Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unspecified AWS Nitro CLI #670

Open
gbryant-arm opened this issue Apr 9, 2024 · 0 comments
Open

Unspecified AWS Nitro CLI #670

gbryant-arm opened this issue Apr 9, 2024 · 0 comments
Labels
bug Something isn't working build-process Something related to the Veracruz build process documentation Improvements or additions to documentation good first issue Good for newcomers

Comments

@gbryant-arm
Copy link
Contributor

Describe the bug
A Nitro-enabled environment must allow to 1) build a Nitro image (EIF), 2) run and manage it.
In Veracruz, we typically perform 2 on an EC2 instance and 2 in a container on the same EC2 instance.
However the documentation (https://github.com/veracruz-project/veracruz/blob/main/docs/NITRO_INSTRUCTIONS.md) doesn't specify which version of AWS Nitro CLI should be installed on the "Nitro host" (e.g. ec2 instance), and which one should be installed in the "Nitro container" (the container on the Nitro host from which Veracruz-Nitro and the EIF Nitro image are built).
As a result it is possible that the Nitro host and Nitro container get out of sync and use different versions of AWS Nitro CLI, resulting in bugs at build time (cf. Linuxkit bug where the -docker argument is unsupported).

To Reproduce

  • Install an old version of AWS Nitro CLI tools on the host: 
    sudo yum install aws-nitro-enclaves-cli-1.1.0-0.amzn2.x86_64
sudo yum install aws-nitro-enclaves-cli-devel-1.1.0-0.amzn2.x86_64
  • Install a newer version of AWS Nitro CLI tools in the container:
... cf. docker/Makefile with AWS_NITRO_CLI_REVISION=v1.2.1

Explanation
The AWS Nitro CLI blobs (/usr/share/nitro_enclaves/blobs) get mapped into the container, which ends up using them instead of the ones matching its nitro-cli.

Solution

  • Make sure the versions of AWS Nitro CLI match on the host and container. Specify the version in the doc?
@gbryant-arm gbryant-arm added bug Something isn't working documentation Improvements or additions to documentation good first issue Good for newcomers build-process Something related to the Veracruz build process labels Apr 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working build-process Something related to the Veracruz build process documentation Improvements or additions to documentation good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gbryant-arm