Starting and stopping the Policy Manager

Once the Anjuna Policy Manager has been installed, you can use anjuna-policy-manager to start and stop the server.

Prerequisites

First, ensure that the Anjuna Policy Manager is properly installed. See Installing the Policy Manager for more information about installing it.

If you have not already done so, set up your shell environment for use with the Anjuna SGX Runtime.

Starting the Anjuna Policy Manager also requires the same license used for the Anjuna SGX Runtime. See Licensing the Anjuna SGX Runtime for instructions on how to download and use your license file.

Starting the Anjuna Policy Manager

To start the Anjuna Policy Manager, run:

$ anjuna-policy-manager server start --dev

This command starts the Policy Manager Server, which is then available for Anjuna SGX Runtime connections.

For the sake of simplicity, you will use the --dev flag. The --dev flag starts the Anjuna Policy Manager in development mode. This is insecure and should not be used for production purposes.

On some systems, the Policy Manager Server requires more time to start than on others. To increase the timeout period, add the --timeout [seconds] flag to the server start command.

When the Anjuna Policy Manager starts, it displays the following message:

Anjuna Policy Manager server is up and running
- Address: https://apm-server.test:8201
- Certificate: /opt/anjuna/anjuna-policy-manager/dev/conf/https/cert/cert.pem

Add the following entries to your application's manifest to connect to the Anjuna Policy Manager Server:

policy_manager: (1)
  socket: apm-broker (2)
  url: https://apm-server.test:8201 (3)
  ca_cert: |  (4)
    -----BEGIN CERTIFICATE----- (5)
    ... (6)
    -----END CERTIFICATE----- (7)

The end of this message contains important configuration information. To configure the Anjuna SGX Runtime to connect to the Anjuna Policy Manager server, you must configure the Anjuna SGX Runtime with the information in lines 1-7 of the output shown above.

To use it, you must add those lines to the manifest template for the Anjuna SGX Runtime. The manifest template is a file that is automatically created by the Anjuna SGX Runtime when you configure an application to run in a secure enclave. For more information about the manifest template and how to use it, see Configure applications to work with the Anjuna SGX Runtime.

The manifest template is a file named manifest.template.yaml. If you do not have this file, either because you have not configured the Anjuna SGX Runtime before, or because the file has been moved or deleted, you can create a new one by running the following command:

$ anjuna-sgxrun --setup

You can then add the referenced lines of the output shown above to the manifest template to configure the Anjuna SGX Runtime to connect to the Anjuna Policy Manager.

Stopping the Anjuna Policy Manager

To stop the Anjuna Policy Manager, run:

$ anjuna-policy-manager server stop --dev

To find out whether the Anjuna Policy Manager is running, run:

$ anjuna-policy-manager server status --dev

If Anjuna Policy Manager is running, you will see the following message:

$ anjuna-policy-manager server status --dev
The Anjuna Policy Manager server is up and running
- Address: https://apm-server.test:8201
- Certificate: /opt/anjuna/anjuna-policy-manager/dev/conf/https/cert/cert.pem

Add the following entries to your application's manifest to connect to the Anjuna Policy Manager
Server:

policy_manager:
  socket: apm-broker
  url: https://apm-server.test:8201
  ca_cert: |Anjuna Policy Manager
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----

Otherwise, you will see this message:

$ anjuna-policy-manager server status --dev
The Anjuna Policy Manager server is not running