Upgrading the Anjuna Nitro Runtime

If you installed a previous version of the Anjuna Nitro Runtime, you must remove the previous version of the software.

If you have just installed the Anjuna Nitro Runtime for the first time, you can skip to the next section.

Stop existing AWS Nitro Enclaves

Run the following command to terminate any running enclave:

$ anjuna-nitro-cli terminate-enclave --all

Stop Anjuna Nitro Runtime services

Run the following command to terminate the Anjuna Nitro Network Proxy:

$ pkill -f anjuna-nitro-netd-parent

If you are using a block persistent volume mount, stop the anjuna-block-manager.sh service:

$ anjuna-block-manager.sh stop

If you are using a basic bind mount, terminate anjuna-fs-proxy:

$ pkill -f anjuna-fs-proxy

Delete the Anjuna Nitro Runtime and get the upgraded installer

$ sudo rm -rf /opt/anjuna/nitro

Access the Anjuna Resource Center to get the Anjuna Nitro Runtime — anjuna-nitro-runtime.1.55.0001.tar.gz

Install the Anjuna Nitro Runtime

Extract the tools into /opt/anjuna/nitro and allow anjuna-nitro-netd-parent to bind on privileged ports:

$ sudo mkdir -p /opt/anjuna/nitro
$ sudo tar -xvoz -C /opt/anjuna/nitro -f anjuna-nitro-runtime.1.55.0001.tar.gz
$ sudo setcap cap_net_bind_service=+ep /opt/anjuna/nitro/bin/anjuna-nitro-netd-parent

Set up the environment variables

$ export PATH=$PATH:/opt/anjuna/nitro/bin

To make sure that this environment variable is always defined properly, add the line above to your ~/.bash_profile. This ensures that it is defined automatically every time you log in.

Enclave image files (EIFs) compatibility with new Anjuna Nitro Runtime version

If you have enclaves that run EIFs that were built with anjuna-nitro-cli, you need to rebuild them using Anjuna Nitro Runtime version 1.51 or newer. This will ensure compatibility with the new Anjuna Nitro Runtime version. You may also need to update your KMS policies if they rely on PCR values that will change as a result of building a new EIF file.