Prerequisites and installation

Prerequisites

Self-hosted software

Anjuna Seaglass, including the Anjuna Runtime for AMD SEV, is self-hosted software. You will download the software from the Anjuna Resource Center and install it in your own infrastructure and cloud environment.

Anjuna Seaglass is not software-as-a-service (SaaS). It does not require any telemetry or other runtime dependency on any Anjuna-hosted services.

Cloud platform requirements

For this quickstart, you must have access to a supported cloud account. The examples in this document also require access to other services.

  • Microsoft Azure

  • Google Cloud

For this quickstart, you must have an Azure subscription and the ability to create Azure Confidential VMs (CVMs). The examples in this document also require an IAM role that allows you to create the following resources:

  • Azure Resource Groups

  • An Azure Blob Storage account and container

  • An Azure Compute Gallery, formerly known as Shared Image Gallery (an aggregation of shared images)

  • A Linux VM Image Definition

  • Azure Virtual Networks

  • Azure Network Security Groups (for firewall rules)

For this quickstart, you must have a GCP account and the ability to create GCP Confidential VM (CVM) instances. The examples in this document also require access to the following GCP services:

  • GCP Compute Engine

  • GCP Cloud Storage

You will need your account name and key (or password) to authorize the command-line interface (CLI) in the Install and authenticate to your cloud provider’s CLI section below.

For more information on identity and access management and on best practices, see your cloud provider’s documentation:

  • Microsoft Azure

  • Google Cloud

See the Azure documentation for information on identity and access management (IAM).

Here are some other helpful links:

See the GCP documentation for information on identity and access management and on best practices:

Instance type requirements

The Anjuna CLI will launch new virtual machine instances to run Anjuna Confidential Containers. This requires specific instance types that use AMD Secure Encrypted Virtualization (SEV) hardware.

  • Microsoft Azure

  • Google Cloud

DCasv5, DCadsv5, ECasv5, or ECadsv5-series VMs are required in order to run Azure CVMs.

See DCasv5 and DCadsv5-series CVMs or ECasv5 and ECadsv5-series CVMs for more information on these machine types.

CVMs in specific sizes are only available in certain regions and zones. For an Azure CLI command to display the regional availability of CVM machine sizes, see the Microsoft Azure documentation.

The N2D machine type is required in order to run GCP CVMs.

See N2D machine series for more information on this machine type.

N2D instances are only available in certain regions and zones. To see the most up-to-date availability, go to Google Cloud’s documentation on Available regions and zones, and filter "Select a machine series" to select "N2D".

Requirements for the Anjuna CLI for SEV

  • Microsoft Azure

  • Google Cloud

The Anjuna CLI will be used to manage Anjuna Confidential Containers running on top of Azure CVMs. The "management host" that it is installed on must have access to Azure through the Azure CLI (az), but is not required to be an Azure VM itself.

The Anjuna CLI has been tested on the following operating system:

  • Ubuntu 20.04

The Anjuna CLI will be used to manage Anjuna Confidential Containers running on top of GCP CVMs. The "management host" that it is installed on must have access to GCP through the Google Cloud CLI, but is not required to be a GCP Compute Instance itself.

The Anjuna CLI has been tested on the following operating systems:

  • Red Hat Enterprise Linux 8 (RHEL 8)

  • Red Hat Enterprise Linux 9 (RHEL 9)

  • Ubuntu 20.04

Resource requirements

The following resources are recommended for the management host to build Anjuna Confidential Containers:

  • Disk space: varies depending on the size of the Anjuna Confidential Container. Three times the size of the Anjuna Confidential Container’s disk is recommended.

For this quickstart, you will build an Anjuna Confidential Container with 20 GB of disk space, so 60 GB of disk space is recommended.

There is no strict requirement for minimum RAM. Since you will be working with large image sizes, it is recommended to have 16 GB or more RAM, or your system will thrash memory and increase build times.

Installation

Install and authenticate to your cloud provider’s CLI

  • Microsoft Azure

  • Google Cloud

You will install the Microsoft Azure CLI on a management host.

Follow the Azure documentation to install the Azure CLI: How to install the Azure CLI.

After Authenticating the Azure CLI, run the following command, which should display at least one entry, which is the default:

$ az account list

You will install the Google Cloud CLI on a management host.

The anjuna-gcp-cli will use the Google Cloud CLI to manage cloud resources. See the Google Cloud documentation for steps to download, install, and initialize the gcloud CLI: Install the Google Cloud CLI.

