anjuna-fs-proxy

A daemon that provides an Anjuna Nitro enclave access to basic mount volumes on the parent instance filesystem for persistent storage.

SYNOPSIS

anjuna-fs-proxy --enclave-name <enclave-name> [OPTION...]

DESCRIPTION

anjuna-fs-proxy must be run prior to starting an enclave with one or more basic volumes defined in its configuration.

The anjuna-fs-proxy daemon mounts a directory on the parent instance filesystem to one or more mount points inside the enclave. The enclave can read and write to these mount points using normal filesystem operations.

For an enclave using basic mounts to work properly, it is important to run anjuna-fs-proxy before starting the enclave.

In order to clean up resources when you terminate an enclave, you should kill the anjuna-fs-proxy after terminating an enclave.

When restarting an enclave, it is important to stop and start anjuna-fs-proxy as described above.
The enclave may fail to detect the anjuna-fs-proxy if you run run-enclave immediately after running anjuna-fs-proxy due to a known race condition. For now, you can add a three-second delay between the two commands using sleep 3. This behavior will be fixed in a future release.

OPTIONS

Usage: anjuna-fs-proxy [Options]

Options:
  --daemonize          Run it as daemon (default: off)
  --verbose            log debug message (default: off)
  --syslog             log debug messages in syslog (default: off)
  --anjunafs-rootdir   the root directory from where the anjunafs read the unencrypted files
  --enclave-name       name of the enclave (default: “enclave”)

EXIT STATUS

  • 0 on success

  • > 0 on error

EXAMPLE

To use anjuna-fs-proxy, you also need to define the basic-type mounts in the enclave configuration file.

For example, if you want to mount the files from /home/static and /home/logs into the enclave at /shared/static and /var/app/logs, you would add the following to your enclave configuration file:

mounts:
- name: static  # the name within your anjunafs-rootdir
  type: basic  # anjuna-fs-proxy uses the `basic` type
  mountPath: /shared/static  # the path within your enclave
- name: logs
  type: basic
  mountPath: /var/app/logs

And you would start anjuna-fs-proxy with the anjunafs-rootdir like this:

$ anjuna-fs-proxy --daemonize --anjunafs-rootdir /home

When you have more than one enclave, you need to start one anjuna-fs-proxy process per enclave and use the --enclave-name parameter. For example, if you have two enclaves with the names of nginx and postgres and want them to share the same root directory, use the following commands:

$ anjuna-fs-proxy --enclave-name nginx --daemonize --anjunafs-rootdir /home
$ anjuna-fs-proxy --enclave-name postgres --daemonize --anjunafs-rootdir /home