anjuna-block-manager.sh
anjuna-block-manager.sh { create | start | stop | mount | unmount } OPTIONS
Manage block volumes for Anjuna Nitro Enclaves.
anjuna-block-manager.sh
provides the ability to create persisted block volumes
and provides the following two options for those volumes:
-
Making the volumes available to Anjuna Nitro Enclaves. The Anjuna Nitro Runtime connects a server running on the Parent VM that makes the volume available in the enclave.
-
Mounting the volume locally, on the Parent VM, to read and/or modify it.
For a detailed explanation of block mounts and how to use them, see Block mounts.
Use the Using the When there is a problem,
the tool will display this error: In order to mount a volume or make it available to an enclave,
while it is already in use,
make sure to first There are currently no protections against making the same volume available to multiple enclaves, so be careful to not run multiple enclaves from the same Parent VM, that require block volumes, at the same time. |
After the enclave that uses a block volume is terminated,
it is important to stop
the run of the anjuna-block-manager
that made this volume available for that enclave,
to prevent data loss.
Similarly, after mounting a volume locally on the Parent VM,
it is important to unmount
it
in order to make sure all changes to the volume have been persisted correctly.
Permissions
Creating the volume and making it available to enclaves does not require special permissions and can be done by most standard users of a system.
The volume mounting and unmounting requires the user to be in the sudoers,
with the ability to run mount
and unmount
as root.
Options
Top level usage
Usage: anjuna-block-manager.sh COMMAND COMMAND can be one of { create | start | stop | mount | unmount }
Create
Creates a block volume compatible with Anjuna Nitro Enclaves.
-s, --size
Size of volume to create. Size must be an integer, optionally followed by one of the following suffixes: K 1024, M 1024*1024, and likewise for G and larger sizes. If no suffix is specified, the size is in bytes.
-u, --user
User and group to use as the owners of the root directory of the volume. In the format "UID:GID".
Note that only IDs are supported; usernames and groupnames are not supported, as they only exist in the context of the container, and not necessarily in the context of the system creating the block volume. Any attempt to write to the volume from inside (or outside) the enclave, especially to the root directory, needs to be in a user/group context compatible with what is defined in this flag. Otherwise it will fail.
Example
The following example creates a volume, adds a file to it, and makes it available to an enclave:
$ VOLUME="test-volume.img"
$ MOUNT_DIR="test-volume-mount-dir"
$ SIZE="32M"
$ USER="1001:1001"
$ anjuna-block-manager.sh create -v ${VOLUME} -s ${SIZE} -u ${USER}
$ mkdir -p ${MOUNT_DIR}
$ anjuna-block-manager.sh mount -v ${VOLUME} -d ${MOUNT_DIR}
$ echo "test" | sudo tee ${MOUNT_DIR}/test.txt
$ anjuna-block-manager.sh unmount -d ${MOUNT_DIR}
$ anjuna-block-manager.sh start -v ${VOLUME}
# start enclave, wait for it to finish and terminate it
$ anjuna-block-manager.sh stop