stop start issue fix for EnableEncryptionFormatAll#1753
stop start issue fix for EnableEncryptionFormatAll#1753pankajosh wants to merge 1 commit intoade-singlepass-devfrom
Conversation
pankajosh
requested review from
Jyotsna-Anand,
ShridharParameshwarBhat,
aravindthoram,
bamuir and
vimish
|
|
||
| #log to capture lsblk before encryption view. | ||
| disk_util.log_lsblk_output() | ||
| if public_settings.get(CommonVariables.EncryptionEncryptionOperationKey) == CommonVariables.EnableEncryptionFormatAll: |
There was a problem hiding this comment.
Is the incident reported for EncryptFormalAll scenarios only?
There was a problem hiding this comment.
yes, in standard VM resource disk encryption is supported only for EncryptFormalAll scenario. issue has been seen on stop start.
There was a problem hiding this comment.
Is the resource disk still getting encrypted if it is unmounted?
There was a problem hiding this comment.
yes, resource disk got encrypted if EFA is there, irrespective of disk mount.
There was a problem hiding this comment.
Perhaps, we should consider mounting BEK volume on /bekvolume
There was a problem hiding this comment.
@canfikret yeah, we have been wanting to move it. For new VM's, it is an easy change, but for existing VM's, snapshots/backups/etc we would need to think about a solution that wont break those.
| disk_util.log_lsblk_output() | ||
| if public_settings.get(CommonVariables.EncryptionEncryptionOperationKey) == CommonVariables.EnableEncryptionFormatAll: | ||
| #in case of stop start unmount /mnt to avoid resource disk encryption issues. | ||
| disk_util.umount('/mnt') |
There was a problem hiding this comment.
where will the resource disk get mounted again?
Have you considered creating a separate mount point for BEK which is not under /mnt? For example, /azure_bek_disk ?
3 participants
fix for Incident 384350526 : Investigate latency Issues with Compute Instance LROs.
resource disk re-encryption fix for stop start use case.