|
| 1 | +## Setup nitro dev box |
| 2 | + |
| 3 | +1. Launch latest Debian AMI |
| 4 | +2. Connect to instance |
| 5 | + ``` |
| 6 | + while sleep 1; do ssh admin@<IP_HERE>; done |
| 7 | + ``` |
| 8 | +3. Configure custom nitro kernel |
| 9 | +
|
| 10 | + Assumes kernel "6.1" is latest. Adjust accordingly. |
| 11 | + ``` |
| 12 | + sudo -s |
| 13 | + apt install -y tmux dpkg-dev pahole inotify-tools neovim build-essential linux-source-6.1.0 |
| 14 | + cd /usr/src |
| 15 | + tar -xvf linux-source-6.1.tar.xz |
| 16 | + cd linux-source-6.1 |
| 17 | + cp /boot/config-$(uname -r) . |
| 18 | + scripts/config --disable SYSTEM_TRUSTED_KEYS |
| 19 | + scripts/config --disable SYSTEM_REVOCATION_KEYS |
| 20 | + scripts/config --module NITRO_ENCLAVES |
| 21 | + make deb-pkg LOCALVERSION=-nitro KDEB_PKGVERSION=$(make kernelversion)-1 |
| 22 | + dpkg -i ../linux-image-6.1.37-nitro_6.1.37-1_amd64.deb |
| 23 | + reboot |
| 24 | + ``` |
| 25 | +4. Setup latest docker |
| 26 | + ``` |
| 27 | + sudo install -m 0755 -d /etc/apt/keyrings |
| 28 | + curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg |
| 29 | + sudo chmod a+r /etc/apt/keyrings/docker.gpg |
| 30 | + echo \ |
| 31 | + "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ |
| 32 | + "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ |
| 33 | + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null |
| 34 | + sudo apt update |
| 35 | + sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin |
| 36 | + ``` |
| 37 | +5. Configure Nitro Enclave tooling |
| 38 | + ``` |
| 39 | + git clone https://github.com/aws/aws-nitro-enclaves-cli.git |
| 40 | + cd aws-nitro-enclaves-cli |
| 41 | + make |
| 42 | + sudo mkdir -p /run/nitro_enclaves /etc/nitro_enclaves /var/log/nitro_enclaves |
| 43 | + sudo chmod -R g+w /var/log/nitro_enclaves /run/nitro_enclaves /etc/nitro_enclaves |
| 44 | + sudo chown -R :admin /var/log/nitro_enclaves /run/nitro_enclaves /etc/nitro_enclaves |
| 45 | + sudo cp build/nitro_cli/x86_64-unknown-linux-musl/release/nitro-cli /usr/local/bin/ |
| 46 | + sudo cp bootstrapnitro-enclaves-allocator /usr/local/bin/ |
| 47 | + sudo cp bootstrap/allocator.yaml /etc/ |
| 48 | + sed -i 's|/usr/bin|/usr/local/bin|g' bootstrap/nitro-enclaves-allocator.service |
| 49 | + sudo cp bootstrap/nitro-enclaves-allocator.service /etc/systemd/system/ |
| 50 | + sudo systemctl enable nitro-enclaves-allocator.service |
| 51 | + ``` |
| 52 | +
|
| 53 | +## Terminate enclaves automatically when new EIF file is written |
| 54 | +
|
| 55 | +``` |
| 56 | +while inotifywait -e close_write out/aws-x86_64.eif; do sudo nitro-cli terminate-enclave --all; done |
| 57 | +``` |
| 58 | +
|
| 59 | +## Run debug enclave with nitro-cli in a loop: |
| 60 | +``` |
| 61 | +while sleep 1; do sudo nitro-cli run-enclave --enclave-name nitro --memory 1024 --enclave-cid 16 --cpu-count 2 --eif-path out/aws-x86_64.eif --debug-mode --attach-console; done |
| 62 | +``` |
| 63 | +
|
| 64 | +## manually run qos_host: |
| 65 | +``` |
| 66 | +./dist/qos_host.linux-x86_64 --host-ip 0.0.0.0 --host-port 3000 --cid 16 --port 3 |
| 67 | +``` |
| 68 | +
|
| 69 | +## run health check in loop: |
| 70 | +``` |
| 71 | +while sleep 1; do clear; date; curl localhost:3000/qos/enclave-health; done |
| 72 | +``` |
| 73 | +
|
| 74 | +## Vim command to save and trigger new enclave build/launch: |
| 75 | +``` |
| 76 | +:w|! time make out/aws-x86_64.eif |
| 77 | +``` |
0 commit comments