Prerequisites and installation

Prerequisites

Cloud platform requirements

For this quickstart, you must have access to a supported cloud account. The examples in this document also require access to other services.

Microsoft Azure

For this quickstart, you must have an Azure subscription and the ability to create Azure Confidential VM instances. The examples in this document also require an IAM role that allows you to create the following resources:

Azure Resource Groups
An Azure Blob Storage account and container
An Azure Compute Gallery, formerly known as Shared Image Gallery (an aggregation of shared images)
A Linux VM Image Definition
Azure Virtual Networks
Azure Network Security Groups (for firewall rules)

You will need your account name and key (or password) to authorize the command-line interface (CLI) in the Install and authenticate to your cloud provider’s CLI section below.

For more information on identity and access management and on best practices, see your cloud provider’s documentation:

Microsoft Azure

See the Azure documentation for information on identity and access management (IAM).

Here are some other helpful links:

Instance type requirements

The Anjuna CLI will launch new virtual machine instances to run Anjuna Confidential Containers. This requires specific instance types that use AMD Secure Encrypted Virtualization (SEV) hardware.

Microsoft Azure

DCasv5 or DCadsv5-series VMs are required in order to run Azure Confidential VMs.

See DCasv5 or DCadsv5-series confidential VMs for more information on this machine type.

Requirements for the Anjuna CLI for SEV

Microsoft Azure

The Anjuna CLI will be used to manage Azure Confidential VMs. The "management host" that it is installed on must have access to Azure through the Azure CLI (az), but is not required to be an Azure VM Instance itself.

The Anjuna CLI has been tested on Ubuntu 20.04 based systems.

Resource requirements

The following resources are recommended for the management host to build Anjuna Confidential Containers:

Disk space: varies depending on the size of the Anjuna Confidential Container. Three times the size of the Anjuna Confidential Container’s disk is recommended.

For this quickstart, you will build an Anjuna Confidential Container with 20 GB of disk space, so 60 GB of disk is recommended.

There is no strict requirement for minimum RAM, but since you will be working with large image sizes, it is recommended to have 16 GB or more RAM, or else your system will thrash memory and increase build times.

Installation

Install and authenticate to your cloud provider’s CLI

Microsoft Azure

You will install the Microsoft Azure CLI on a management host.

Follow the Azure documentation to install the Azure CLI: How to install the Azure CLI.

After Authenticating the Azure CLI, run the following command, which should display at least one entry which is the default:

$ az account list

Install Docker

To build disk images for the Anjuna Confidential Container, Docker should be installed and running, and your current user should be in the docker group.

See instructions to install Docker. Then, run the following command to create the docker group and add your current user to the group.

$ sudo groupadd docker
$ sudo usermod -aG docker $USER

Then, log out and log back in to refresh your user’s groups.

Install the Anjuna CLI

Microsoft Azure

Access the Anjuna Resource Center to get the Anjuna CLI — anjuna-azure-installer.release-1.5.0001.bin.

Make the installer executable and run it:

$ chmod +x anjuna-azure-installer.release-1.5.0001.bin
$ sudo ./anjuna-azure-installer.release-1.5.0001.bin

The Anjuna CLI will be installed into /opt/anjuna/azure.

Set up environment variables for the Anjuna CLI

Microsoft Azure

Run the following command to set up environment variables needed for the Anjuna CLI.

$ source /opt/anjuna/azure/env.sh

You can add the line above to your ~/.bash_profile to automatically set these environment variables every time you log in.

Confirm the installation

Microsoft Azure

To confirm that the Anjuna CLI is properly installed, run the following command:

$ anjuna-azure-cli

which should output the following text:

Deploy and manage Anjuna confidential VMs in Azure

Usage:
  anjuna-azure-cli [command]

Available Commands:
  disk        Create and manage disk images
  help        Help about any command
  instance    Manage confidential VMs

Flags:
      --debug     toggle debug mode
  -h, --help      help for anjuna-azure-cli
  -v, --version   version for anjuna-azure-cli

Use "anjuna-azure-cli [command] --help" for more information about a command.

If you see the following error:

-bash: anjuna-azure-cli: command not found

then the Anjuna CLI was not installed properly, or the PATH environment variable was not updated correctly. Ensure that you have installed the Anjuna CLI and have run the env.sh script to set up environment variables.

In the next section, you will use the Anjuna CLI to run applications in an Azure Confidential VM.