question

ajkuma-MSFT avatar image
0 Votes"
ajkuma-MSFT asked ·

Disk Encryption is not working properly in Linux VM, root folder changed to ‘/oldroot folder and unexpected behavior

Hi Team,


I have enabled disk encryption for one of my Linux VM in Azure. After some time I am facing the following issues in the servers,


Problems:
1) The root '/' is been changed as '/oldroot'


2) All the user "/home" directory is been deleted.


3) I have already installed MySQL on that server. The permission for my "MySQL" is completely changed. So now I am unable to access the application.

OS: Ubuntu 18.04

Enabled encryption via Azure portal.

Kindly provide a solution to resolve this issue

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question.]


Source: MSDN thread


azure-disk-encryption
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Sumarigo-MSFT avatar image
0 Votes"
Sumarigo-MSFT answered ·

Because encryption is still running in the vm and the / will be /oldroot and /home will under /oldroot/home

​Let the encryption get completed. Use the below link to verify if the encryption is successful from Portal and OS level: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/how-to-verify-encryption-status

Also, the OS Disk encryption would take some Time based on the size of the disk for 30 GB, it would take around 3-6 hours

​Have a working backup for the vm which you are going to encrypt it.

  1. Make sure that the VM has enough RAM(minimum 7Gb) and also enough space in the OSDisk.

  2. Make sure that the application is stopped prior to the encryption process is started, also make sure that the application remains stopped after a reboot also, as the ADE process will reboot the vm.

  3. Make sure that the vm is not accessed by any means being it ssh or winscp or any other tools.

  4. Make sure that there is no extension installed in the vm.

  5. Make sure that there is no server hardening is done on the vm which is going to encrypted.

  6. You can monitor the encryption status using the PowerShell or azure cli commands or checking the serial console.

  7. Also as stated earlier, if you are using datadisk, make sure that the file system type is ext4 and not xfs, because xfs file system is not supported for single pass encryption


Note: The ADE is supported for Endorsed Linux images only, for any other images, we would support on best effort basis.

You can find the details about images here in the link: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-overview#supported-operating-systems

Enable Azure Disk Encryption for Linux VMs - Azure Linux Virtual Machines

Source: MSDN thread


·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.