Bug 1929721

Summary: Enable host-based disk encryption on Azure platform
Product: OpenShift Container Platform Reporter: OpenShift BugZilla Robot <openshift-bugzilla-robot>
Component: Cloud ComputeAssignee: Mangirdas Judeikis <mjudeiki>
Cloud Compute sub component: Other Providers QA Contact: Milind Yadav <miyadav>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: unspecified CC: apavel, jspeed, mgahagan, mimccune, mjudeiki
Version: 4.7   
Target Milestone: ---   
Target Release: 4.7.z   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-03-30 04:46:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1900454    
Bug Blocks: 1929725    

Comment 6 Joel Speed 2021-03-19 13:59:20 UTC 
PRs are all merged, this should be on QA now
Comment 8 Milind Yadav 2021-03-24 06:37:26 UTC 
Validated on :
[miyadav@miyadav ~]$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.7.0-0.nightly-2021-03-22-025559   True        False         25m     Cluster version is 4.7.0-0.nightly-2021-03-22-025559
[miyadav@miyadav ~]$ 

Steps :
1.copy existing machineset and make updates to it (change name and add below to provider spec)
          securityProfile:
            encryptionAtHost: true

2.Make sure machines are in running state

[miyadav@miyadav ~]$ oc get machines 
NAME                                           PHASE     TYPE              REGION           ZONE   AGE
miyadav-24-kqx2c-master-0                      Running   Standard_D8s_v3   northcentralus          49m
miyadav-24-kqx2c-master-1                      Running   Standard_D8s_v3   northcentralus          49m
miyadav-24-kqx2c-master-2                      Running   Standard_D8s_v3   northcentralus          49m
miyadav-24-kqx2c-worker-encrypt-cwqc5          Running   Standard_D2s_v3   northcentralus          7m22s
miyadav-24-kqx2c-worker-encrypt-lpnmf          Running   Standard_D2s_v3   northcentralus          7m22s
miyadav-24-kqx2c-worker-encrypt-xnzpj          Running   Standard_D2s_v3   northcentralus          7m22s
miyadav-24-kqx2c-worker-northcentralus-6pwg6   Running   Standard_D2s_v3   northcentralus          44m
miyadav-24-kqx2c-worker-northcentralus-mt4lv   Running   Standard_D2s_v3   northcentralus          44m
miyadav-24-kqx2c-worker-northcentralus-mzfn9   Running   Standard_D2s_v3   northcentralus          44m

3. [miyadav@miyadav ~]$ oc get machines miyadav-24-kqx2c-worker-encrypt-cwqc5 -o yaml | grep "encryptionAtHost"
        encryptionAtHost: true


Additional info:
Moved to VERIFIED
Comment 10 errata-xmlrpc 2021-03-30 04:46:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.4 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:0957