anjuna-gcp-cli disk create

anjuna-gcp-cli disk create --docker-uri <docker-uri> [OPTIONS...]

Builds a raw disk image locally.

After executing the command, a raw disk image is created. By default, the name of the file is disk.raw (if not specified by the --disk command-line parameter).

The disk image is not compressed, and the locally created file (disk.raw by default) will be the same size as specified by the --size command line parameter (10GB by default). The size can be specified in various units (MB/GB).

Options

Usage

anjuna-gcp-cli disk create --docker-uri <docker-uri> [OPTIONS...]

--docker-uri

(Required) Docker image to use

If the image is not present locally, the command will pull the image from the specified registry.

The Docker image can be specified by:

  • a Docker URI to any Docker registry you have access to (Docker Hub, Google Container Registry, Artifactory Docker Registry, etc.)

  • a local URI (for example hello-world:latest)

When using a Docker Registry, you must handle the authentication to that registry before invoking the anjuna-gcp-cli disk create command.

--disk

The name of the disk file to be created (default: disk.raw)

--size

Size of the disk image (default: 10G)

The specified disk size dictates the amount of available storage when running the GCP Confidential VM. Make sure you specify a disk size that is consistent with your application needs.

--config

Path to the enclave configuration file that includes the Anjuna Policy Manager configuration

--signing-key

Path to a private RSA key to use for signing the disk image

The --signing-key argument will take the path to an RSA private key to sign the disk image. For the resulting disk image, the value of PCR16 will be based on this signing key. The Anjuna Policy Manager can be configured to release secrets based on PCR16.

NIST recommends using at least 2048 bits for RSA keys. The following command generates a 2048-bit RSA private key using openssl and stores it in the file signingkey.priv:

$ openssl genrsa -out signingkey.priv 2048

--kernel

Kernel image to use for booting the disk (default: /opt/anjuna/gcp/blob/bzImage)

--initrd

Initrd image to use for booting the disk (default: /opt/anjuna/gcp//blob/initramfs.img)

Global options

The following options are available for all anjuna-gcp-cli subcommands.

Global options

-h, --help

Prints the help information for the command

--debug

Prints debug messaging

-v, --version

Prints the anjuna-gcp-cli version

Exit status

  • 0 on success

  • 1 on error

Examples

$ anjuna-gcp-cli disk create --docker-uri nginx:latest
$ anjuna-gcp-cli disk create --size 5GB --docker-uri docker.io/nginx:latest
$ anjuna-gcp-cli disk create --docker-uri nginx:latest --signing-key signingkey.priv