1929721 – Enable host-based disk encryption on Azure platform

Bug 1929721 - Enable host-based disk encryption on Azure platform

Summary: Enable host-based disk encryption on Azure platform

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Cloud Compute
Sub Component:
Version:	4.7
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	4.7.z
Assignee:	Mangirdas Judeikis
QA Contact:	Milind Yadav
Docs Contact:
URL:
Whiteboard:
Depends On:	1900454
Blocks:	1929725
TreeView+	depends on / blocked

Reported:	2021-02-17 13:52 UTC by OpenShift BugZilla Robot
Modified:	2021-08-02 20:53 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-03-30 04:46:29 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift cluster-api-provider-azure pull 201	None	open	[release-4.7] BUG 1929721: Add SecurityProfile.EncryptionAtHost parameter to enable host-based VM encryption	2021-03-01 14:16:28 UTC
Github	openshift machine-api-operator pull 801	None	None	None	2021-08-02 20:52:54 UTC
Github	openshift machine-api-operator pull 818	None	open	[release-4.7] BUG 1929721: Add SecurityProfile.EncryptionAtHost parameter to enable host-based VM encryption	2021-03-03 08:18:38 UTC
Red Hat Product Errata	RHSA-2021:0957	None	None	None	2021-03-30 04:47:52 UTC

Comment 6 Joel Speed 2021-03-19 13:59:20 UTC

PRs are all merged, this should be on QA now

Comment 8 Milind Yadav 2021-03-24 06:37:26 UTC

Validated on :
[miyadav@miyadav ~]$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.7.0-0.nightly-2021-03-22-025559   True        False         25m     Cluster version is 4.7.0-0.nightly-2021-03-22-025559
[miyadav@miyadav ~]$ 

Steps :
1.copy existing machineset and make updates to it (change name and add below to provider spec)
          securityProfile:
            encryptionAtHost: true

2.Make sure machines are in running state

[miyadav@miyadav ~]$ oc get machines 
NAME                                           PHASE     TYPE              REGION           ZONE   AGE
miyadav-24-kqx2c-master-0                      Running   Standard_D8s_v3   northcentralus          49m
miyadav-24-kqx2c-master-1                      Running   Standard_D8s_v3   northcentralus          49m
miyadav-24-kqx2c-master-2                      Running   Standard_D8s_v3   northcentralus          49m
miyadav-24-kqx2c-worker-encrypt-cwqc5          Running   Standard_D2s_v3   northcentralus          7m22s
miyadav-24-kqx2c-worker-encrypt-lpnmf          Running   Standard_D2s_v3   northcentralus          7m22s
miyadav-24-kqx2c-worker-encrypt-xnzpj          Running   Standard_D2s_v3   northcentralus          7m22s
miyadav-24-kqx2c-worker-northcentralus-6pwg6   Running   Standard_D2s_v3   northcentralus          44m
miyadav-24-kqx2c-worker-northcentralus-mt4lv   Running   Standard_D2s_v3   northcentralus          44m
miyadav-24-kqx2c-worker-northcentralus-mzfn9   Running   Standard_D2s_v3   northcentralus          44m

3. [miyadav@miyadav ~]$ oc get machines miyadav-24-kqx2c-worker-encrypt-cwqc5 -o yaml | grep "encryptionAtHost"
        encryptionAtHost: true


Additional info:
Moved to VERIFIED

Comment 10 errata-xmlrpc 2021-03-30 04:46:29 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.4 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:0957

Note You need to log in before you can comment on or make changes to this bug.