search

Azure / azure-linux-extensions

Linux Virtual Machine Extensions for Azure
Apache License 2.0
308 stars 254 forks source link

ADE: FAILED to find suitable passphrase file ... #673

Open johanburati opened 6 years ago

johanburati commented 6 years ago

A customer encrypted the OS disk on a Ubuntu VM (Canonical:UbuntuServer:16.04-LTS:latest)

AzureDiskEncryptionForLinux version is 1.1.0.17

After the disk get encrypted, he rebooted the VM a few times without problem. However after he redeployed the VM, he got the following error saying it cannot find the passphrase.

Before re-deploy:

mounting /dev/sdc1 on /tmp-keydisk-mount failed: No such device
Success loading keyfile!
...
mounting /dev/sdc1 on /tmp-keydisk-mount failed: No such device
Success loading keyfile!

After re-deploy:

mounting /dev/sdc1 on /tmp-keydisk-mount failed: No such device
FAILED to find suitable passphrase file ...
Try to enter your password:

We encrypted the OS disk of a second VM using the same vault/key but the same issue occurred after redeploying the VM.

johanburati commented 6 years ago

We were able to pinpoint the issue to the key vault itself, the enableForDiskEncryption option was not set.

Since this scenario leave us with a unusable VM after a redeploy, would it be possible to implement some kind of safeguard within the extension to prevent the encryption in such case ?