parent-drbd-setup.sh

/opt/anjuna/nitro/drbd/parent-drbd-setup.sh --start <path_to_disk.img>

Manages the lifecycle of block-type persistent storage mounts.

The block option enables persistent storage for AWS Nitro Enclaves based on block mount volumes. By using parent-drbd-setup.sh, the enclave can read and write to these mount points using normal filesystem operations. block mounts are more performant than basic mounts, because block mounts transfer blocks instead of every single filesystem operation.

The block option is currently supported as follows:

  • Only one enclave can access the contents of the block mount per EC2 VM

  • A single enclave can mount only one volume at a time

  • block mounts are not supported in EKS

parent-drbd-setup.sh requires two setup steps, which should be performed only once:

  1. Once per parent instance, you must build the required tools by running parent-drbd-setup.sh --build.

  2. Data is persisted as a disk image file, which must be created before using it with an enclave. To create a disk image file, run parent-drbd-setup.sh --mem <file_size_in_MiB> --disk-create <path_to_disk.img>.

Then, prior to each start of an enclave with block mounts, you must run parent-drbd-setup.sh --start <path_to_disk.img>. This command makes the external volume available for file operations from inside the enclave.

After each stop of the enclave, in order to clean up resources, run parent-drbd-setup.sh --stop.

By default, /opt/anjuna/nitro/drbd/ is not added to the PATH. Use the absolute path /opt/anjuna/nitro/drbd/parent-drbd-setup.sh or add it to your PATH.
The enclave may fail to detect the parent-drbd-setup.sh if you run run-enclave immediately after running parent-drbd-setup.sh due to a known race condition. For now, you can add a three-second delay between the two commands using sleep 3.

Options

Usage

# Build the tools (one-time setup for the parent instance)
cd /opt/anjuna/nitro/drbd/
./parent-drbd-setup.sh --build

# Create a disk
./parent-drbd-setup.sh --mem <memory_in_MiB> --disk-create <path_to_disk.img>

# Start the persistent storage proxy
./parent-drbd-setup.sh --start <path_to_disk.img>

At this point, the enclave is started, and at some point later is stopped.

# Stop the persistent storage proxy
./parent-drbd-setup.sh --stop

--build

This command builds the tools, which are based on DRBD. It is required to run parent-drbd-setup.sh --build once to set up the tools on the parent instance.

--disk-create <path_to_disk.img>

This command creates a new disk. It is required to provide --mem when creating a new disk.

--mem <file_size_in_MiB>

When creating a disk with --disk-create, it is required to pre-allocate the full disk size. Use --mem to specify how large of a disk to create.

--start <path_to_disk.img>

This command starts the persistent storage proxy. It is required to run this command before running an enclave that uses block mounts.

--stop

This command stops the persistent storage proxy. You should run this command after terminating an enclave, in order to clean up resources.

Global options

The following options are available for all commands.

Global options

-h, --help

Prints the help information for the command

-v, --version

Prints version information

Exit status

  • 0 on success

  • > 0 on error

Examples

To use parent-drbd-setup.sh, you also need to define the block-type mounts in the enclave configuration file.

For example, if you want to persistent files at /data/db to the disk image file, add the following to your enclave configuration file:

mounts:
  - type: block
    name: example-volume
    mountPath: /data/db

The enclave directory /data/db will be persisted in the <path_to_disk.img> that was specified when you ran parent-drbd-setup.sh --start <path_to_disk.img>.

For a full example, see Running an application with block mounts.