Prerequisites and installation
Prerequisites
Cloud platform requirements
For this quickstart, you must have access to a supported cloud account. The examples in this document also require access to other services.
-
Google Cloud
-
Microsoft Azure
For this quickstart, you must have a GCP account and the ability to create GCP Confidential VM instances. The examples in this document also require access to the following GCP services:
-
GCP Compute Engine
-
GCP Cloud Storage
For this quickstart, you must have an Azure subscription and the ability to create Azure Confidential VM instances. The examples in this document also require an IAM role that allows you to create the following resources:
-
Azure Resource Groups
-
An Azure Blob Storage account and container
-
An Azure Compute Gallery, formerly known as Shared Image Gallery (an aggregation of shared images)
-
A Linux VM Image Definition
-
Azure Virtual Networks
-
Azure Network Security Groups (for firewall rules)
You will need your account name and key (or password) to authorize the command-line interface (CLI) in the Install and authenticate to your cloud provider’s CLI section below.
For more information on identity and access management and on best practices, see your cloud provider’s documentation:
-
Google Cloud
-
Microsoft Azure
See the GCP documentation for information on identity and access management and on best practices:
Here are some other helpful links:
Instance type requirements
The Anjuna CLI will launch new virtual machine instances to run Anjuna Confidential Containers. This requires specific instance types that use AMD Secure Encrypted Virtualization (SEV) hardware.
-
Google Cloud
-
Microsoft Azure
The N2D
machine type is required in order to run GCP Confidential VMs.
See N2D machine series for more information on this machine type.
DCasv5
or DCadsv5
-series VMs are required in order to run Azure Confidential VMs.
See DCasv5
or DCadsv5
-series confidential VMs
for more information on this machine type.
Requirements for the Anjuna CLI for SEV
-
Google Cloud
-
Microsoft Azure
The Anjuna CLI will be used to manage GCP Confidential VMs. The "management host" that it is installed on must have access to GCP through the Google Cloud CLI, but is not required to be a GCP Compute Instance itself.
The Anjuna CLI will be used to manage Azure Confidential VMs.
The "management host" that it is installed on must have access to Azure through the Azure CLI (az
), but is not required to be an Azure VM Instance itself.
The Anjuna CLI has been tested on Ubuntu 20.04 based systems.
Resource requirements
The following resources are recommended for the management host to build Anjuna Confidential Containers:
-
Disk space: varies depending on the size of the Anjuna Confidential Container. Three times the size of the Anjuna Confidential Container’s disk is recommended.
For this quickstart, you will build an Anjuna Confidential Container with 20 GB of disk space, so 60 GB of disk space is recommended.
There is no strict requirement for minimum RAM, but since you will be working with large image sizes, it is recommended to have 16 GB or more RAM, or your system will thrash memory and increase build times.
Installation
Install and authenticate to your cloud provider’s CLI
-
Google Cloud
-
Microsoft Azure
You will install the Google Cloud CLI on a management host.
The anjuna-gcp-cli
will use the Google Cloud CLI to manage cloud resources.
See the Google Cloud documentation for steps to download, install, and initialize the gcloud
CLI:
Install the Google Cloud CLI.
After Initializing the gcloud CLI, run the following command, which should display at least one "active" entry:
$ gcloud auth list
The Anjuna CLI and other tools like Terraform require the application default credentials to be set. Run the following command to select the application default credentials:
$ gcloud auth application-default login
GCP resources are created within Projects,
which can be used to define ownership and to segregate resources.
When working with Anjuna CLI commands that create or modify cloud resources,
you can specify a Project using the --project flag or the GCLOUD_DEFAULT_PROJECT environment
variable.
|
You will install the Microsoft Azure CLI on a management host.
Follow the Azure documentation to install the Azure CLI: How to install the Azure CLI.
After Authenticating the Azure CLI,
run the following command, which should display at least one entry, which is the default
:
$ az account list
Install Docker
To build disk images for the Anjuna Confidential Container,
Docker should be installed and running, and your current user should be in the docker
group.
See instructions to install Docker.
Then, run the following command to create the docker
group and add your current user to the group.
$ sudo groupadd docker
$ sudo usermod -aG docker $USER
Next, log out and log back in to refresh your user’s groups.
Install the Anjuna CLI
-
Google Cloud
-
Microsoft Azure
Access the Anjuna Resource Center to get the Anjuna CLI — anjuna-gcp-installer.release-1.7.0002.bin
.
Make the installer executable and run it:
$ chmod +x anjuna-gcp-installer.release-1.7.0002.bin
$ sudo ./anjuna-gcp-installer.release-1.7.0002.bin
The Anjuna CLI will be installed into /opt/anjuna/gcp
.
Access the Anjuna Resource Center to get the Anjuna CLI — anjuna-azure-installer.release-1.7.0004.bin
.
Make the installer executable and run it:
$ chmod +x anjuna-azure-installer.release-1.7.0004.bin
$ sudo ./anjuna-azure-installer.release-1.7.0004.bin
The Anjuna CLI will be installed into /opt/anjuna/azure
.
Set up environment variables for the Anjuna CLI
-
Google Cloud
-
Microsoft Azure
Run the following command to set up environment variables needed for the Anjuna CLI.
$ source /opt/anjuna/gcp/env.sh
You can add the line above to your ~/.bash_profile
to automatically set these environment
variables every time you log in.
Run the following command to set up environment variables needed for the Anjuna CLI.
$ source /opt/anjuna/azure/env.sh
You can add the line above to your ~/.bash_profile
to automatically set these environment
variables every time you log in.
Confirm the installation
-
Google Cloud
-
Microsoft Azure
To confirm that the Anjuna CLI is properly installed, run the following command:
$ anjuna-gcp-cli
which should output the following text:
anjuna-gcp-cli - manage the confidential container instance and boot disk image Usage: anjuna-gcp-cli [command] Available Commands: disk manage the confidential container boot disk help Help about any command instance manage the confidential container instances kvm-run boot the confidential container under KVM/QEMU mount mount the confidential container boot disk Flags: --debug print debug messaging -h, --help help for anjuna-gcp-cli -p, --project string The gcp project being used -v, --version version for anjuna-gcp-cli Use "anjuna-gcp-cli [command] --help" for more information about a command.
If you see the following error:
-bash: anjuna-gcp-cli: command not found
then the Anjuna CLI was not installed properly,
or the PATH
environment variable was not updated correctly.
Ensure that you have installed the Anjuna CLI and have run the env.sh
script to set up
environment variables.
In the next section, you will use the Anjuna CLI to run applications in a GCP Confidential VM.
To confirm that the Anjuna CLI is properly installed, run the following command:
$ anjuna-azure-cli
which should output the following text:
Deploy and manage Anjuna confidential VMs in Azure Usage: anjuna-azure-cli [command] Available Commands: disk Create and manage disk images help Help about any command instance Manage confidential VMs Flags: --debug toggle debug mode -h, --help help for anjuna-azure-cli -v, --version version for anjuna-azure-cli Use "anjuna-azure-cli [command] --help" for more information about a command.
If you see the following error:
-bash: anjuna-azure-cli: command not found
then the Anjuna CLI was not installed properly,
or the PATH
environment variable was not updated correctly.
Ensure that you have installed the Anjuna CLI and have run the env.sh
script to set up
environment variables.
In the next section, you will use the Anjuna CLI to run applications in an Azure Confidential VM.