Upgrading the Anjuna Nitro Runtime
If you installed a previous version of the Anjuna Nitro Runtime, you must remove the previous version of the software.
| If you have just installed the Anjuna Nitro Runtime for the first time, you can skip to the next section. |
Stop existing AWS Nitro Enclaves
Run the following command to terminate any running enclave:
$ anjuna-nitro-cli terminate-enclave --allStop Anjuna Nitro Runtime services
Run the following command to terminate the Anjuna Nitro Network Proxy:
$ pkill -f anjuna-nitro-netd-parentIf you are using a block persistent volume mount, stop the anjuna-block-manager.sh service:
$ anjuna-block-manager.sh stopIf you are using a basic bind mount, terminate anjuna-fs-proxy:
$ pkill -f anjuna-fs-proxyDelete the Anjuna Nitro Runtime and get the upgraded installer
$ sudo rm -rf /opt/anjuna/nitroAccess the Anjuna Resource Center to get the Anjuna Nitro Runtime — anjuna-nitro-runtime.1.53.0004.tar.gz
Install the Anjuna Nitro Runtime
Extract the tools into /opt/anjuna/nitro and
allow anjuna-nitro-netd-parent to bind on privileged ports:
$ sudo mkdir -p /opt/anjuna/nitro
$ sudo tar -xvoz -C /opt/anjuna/nitro -f anjuna-nitro-runtime.1.53.0004.tar.gz
$ sudo setcap cap_net_bind_service=+ep /opt/anjuna/nitro/bin/anjuna-nitro-netd-parentSet up the environment variables
$ export PATH=$PATH:/opt/anjuna/nitro/binTo make sure that this environment variable is always defined properly, add the line above to your
~/.bash_profile, which ensures that it is defined automatically every time you log in.
Rebuild enclave image files (EIFs) when upgrading the Anjuna Nitro Runtime version
The enclave image files (EIFs) created by anjuna-nitro-cli build-enclave are associated with a
specific Anjuna Nitro Runtime version.
After you upgrade the Anjuna Nitro Runtime,
you will need to rebuild older EIFs in order to run them with the new version
of anjuna-nitro-cli run-enclave.
The new EIFs may have different PCR measurements, so update your KMS key policies if needed.