locked
Disk Encryption is not working properly in Linux VM RRS feed

  • Question

  • Hi Team,

    I have enabled disk encryption for one of my Linux VM in Azure. After some time I am facing the following issues in the servers,

    Problems:

    1) The root '/' is been changed as '/oldroot'

    2) All the user "/home" directory is been deleted.

    3) I have already installed MySQL on that server. The permission for my "MySQL" is completely changed. So now I am unable to access the application.


    Kindly provide a solution to resolve this issue.

    OS: Ubuntu 18.04

    Enabled encryption via Azure portal.

    Sunday, March 29, 2020 10:42 AM

Answers

  •  Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    • Marked as answer by GOGULARAJA Monday, April 27, 2020 3:47 AM
    Wednesday, April 1, 2020 6:50 AM
  • @GOGULARAJA Because encryption is still running in the vm and the / will be /oldroot and /home will under /oldroot/home

    Let the encryption get completed. Use the below link to verify if the encryption is successful from Portal and OS level: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/how-to-verify-encryption-status

    Also, the OS Disk encryption would take some Time based on the size of the disk for 30 GB, it would take around 3-6 hours

    1. Have a working backup for the vm which you are going to encrypt it.
    2. Make sure that the VM has enough RAM(minimum 7Gb) and also enough space in the OSDisk.
    3. Make sure that the application is stopped prior to the encryption process is started, also make sure that the application remains stopped after a reboot also, as the ADE process will reboot the vm.
    4. Make sure that the vm is not accessed by any means being it ssh or winscp or any other tools.
    5. Make sure that there is no extension installed in the vm.
    6. Make sure that there is no server hardening is done on the vm which is going to encrypted.
    7. You can monitor the encryption status using the PowerShell or azure cli commands or checking the serial console.
    8. Also as stated earlier, if you are using datadisk, make sure that the file system type is ext4 and not xfs, because xfs file system is not supported for single pass encryption

    Note: The ADE is supported for Endorsed Linux images only, for any other images, we would support on best effort basis.

    You can find the details about images here in the link: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-overview#supported-operating-systems

    Enable Azure Disk Encryption for Linux VMs - Azure Linux Virtual Machines

    This article provides instructions on enabling Microsoft Azure Disk Encryption for Linux VMs.

    Kindly let us know if the above helps or you need further assistance on this issue.

    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Monday, March 30, 2020 1:35 PM

All replies

  • @GOGULARAJA Because encryption is still running in the vm and the / will be /oldroot and /home will under /oldroot/home

    Let the encryption get completed. Use the below link to verify if the encryption is successful from Portal and OS level: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/how-to-verify-encryption-status

    Also, the OS Disk encryption would take some Time based on the size of the disk for 30 GB, it would take around 3-6 hours

    1. Have a working backup for the vm which you are going to encrypt it.
    2. Make sure that the VM has enough RAM(minimum 7Gb) and also enough space in the OSDisk.
    3. Make sure that the application is stopped prior to the encryption process is started, also make sure that the application remains stopped after a reboot also, as the ADE process will reboot the vm.
    4. Make sure that the vm is not accessed by any means being it ssh or winscp or any other tools.
    5. Make sure that there is no extension installed in the vm.
    6. Make sure that there is no server hardening is done on the vm which is going to encrypted.
    7. You can monitor the encryption status using the PowerShell or azure cli commands or checking the serial console.
    8. Also as stated earlier, if you are using datadisk, make sure that the file system type is ext4 and not xfs, because xfs file system is not supported for single pass encryption

    Note: The ADE is supported for Endorsed Linux images only, for any other images, we would support on best effort basis.

    You can find the details about images here in the link: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-overview#supported-operating-systems

    Enable Azure Disk Encryption for Linux VMs - Azure Linux Virtual Machines

    This article provides instructions on enabling Microsoft Azure Disk Encryption for Linux VMs.

    Kindly let us know if the above helps or you need further assistance on this issue.

    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Monday, March 30, 2020 1:35 PM
  •  Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    • Marked as answer by GOGULARAJA Monday, April 27, 2020 3:47 AM
    Wednesday, April 1, 2020 6:50 AM