Disk Encryption is not working properly in Linux VM, root folder changed to ‘/oldroot folder and unexpected behavior

ajkuma 22,521 Reputation points Microsoft Employee
2020-05-14T13:13:20.333+00:00

Hi Team,

I have enabled disk encryption for one of my Linux VM in Azure. After some time I am facing the following issues in the servers,

Problems:

  1. The root '/' is been changed as '/oldroot'

2) All the user "/home" directory is been deleted.

3) I have already installed MySQL on that server. The permission for my "MySQL" is completely changed. So now I am unable to access the application.

OS: Ubuntu 18.04

Enabled encryption via Azure portal.

Kindly provide a solution to resolve this issue

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question.]

Source: MSDN thread

Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
162 questions
0 comments
Accepted answer
  1. Sumarigo-MSFT 43,806 Reputation points Microsoft Employee
    2020-05-14T13:15:48.04+00:00

    Because encryption is still running in the vm and the / will be /oldroot and /home will under /oldroot/home

    ​Let the encryption get completed. Use the below link to verify if the encryption is successful from Portal and OS level: https://learn.microsoft.com/en-us/azure/virtual-machines/linux/how-to-verify-encryption-status

    Also, the OS Disk encryption would take some Time based on the size of the disk for 30 GB, it would take around 3-6 hours

    ​Have a working backup for the vm which you are going to encrypt it.

    1. Make sure that the VM has enough RAM(minimum 7Gb) and also enough space in the OSDisk.
    2. Make sure that the application is stopped prior to the encryption process is started, also make sure that the application remains stopped after a reboot also, as the ADE process will reboot the vm.
    3. Make sure that the vm is not accessed by any means being it ssh or winscp or any other tools.
    4. Make sure that there is no extension installed in the vm.
    5. Make sure that there is no server hardening is done on the vm which is going to encrypted.
    6. You can monitor the encryption status using the PowerShell or azure cli commands or checking the serial console.
    7. Also as stated earlier, if you are using datadisk, make sure that the file system type is ext4 and not xfs, because xfs file system is not supported for single pass encryption

    Note: The ADE is supported for Endorsed Linux images only, for any other images, we would support on best effort basis.

    You can find the details about images here in the link: https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-overview#supported-operating-systems

    Enable Azure Disk Encryption for Linux VMs - Azure Linux Virtual Machines

    Source: MSDN thread

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest