Upgrading the Anjuna Nitro Runtime
If you installed a previous version of the Anjuna Nitro Runtime, you must remove the previous version of the software.
If you have just installed the Anjuna Nitro Runtime for the first time, you can skip to the next section. |
Stop existing AWS Nitro Enclaves
Run the following command to terminate any running enclave:
$ anjuna-nitro-cli terminate-enclave --all
Stop Anjuna Nitro Runtime services
Run the following command to terminate the Anjuna Nitro Network Proxy:
$ pkill -f anjuna-nitro-netd-parent
If you are using a block
persistent volume mount, stop the anjuna-block-manager.sh
service:
$ anjuna-block-manager.sh stop
If you are using a basic
bind mount, terminate anjuna-fs-proxy
:
$ pkill -f anjuna-fs-proxy
Delete the Anjuna Nitro Runtime and get the upgraded installer
$ sudo rm -rf /opt/anjuna/nitro
Access the Anjuna Resource Center to get the Anjuna Nitro Runtime — anjuna-nitro-runtime.1.55.0001.tar.gz
Install the Anjuna Nitro Runtime
Extract the tools into /opt/anjuna/nitro
and
allow anjuna-nitro-netd-parent
to bind on privileged ports:
$ sudo mkdir -p /opt/anjuna/nitro
$ sudo tar -xvoz -C /opt/anjuna/nitro -f anjuna-nitro-runtime.1.55.0001.tar.gz
$ sudo setcap cap_net_bind_service=+ep /opt/anjuna/nitro/bin/anjuna-nitro-netd-parent
Set up the environment variables
$ export PATH=$PATH:/opt/anjuna/nitro/bin
To make sure that this environment variable is always defined properly,
add the line above to your ~/.bash_profile
.
This ensures that it is defined automatically every time you log in.
Enclave image files (EIFs) compatibility with new Anjuna Nitro Runtime version
If you have enclaves that run EIFs that were built with anjuna-nitro-cli
,
you need to rebuild them using Anjuna Nitro Runtime version 1.51 or newer.
This will ensure compatibility with the new Anjuna Nitro Runtime version.
You may also need to update your KMS policies if they rely on PCR values that will change
as a result of building a new EIF file.