Bug 1929721 - Enable host-based disk encryption on Azure platform
Summary: Enable host-based disk encryption on Azure platform
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.7
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
: 4.7.z
Assignee: Mangirdas Judeikis
QA Contact: Milind Yadav
URL:
Whiteboard:
Depends On: 1900454
Blocks: 1929725
TreeView+ depends on / blocked
 
Reported: 2021-02-17 13:52 UTC by OpenShift BugZilla Robot
Modified: 2021-03-30 04:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-03-30 04:46:29 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-api-provider-azure pull 201 0 None open [release-4.7] BUG 1929721: Add SecurityProfile.EncryptionAtHost parameter to enable host-based VM encryption 2021-03-01 14:16:28 UTC
Github openshift machine-api-operator pull 801/files 0 None None None 2021-03-03 08:16:39 UTC
Github openshift machine-api-operator pull 818 0 None open [release-4.7] BUG 1929721: Add SecurityProfile.EncryptionAtHost parameter to enable host-based VM encryption 2021-03-03 08:18:38 UTC
Red Hat Product Errata RHSA-2021:0957 0 None None None 2021-03-30 04:47:52 UTC

Comment 6 Joel Speed 2021-03-19 13:59:20 UTC
PRs are all merged, this should be on QA now

Comment 8 Milind Yadav 2021-03-24 06:37:26 UTC
Validated on :
[miyadav@miyadav ~]$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.7.0-0.nightly-2021-03-22-025559   True        False         25m     Cluster version is 4.7.0-0.nightly-2021-03-22-025559
[miyadav@miyadav ~]$ 

Steps :
1.copy existing machineset and make updates to it (change name and add below to provider spec)
          securityProfile:
            encryptionAtHost: true

2.Make sure machines are in running state

[miyadav@miyadav ~]$ oc get machines 
NAME                                           PHASE     TYPE              REGION           ZONE   AGE
miyadav-24-kqx2c-master-0                      Running   Standard_D8s_v3   northcentralus          49m
miyadav-24-kqx2c-master-1                      Running   Standard_D8s_v3   northcentralus          49m
miyadav-24-kqx2c-master-2                      Running   Standard_D8s_v3   northcentralus          49m
miyadav-24-kqx2c-worker-encrypt-cwqc5          Running   Standard_D2s_v3   northcentralus          7m22s
miyadav-24-kqx2c-worker-encrypt-lpnmf          Running   Standard_D2s_v3   northcentralus          7m22s
miyadav-24-kqx2c-worker-encrypt-xnzpj          Running   Standard_D2s_v3   northcentralus          7m22s
miyadav-24-kqx2c-worker-northcentralus-6pwg6   Running   Standard_D2s_v3   northcentralus          44m
miyadav-24-kqx2c-worker-northcentralus-mt4lv   Running   Standard_D2s_v3   northcentralus          44m
miyadav-24-kqx2c-worker-northcentralus-mzfn9   Running   Standard_D2s_v3   northcentralus          44m

3. [miyadav@miyadav ~]$ oc get machines miyadav-24-kqx2c-worker-encrypt-cwqc5 -o yaml | grep "encryptionAtHost"
        encryptionAtHost: true


Additional info:
Moved to VERIFIED

Comment 10 errata-xmlrpc 2021-03-30 04:46:29 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.4 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:0957


Note You need to log in before you can comment on or make changes to this bug.