After Initializing the gcloud CLI, run the following command, which should display at least one "active" entry:

$ gcloud auth list

The Anjuna CLI and other tools like Terraform require the application default credentials to be set. Run the following command to select the application default credentials:

$ gcloud auth application-default login
GCP resources are created within Projects, which can be used to define ownership and to segregate resources. When working with Anjuna CLI commands that create or modify cloud resources, you can specify a Project using the --project flag or the GCLOUD_DEFAULT_PROJECT environment variable.

Install Docker

To build disk images for the Anjuna Confidential Container, Docker should be installed and running, and your current user should be in the docker group.

See instructions to install Docker. Then, run the following command to create the docker group and add your current user to the group.

$ sudo groupadd -f docker
$ sudo usermod -aG docker $USER

Next, log out and log back in to refresh your user’s groups.

Install the Anjuna CLI

Access the Anjuna Resource Center to get the Anjuna CLI for Microsoft Azure or Google Cloud.

You can use the “API” button to copy a wget command to download the Anjuna CLI for Microsoft Azure or for Google Cloud from the command line. Then you will not need to access the Anjuna Resource Center UI again.

API button

  • Microsoft Azure

  • Google Cloud

Now that you have downloaded the installer, anjuna-azure-installer.release-1.15.0002.bin, make it executable and run it:

$ chmod +x anjuna-azure-installer.release-1.15.0002.bin
$ sudo ./anjuna-azure-installer.release-1.15.0002.bin

The Anjuna CLI will be installed into /opt/anjuna/azure.

Now that you have downloaded the installer, anjuna-gcp-installer.release-1.15.0002.bin, make it executable and run it:

$ chmod +x anjuna-gcp-installer.release-1.15.0002.bin
$ sudo ./anjuna-gcp-installer.release-1.15.0002.bin

The Anjuna CLI will be installed into /opt/anjuna/gcp.

Set up environment variables for the Anjuna CLI

  • Microsoft Azure

  • Google Cloud

Run the following command to set up environment variables needed for the Anjuna CLI.

$ source /opt/anjuna/azure/env.sh

You can add the line above to your ~/.bash_profile to automatically set these environment variables every time you log in.

Run the following command to set up environment variables needed for the Anjuna CLI.

$ source /opt/anjuna/gcp/env.sh

You can add the line above to your ~/.bash_profile to automatically set these environment variables every time you log in.

Confirm the installation

  • Microsoft Azure

  • Google Cloud

To confirm that the Anjuna CLI is properly installed, run the following command:

$ anjuna-azure-cli

which should output the following text:

Deploy and manage Anjuna confidential VMs in Azure

Usage:
  anjuna-azure-cli [command]

Available Commands:
  disk        Create and manage disk images
  help        Help about any command
  instance    Manage confidential VMs

Flags:
      --debug     toggle debug mode
  -h, --help      help for anjuna-azure-cli
  -v, --version   version for anjuna-azure-cli

Use "anjuna-azure-cli [command] --help" for more information about a command.

If you see the following error:

-bash: anjuna-azure-cli: command not found

then the Anjuna CLI was not installed properly, or the PATH environment variable was not updated correctly. Ensure that you have installed the Anjuna CLI and have run the env.sh script to set up environment variables.

In the next section, you will use the Anjuna CLI to run applications in an Anjuna Confidential Container running on top of an Azure CVM.

To confirm that the Anjuna CLI is properly installed, run the following command:

$ anjuna-gcp-cli

which should output the following text:

anjuna-gcp-cli - manage the confidential container instance and boot disk image

Usage:
  anjuna-gcp-cli [command]

Available Commands:
  disk        manage the confidential container boot disk
  help        Help about any command
  instance    manage the confidential container instances
  kvm-run     boot the confidential container under KVM/QEMU
  mount       mount the confidential container boot disk

Flags:
      --debug            print debug messaging
  -h, --help             help for anjuna-gcp-cli
  -p, --project string   The gcp project being used
  -v, --version          version for anjuna-gcp-cli

Use "anjuna-gcp-cli [command] --help" for more information about a command.

If you see the following error:

-bash: anjuna-gcp-cli: command not found

then the Anjuna CLI was not installed properly, or the PATH environment variable was not updated correctly. Ensure that you have installed the Anjuna CLI and have run the env.sh script to set up environment variables.

In the next section, you will use the Anjuna CLI to run applications in an Anjuna Confidential Container running on top of a GCP CVM.