无法加密CIS CentOS Marketplace VMS [英] Unable to Encrypt CIS CentOS Marketplace VMS

问题描述

我正在部署CIS Hardened CentOS Marketplace图像作为我们公司基础设施构建的标准。

根据公司规则，所有操作系统和数据磁盘应该是使用Azure磁盘加密加密。

但是，我无法通过AZ CLI加密CIS CentOS 6或7版本。



见日志..



$
CentOS 6

--------



[cisadm @ ciscentos6~] $ cat / etc / centos-release

CentOS版本6.10（最终）

[ cisadm @ ciscentos6~] $ rpm -q centos-release

centos-release-6-10.el6.centos.12.3.x86_64



az cli> az vm encryption enable --resource-group" cistestrg2" --name" ciscentos6" --disk-encryption-keyvault" ciscentkv" --volume-type OS

发行版不在CLI的已知支持列表中。使用https://aka.ms/adelinux进行交叉检查

VM处理扩展"AzureDiskEncryptionForLinux"时报告失败。错误消息："无法启用带有错误的扩展名：[Errno 2]没有这样的文件或目录：'/ var / lib / azure_disk_encryption_config / azure_crypt_config.ini'，堆栈跟踪：
回溯（最近一次调用最后一次） ：

 文件"/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.1.0.17/main/handle.py" ;,第647行，在enable_encryption中为
    encryption_config.commit（）

 文件"/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.1.0.17/main/EncryptionConfig.py" ;,第65行，在提交中
    self.encryption_config.save_configs（key_value_pairs）

 文件"/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.1.0.17/main/ConfigUtil.py" ;,第62行，在save_configs中为
    open（self.config_file_path，'wb'）as configfile：
$
IOError：[Errno 2]没有这样的文件或目录：'/ var / lib / azure_disk_encryption_config / azure_crypt_config.ini'

"。




CentOS 7

-------- < br $>




[centadm @ ciscentos7~] $ uname -a 

Linux ciscentos7 3.10.0-862.14。 4.el7.x86_64＃1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU / Linux 

[centadm @ ciscentos7~] $ cat / etc / centos-release 

CentOS Linux版本7.5.1804（核心版） 

[centadm @ ciscentos7~] $ rpm -q centos-release 

centos-release -7-5.1804.4.el7.centos.x86_64 

[centadm @ ciscentos7~] $



az cli> az vm encryption enable --resource-group" cistestrg2" --name" ciscentos7" --disk-encryption-keyvault" ciscentkv" --volume-type OS

发行版不在CLI的已知支持列表中。使用https://aka.ms/adelinux进行交叉检查

VM处理扩展"AzureDiskEncryptionForLinux"时报告失败。错误消息："centos 7.5.1804不支持操作系统卷加密"。



请参阅支持的Linux版本的Azure磁盘加密。

$
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-faq#bkmk_LinuxOSSupport

I'm deploying CIS Hardened CentOS Marketplace images as the Standard for our Company Infrastructure build.
As per the Company Rules all the OS and Data Disks should be Encrypted using Azure Disk Encryption.
However, I'm unable to encrypt either of the CIS CentOS 6 or 7 version through AZ CLI.

See Logs..


CentOS 6
--------

[cisadm@ciscentos6 ~]$ cat /etc/centos-release
CentOS release 6.10 (Final)
[cisadm@ciscentos6 ~]$ rpm -q centos-release
centos-release-6-10.el6.centos.12.3.x86_64

az cli> az vm encryption enable --resource-group "cistestrg2" --name "ciscentos6" --disk-encryption-keyvault "ciscentkv" --volume-type OS
The distro is not in CLI's known supported list. Use https://aka.ms/adelinux to cross check
VM has reported a failure when processing extension 'AzureDiskEncryptionForLinux'. Error message: "Failed to enable the extension with error: [Errno 2] No such file or directory: '/var/lib/azure_disk_encryption_config/azure_crypt_config.ini', stack trace: Traceback (most recent call last):
  File "/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.1.0.17/main/handle.py", line 647, in enable_encryption
    encryption_config.commit()
  File "/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.1.0.17/main/EncryptionConfig.py", line 65, in commit
    self.encryption_config.save_configs(key_value_pairs)
  File "/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.1.0.17/main/ConfigUtil.py", line 62, in save_configs
    with open(self.config_file_path, 'wb') as configfile:
IOError: [Errno 2] No such file or directory: '/var/lib/azure_disk_encryption_config/azure_crypt_config.ini'
".


CentOS 7
--------


[centadm@ciscentos7 ~]$ uname -a 
Linux ciscentos7 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux 
[centadm@ciscentos7 ~]$ cat /etc/centos-release 
CentOS Linux release 7.5.1804 (Core) 
[centadm@ciscentos7 ~]$ rpm -q centos-release 
centos-release-7-5.1804.4.el7.centos.x86_64 
[centadm@ciscentos7 ~]$

az cli> az vm encryption enable --resource-group "cistestrg2" --name "ciscentos7" --disk-encryption-keyvault "ciscentkv" --volume-type OS
The distro is not in CLI's known supported list. Use https://aka.ms/adelinux to cross check
VM has reported a failure when processing extension 'AzureDiskEncryptionForLinux'. Error message: "OS volume encryption is not supported on centos 7.5.1804".

See Supported versions of Linux for Azure Disk Encryption.

https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-faq#bkmk_LinuxOSSupport

我们是否知道MS何时开始支持CentOS 7.5的CIS加固图像的Azure磁盘加密

Do we have any idea as to When MS will start Supporting Azure Disk Encryption for CIS Hardened Images for CentOS 7.5

推荐答案

@cloudfirstltd，请使用Powershell，我在测试时遇到了同样的问题。 AZ CLI似乎不支持Linux的加密过程。 
$


这是它的完整文档：  https://docs.microsoft.com/en-us/azure/security/azure-security -disk-encryption-linux  另外，make
一定要添加  -SkipVmBackup; 在运行脚本时标记，例如： 

@cloudfirstltd, please use Powershell, I ran into the same issue previously while testing. AZ CLI doesn't seem to support the encryption process for Linux. 

This is the full documentation for it: https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-linux Also, make sure to add the -SkipVmBackup; flag when running the script, ex: 

Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName

rgname -VMName

rgname -VMName

vmName -DiskEncryptionKeyV
aultUrl

vmName -DiskEncryptionKeyV aultUrl

这篇关于无法加密CIS CentOS Marketplace VMS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！