anjuna-fs-proxy

anjuna-fs-proxy --enclave-name <enclave-name> --anjunafs-rootdir <root-directory> [OPTIONS...]

A daemon that provides an Anjuna Nitro enclave access to basic mount volumes on the parent instance filesystem for persistent storage.

anjuna-fs-proxy must be run prior to starting an enclave with one or more basic volumes defined in its configuration.

The anjuna-fs-proxy daemon mounts a directory on the parent instance filesystem to one or more mount points inside the enclave. The enclave can read and write to these mount points using normal filesystem operations.

For an enclave using basic mounts to work properly, it is important to run anjuna-fs-proxy before starting the enclave.

In order to clean up resources when you terminate an enclave, you should kill the anjuna-fs-proxy after terminating an enclave.

When restarting an enclave, it is important to stop and start anjuna-fs-proxy as described above.

The enclave may fail to detect the anjuna-fs-proxy if you run run-enclave immediately after running anjuna-fs-proxy due to a known race condition. For now, you can add a three-second delay between the two commands using sleep 3. This behavior will be fixed in a future release.

Options

Usage

anjuna-fs-proxy --enclave-name <enclave-name> --anjunafs-rootdir <root-directory> [OPTIONS...]

`--enclave-name`

(Recommended) Custom name assigned to the enclave by the user, used to uniquely identify an enclave (default: enclave)

See detailed information about the usage of --enclave-name.

`--daemonize`

Run it as daemon (default: off)

`--verbose`

Log debug messages (default: off)

`--syslog`

Log debug messages in syslog (default: off)

`--anjunafs-rootdir`

(Required) The root directory from where the anjunafs read the unencrypted files

Global options

The following options are available for all commands.

Global options

`-h, --help`

Prints the help information for the command

`-v, --version`

Prints version information

Exit status

0 on success
> 0 on error

Examples

To use anjuna-fs-proxy, you also need to define the basic-type mounts in the enclave configuration file.

For example, if you want to mount the files from /home/static and /home/logs into the enclave at /shared/static and /var/app/logs, add the following to your enclave configuration file:

mounts:
  - name: static # the name within your anjunafs-rootdir
    type: basic # anjuna-fs-proxy uses the `basic` type
    mountPath: /shared/static # the path within your enclave
  - name: logs
    type: basic
    mountPath: /var/app/logs

Then start anjuna-fs-proxy with the anjunafs-rootdir like this:

$ anjuna-fs-proxy --daemonize --anjunafs-rootdir /home

When you have more than one enclave, you need to start one anjuna-fs-proxy process per enclave and use the --enclave-name parameter. For example, if you have two enclaves with the names of nginx and postgres and want them to share the same root directory, use the following commands:

$ anjuna-fs-proxy --enclave-name nginx --daemonize --anjunafs-rootdir /home
$ anjuna-fs-proxy --enclave-name postgres --daemonize --anjunafs-rootdir /home