Running "hello-world" in the Anjuna Confidential Container

In this section, you will use the anjuna-metal CLI to create a disk image from the hello-world docker container image, start it as an Anjuna Confidential Container, view its logs, and stop it.

Creating a disk image

The disk create command produces a hardened VM disk image configured to run the provided container image as an Anjuna Confidential Container.

The following shows an example of creating an Anjuna Confidential Container disk image:

$ anjuna-metal disk create hello-world.tar.gz --technology=SEV-SNP --docker-uri=hello-world

Starting an instance

To run an Anjuna Confidential Container for which a disk image has been created, use the instance create command:

$ anjuna-metal instance create hello-world --disk=hello-world.tar.gz --memory=1G

This will start running a new Anjuna Confidential Container.

The path to the log file is displayed when the instance starts:

Created instance hello-world
Log file: /var/log/libvirt/qemu/hello-world.serial.20260420-141925.463562727.log

Viewing logs

Serial log files for Anjuna Confidential Containers can be found in /var/log/libvirt/qemu/ directory, with a separate log file created for every run of each instance. Log files record all Anjuna startup and attestation information using UTC timestamps with microsecond precision.

Workload-related logs can also be found here.

The log file for a running instance can be queried through its describe output:

$ anjuna-metal instance describe hello-world --json

The log files are managed by the virtlogd service and are normally owned by root, so privileged access is required to view them.

The following command can be used to simplify access to the current log file:

$ anjuna-metal instance log hello-world

As this command only displays information from the current log file, you will need to manually check rotated log files for older log records. When run as a non-root user, this command will attempt to access the log file using sudo.

Listing instances

To list all running Anjuna Confidential Containers, use the following command:

$ anjuna-metal instance list

Network interface information is only reported for virtual networks managed by libvirt.

Stopping an instance

The following command can be used to stop a running Anjuna Confidential Container:

$ anjuna-metal instance delete hello-world

Getting help

The anjuna-metal CLI provides a number of other disk and instance related commands.

To view general help, use the following command:

$ anjuna-metal help

To view help for a particular subcommand, use help with that subcommand. For example, to view the help for disk related commands, run the following:

$ anjuna-metal disk help