This repo is all about running TEA Node in AWS Nitro.
AWS Nitro runs on an AWS C5.xlarge or other larger instances.
Enclave is a isolated hardware-protected virtual machine inside its parent instance.
Tea-runtime is running inside the enclave. It can communicate with outside world using vsock only.
Parent-instance-client is running inside a docker container outside of the enclave.
Run the following command to create a new instance:
./aws-tool.sh create [image-id] [key-name] [security-group-id]
Here are the descriptions about parameters with create
subcommand:
- [image-id]: (optional) image id that EC2 instance OS system installed from, default is "ami-07464b2b9929898f8" whith is only avaliable in the northeast2 region
- [key-name]: (optional) the key name create in KMS, default is "aws-tea-northeast2" that is the key name created in my KMS.
- [security-group-id]: (optional) the id about the security group you want your EC2 instance apply to, default is "sg-a96a74d2" that is my security group id
Run the following command to push resources into EC2 instance:
./aws-tool.sh push [push mode] [dns or ip address] [pem key path]
Here are the descriptions about parameters with push
subcommand:
- [push mode]: (optional) value can be
all
,script
, andclient
, default isall
that pull all resources into EC2 instance - [dns or ip address]: (optional) the host address that ssh connect to, default is queried by
aws ec2 describe-network-interfaces
and parsed from the query result - [pem key path]: (optional) corresponding with [key-name] in the create new instance step, default value is "~/.ssh/aws-tea-northeast2.pem" that is my pem file path
After pushed resources into EC2 instance, run the following command to prepare EC2 instance:
./aws-tool.sh install [dns or ip address] [pem key path]
Here are the descriptions about parameters with install
subcommand:
- [dns or ip address]: (optional) the host address that ssh connect to, default is queried by
aws ec2 describe-network-interfaces
and parsed from the query result - [pem key path]: (optional) corresponding with [key-name] in the create new instance step, default value is "~/.ssh/aws-tea-northeast2.pem" that is my pem file path
Run the following command to ssh into the created instance:
./aws-tool.sh ssh [pem key path] [dns or ip address]
Here are the descriptions about parameters with ssh
subcommand:
- [pem key path]: (optional) corresponding with [key-name] in the create new instance step, default value is "~/.ssh/aws-tea-northeast2.pem" that is my pem file path
- [dns or ip address]: (optional) the host address that ssh connect to, default is queried by
aws ec2 describe-network-interfaces
and parsed from the query result
Run the following command to terminate the instance:
./aws-tool.sh terminate [instance ids]
Here are the descriptions about parameters with terminate
subcommand:
- [instance ids]: (optional) id of the EC2 instance to be terminated, default is the first instance id queried by
aws ec2 describe-instances
command
If you have multiple instance running, or some instances are in shutting down mode, this command may not terminate the current running instance successfully. Please make sure to run ./aws-tool.sh ids
after this command to make sure that the instance is actually in "shutting down mode".
Run the following command to push single resource into EC2 instance:
./aws-tool.sh single [single file path] [dns or ip address] [pem key path]
Here are the descriptions about parameters with push
subcommand:
- [single file path]: path of the single file to push
- [dns or ip address]: (optional) the host address that ssh connect to, default is queried by
aws ec2 describe-network-interfaces
and parsed from the query result - [pem key path]: (optional) corresponding with [key-name] in the create new instance step, default value is "~/.ssh/aws-tea-northeast2.pem" that is my pem file path
Run the following command to list all EC2 instances ids and corresponding status:
./aws-tool.sh ids
Run the following command to list all EC2 instances ids and corresponding dns addresses:
./aws-tool.sh dns
After ssh into the EC2 instance, run tmux to help you handle the multiple shells in the following steps.
run tmux
or tmux a
if you already have a tmux session
./enclave.sh docker
to build enclave image from docker hub image: tearust/runtime:nitro
if you have you own docker repo, use
./enclave.sh docker YOUR_DOCKER_ACCOUNT
instead
run
./enclave.sh debug
to run enclave image in debug mode, then you should the an enclave id, copy this enclave for the next step
Run ./enclave.sh list
anytime you want to make sure if there is an enclave running
After running the enclave app, you should following the next step to run client app on the parent instance side:
press Ctrl+B + C to create a new tmux tab page or Ctrl+B + N to switch to the client app tab page if you already have one
./client-docker.sh
Now, you should see the promopt again. This promopt is the docker container's prompt. That means you are inside the docker container now.
You can run provider_kvp or parent-instance-client for testing. You can also switch between two tmux session by press ctrl+b n
to check logs. Make sure all three programs running ok.