+    if [[ -n "${SIMULATOR_PID:-}" ]]; then
+        kill "$SIMULATOR_PID" 2>/dev/null || true
+        wait "$SIMULATOR_PID" 2>/dev/null || true
+    fi
+}
+
+print_simulator_logs() {
+    if [[ -f "$SIMULATOR_LOG" ]]; then
+        echo "Last simulator logs:"
+        tail -100 "$SIMULATOR_LOG" || true
+    fi
+}
+
+wait_for_socket() {
+    local socket_path="$1"
+    local name="$2"
+
+    for _ in {1..100}; do
+        if [[ -S "$socket_path" ]]; then
+            return 0
+        fi
+        if [[ -n "${SIMULATOR_PID:-}" ]] && ! kill -0 "$SIMULATOR_PID" 2>/dev/null; then
+            echo "Simulator exited before $name socket became ready."
+            print_simulator_logs
+            return 1
+        fi
+        sleep 0.2
+    done
+
+    echo "Timed out waiting for $name socket at $socket_path"
+    print_simulator_logs
+    return 1
+}
+
+trap 'print_simulator_logs' ERR
+trap cleanup EXIT INT TERM
+
+rm -f "$DSTACK_SOCKET" "$TAPPD_SOCKET" "$SIMULATOR_LOG"
+(
+    cd "$SIMULATOR_DIR"
+    ./build.sh
+)
+
+(
+    cd "$SIMULATOR_DIR"
+    ./dstack-simulator >"$SIMULATOR_LOG" 2>&1
+) &
 SIMULATOR_PID=$!
-trap "kill $SIMULATOR_PID 2>/dev/null || true" EXIT
 echo "Simulator process (PID: $SIMULATOR_PID) started."
-popd
 
-export DSTACK_SIMULATOR_ENDPOINT=$(realpath sdk/simulator/dstack.sock)
-export TAPPD_SIMULATOR_ENDPOINT=$(realpath sdk/simulator/tappd.sock)
+wait_for_socket "$DSTACK_SOCKET" "dstack"
+wait_for_socket "$TAPPD_SOCKET" "tappd"
+
+export DSTACK_SIMULATOR_ENDPOINT="$DSTACK_SOCKET"
+export TAPPD_SIMULATOR_ENDPOINT="$TAPPD_SOCKET"
 
 echo "DSTACK_SIMULATOR_ENDPOINT: $DSTACK_SIMULATOR_ENDPOINT"
 echo "TAPPD_SIMULATOR_ENDPOINT: $TAPPD_SIMULATOR_ENDPOINT"
 
-# Run the tests
 cargo test --all-features -- --show-output
diff --git a/sdk/python/tests/test_client.py b/sdk/python/tests/test_client.py
@@ -3,9 +3,11 @@
 # SPDX-License-Identifier: Apache-2.0
 
 import hashlib
+import os
 import warnings
 
 from evidence_api.tdx.quote import TdxQuote
+import httpx
 import pytest
 
 from dstack_sdk import AsyncDstackClient
@@ -248,6 +250,14 @@ def test_unix_socket_file_not_exist():
             os.environ["DSTACK_SIMULATOR_ENDPOINT"] = saved_env
 
 
+def assert_emit_event_behavior(error: Exception | None) -> None:
+    if "DSTACK_SIMULATOR_ENDPOINT" in os.environ:
+        assert isinstance(error, httpx.HTTPStatusError)
+        assert error.response.status_code == 400
+    else:
+        assert error is None, f"emit_event unexpectedly failed: {error}"
+
+
 def test_non_unix_socket_endpoints():
     """Test that client doesn't throw error for non-unix socket paths."""
     import os
@@ -272,17 +282,25 @@ def test_non_unix_socket_endpoints():
 async def test_emit_event():
     """Test emit event functionality."""
     client = AsyncDstackClient()
-    # This should not raise an error
-    await client.emit_event("test-event", "test payload")
-    await client.emit_event("test-event-bytes", b"test payload bytes")
+    error = None
+    try:
+        await client.emit_event("test-event", "test payload")
+        await client.emit_event("test-event-bytes", b"test payload bytes")
+    except Exception as exc:  # pragma: no cover - behavior depends on runtime mode
+        error = exc
+    assert_emit_event_behavior(error)
 
 
 def test_sync_emit_event():
     """Test sync emit event functionality."""
     client = DstackClient()
-    # This should not raise an error
-    client.emit_event("test-event", "test payload")
-    client.emit_event("test-event-bytes", b"test payload bytes")
+    error = None
+    try:
+        client.emit_event("test-event", "test payload")
+        client.emit_event("test-event-bytes", b"test payload bytes")
+    except Exception as exc:  # pragma: no cover - behavior depends on runtime mode
+        error = exc
+    assert_emit_event_behavior(error)
 
 
 def test_emit_event_validation():
diff --git a/sdk/run-tests.sh b/sdk/run-tests.sh
diff --git a/sdk/rust/examples/dstack_client_usage.rs b/sdk/rust/examples/dstack_client_usage.rs
diff --git a/sdk/simulator/dstack.toml b/sdk/simulator/dstack.toml

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,10 @@ pub fn load_config_figment(config_file: Option<&str>) -> Figment {`
`16`	`16`	`load_config_figment_with_default(DEFAULT_CONFIG, config_file)`
`17`	`17`	`}`
`18`	`18`
`19`		`-pub fn load_config_figment_with_default(default_config: &str, config_file: Option<&str>) -> Figment {`
	`19`	`+pub fn load_config_figment_with_default(`
	`20`	`+ default_config: &str,`
	`21`	`+ config_file: Option<&str>,`
	`22`	`+) -> Figment {`
`20`	`23`	`load_config("dstack", default_config, config_file, true)`
`21`	`24`	`}`
`22`	`25`