1. Fortanix
  2. Confidential Computing Manager
  3. User Guide
  4. Compute Nodes
  5. Enroll Compute Node

User's Guide: Enroll a Compute Node Using AWS Nitro on Amazon Linux

Last Updated: 

Enroll a Compute Node Using Nitro on Amazon Linux

Setting up the Environment

  1. Create a new VM:
    1. Select Amazon Linux 2 Machine Image (AMI): NitroEnroll.pngFigure 1: Select AMI
    2. Select Instance Type: Choose an adequate instance. The c5a.xlarge type is the minimum option that supports Nitro enclaves (see https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html#nitro-enclave-reqs) NitroEnroll_ChooseInstance.pngFigure 2: Instance Type
    3. Click Configure Instance and enable enclave support (Advanced Details: Enclave). NitroEnrollEnableEnclave.pngFigure 3: Configure Instance
    4. Click Add Storage: The default storage is 8GiB. Increase the storage to a reasonable value.
    5. Add Inbound ports under Security Group. The ports are 22 (for ssh), 80 (for http), and 443 (for https).
    6. Configure the rest of the parameters as needed and launch the enclave.
  2. Install Nitro Driver and Utilities: Follow the instructions in https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-cli-install.html 

Install Nitro Node Agent

  1. Obtain the join token from Fortanix CCM. To generate your Join Token, please log in to https://ccm.fortanix.com/. In the Infrastructure tab, click +ENROLL NODE on the Compute Nodes page. 
  2. In the ENROLL NODE window, a Join Token will be generated in the text box for "Get a join token to register a compute node". This Join Token is used by the compute node to authenticate itself. NitroJoinToken.pngFigure 4: Copy join token
  3. Click Copy to copy the Join Token (Figure 4). 
  4. Download the Amazon Nitro node agent installer.
  5. Extract the contents of the package and open the folder.
  6. Open the readme file which contains the steps to enroll the compute node in Fortanix CCM.
  7. To enroll the compute node:
    1. Copy the file installer.sh to your VM.
    2. Run the installer.sh with the join token copied in Step 3 . This will enroll the compute node in Fortanix CCM. 
      sudo bash ./installer.sh <join-token>
  8. After the compute node is enrolled in Fortanix CCM, you will see it under the Compute Nodes overview table. NitroEnrollNode.pngFigure 5: Node enrolled
  9. Debug:
    1. To view the logs, run the following command: 
      journalctl -xe | grep em-agent
    2. To view the status, run the following command: 
      systemctl status em-agent-nitro

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful