Upgrading the Anjuna Nitro Runtime

If you installed a previous version of the Anjuna Nitro Runtime, you must remove the previous version of the software.

If you have just installed the Anjuna Nitro Runtime for the first time, you can skip to the next section.

Stop existing AWS Nitro Enclave

Run the following command to terminate any running enclave:

$ anjuna-nitro-cli terminate-enclave --all

Stop Anjuna Nitro Runtime Services

Run the following command to terminate the Anjuna Nitro Network Proxy:

$ pkill -f anjuna-nitro-netd-parent

If you are using a block persistent volume mount, terminate DRBD:

$ /opt/anjuna/nitro/drbd/parent-drbd-setup.sh --stop

If you are using a basic bind mount, terminate anjuna-fs-proxy:

$ pkill -f anjuna-fs-proxy

Delete the Anjuna Nitro Runtime and Get the Upgraded Installer

$ sudo rm -rf /opt/anjuna/nitro

Access the Anjuna Resource Center to get the Anjuna Nitro Runtime  —  anjuna-nitro-runtime.1.39.0001.tar.gz

Install the Anjuna Nitro Runtime

Extract the tools into /opt/anjuna/nitro and allow anjuna-nitro-netd-parent to bind on privileged ports:

$ sudo mkdir -p /opt/anjuna/nitro
$ sudo tar -xvoz -C /opt/anjuna/nitro -f anjuna-nitro-runtime.1.39.0001.tar.gz
$ sudo setcap cap_net_bind_service=+ep /opt/anjuna/nitro/bin/anjuna-nitro-netd-parent

Set up the environment variables

$ export PATH=$PATH:/opt/anjuna/nitro/bin

To make sure that this environment variable is always defined properly, add the line above to your ~/.bash_profile, which ensures that it is defined automatically every time you log in.

Rebuild enclave image files (EIFs) when upgrading Anjuna version

The enclave image files (EIFs) created by anjuna-nitro-cli build-enclave are associated with a specific Anjuna Nitro Runtime version. After you upgrade the Anjuna Nitro Runtime, you will need to rebuild older EIFs in order to run them with the new version of anjuna-nitro-cli run-enclave. The new EIFs may have different PCR measurements, so update your KMS key policies if needed.