From 43f3f303706dfb391ab272d6a0b4410e12753f14 Mon Sep 17 00:00:00 2001 From: Bam Muir Date: Wed, 21 Aug 2024 16:53:30 -0700 Subject: [PATCH 01/23] AZL3 initial updates --- VMEncryption/main/SupportedOS.json | 6 +++ VMEncryption/main/patch/__init__.py | 13 ++++--- VMEncryption/main/patch/azurelinuxPatching.py | 37 +++++++++++++++++++ 3 files changed, 50 insertions(+), 6 deletions(-) create mode 100644 VMEncryption/main/patch/azurelinuxPatching.py diff --git a/VMEncryption/main/SupportedOS.json b/VMEncryption/main/SupportedOS.json index 7f17ca07a..3f95fbe95 100644 --- a/VMEncryption/main/SupportedOS.json +++ b/VMEncryption/main/SupportedOS.json @@ -5,6 +5,12 @@ "MinSupportedVersion" : "2.0" } ], + "azurelinux": [ + { + "Version" : "3", + "MinSupportedVersion" : "3.0" + } + ], "redhat": [ { "Version" : "9", diff --git a/VMEncryption/main/patch/__init__.py b/VMEncryption/main/patch/__init__.py index cb0988a96..21a7a7ce9 100644 --- a/VMEncryption/main/patch/__init__.py +++ b/VMEncryption/main/patch/__init__.py @@ -17,19 +17,20 @@ # Requires Python 2.4+ import os -import re import platform +import re -from .UbuntuPatching import UbuntuPatching +from .azurelinuxPatching import azurelinuxPatching +from .centosPatching import centosPatching from .debianPatching import debianPatching +from .marinerPatching import marinerPatching +from .oraclePatching import oraclePatching from .redhatPatching import redhatPatching -from .centosPatching import centosPatching from .SuSEPatching import SuSEPatching -from .oraclePatching import oraclePatching -from .marinerPatching import marinerPatching +from .UbuntuPatching import UbuntuPatching try: - import distro # python3.8+ + import distro # python3.8+ except: pass diff --git a/VMEncryption/main/patch/azurelinuxPatching.py b/VMEncryption/main/patch/azurelinuxPatching.py new file mode 100644 index 000000000..5f961f473 --- /dev/null +++ b/VMEncryption/main/patch/azurelinuxPatching.py @@ -0,0 +1,37 @@ +import base64 +import datetime +import json +import os +import platform +import re +import shutil +import subprocess +import sys +import time +import traceback + +from Common import * + +from .redhatPatching import redhatPatching + + +class azurelinuxPatching(redhatPatching): + def __init__(self,logger,distro_info): + super(azurelinuxPatching,self).__init__(logger,distro_info) + self.logger = logger + self.min_version_online_encryption = '3.0' + self.support_online_encryption = self.validate_online_encryption_support() + self.grub_cfg_paths = [ + ("/boot/grub2/grub.cfg", "/boot/grub2/grubenv") + ] + + def pack_initial_root_fs(self): + self.command_executor.ExecuteInBash('mkinitrd -f -v', True) + + def add_kernelopts(self, args_to_add): + self.add_args_to_default_grub(args_to_add) + grub_cfg_paths = filter(lambda path_pair: os.path.exists(path_pair[0]) and os.path.exists(path_pair[1]), self.grub_cfg_paths) + + for grub_cfg_path, grub_env_path in grub_cfg_paths: + for arg in args_to_add: + self.command_executor.ExecuteInBash("grubby --args {0} --update-kernel ALL -c {1} --env={2}".format(arg, grub_cfg_path, grub_env_path)) From 7457aabd40e6435e455cd7d185f5b4aaaed78e42 Mon Sep 17 00:00:00 2001 From: Bam Muir Date: Wed, 9 Oct 2024 13:11:48 -0700 Subject: [PATCH 02/23] use dracut for azl3 --- VMEncryption/main/patch/azurelinuxPatching.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VMEncryption/main/patch/azurelinuxPatching.py b/VMEncryption/main/patch/azurelinuxPatching.py index 5f961f473..3efad0082 100644 --- a/VMEncryption/main/patch/azurelinuxPatching.py +++ b/VMEncryption/main/patch/azurelinuxPatching.py @@ -26,7 +26,7 @@ def __init__(self,logger,distro_info): ] def pack_initial_root_fs(self): - self.command_executor.ExecuteInBash('mkinitrd -f -v', True) + self.command_executor.ExecuteInBash('dracut -f -v --regenerate-all', True) def add_kernelopts(self, args_to_add): self.add_args_to_default_grub(args_to_add) From 90a418682c69c50d97f67a09433cb52b5514e59c Mon Sep 17 00:00:00 2001 From: Bam Muir Date: Wed, 9 Oct 2024 13:14:39 -0700 Subject: [PATCH 03/23] undo formatting in init.py --- VMEncryption/main/patch/__init__.py | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/VMEncryption/main/patch/__init__.py b/VMEncryption/main/patch/__init__.py index 21a7a7ce9..2a3a33926 100644 --- a/VMEncryption/main/patch/__init__.py +++ b/VMEncryption/main/patch/__init__.py @@ -17,20 +17,19 @@ # Requires Python 2.4+ import os -import platform import re +import platform -from .azurelinuxPatching import azurelinuxPatching -from .centosPatching import centosPatching +from .UbuntuPatching import UbuntuPatching from .debianPatching import debianPatching -from .marinerPatching import marinerPatching -from .oraclePatching import oraclePatching from .redhatPatching import redhatPatching +from .centosPatching import centosPatching from .SuSEPatching import SuSEPatching -from .UbuntuPatching import UbuntuPatching +from .oraclePatching import oraclePatching +from .marinerPatching import marinerPatching try: - import distro # python3.8+ + import distro # python3.8+ except: pass @@ -84,4 +83,4 @@ def GetDistroPatcher(logger): logger.log('{0} is not a supported distribution.'.format(Distro)) return None patchingInstance = globals()[patching_class_name](logger, dist_info) - return patchingInstance + return patchingInstance \ No newline at end of file From f1686109ef8d65218f35348fc303f36953387a3e Mon Sep 17 00:00:00 2001 From: Bam Muir Date: Wed, 9 Oct 2024 13:16:40 -0700 Subject: [PATCH 04/23] import azurlinuxPatching --- VMEncryption/main/patch/__init__.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/VMEncryption/main/patch/__init__.py b/VMEncryption/main/patch/__init__.py index 2a3a33926..bce642ed2 100644 --- a/VMEncryption/main/patch/__init__.py +++ b/VMEncryption/main/patch/__init__.py @@ -27,6 +27,7 @@ from .SuSEPatching import SuSEPatching from .oraclePatching import oraclePatching from .marinerPatching import marinerPatching +from .azurelinuxPatching import azurelinuxPatching try: import distro # python3.8+ @@ -83,4 +84,4 @@ def GetDistroPatcher(logger): logger.log('{0} is not a supported distribution.'.format(Distro)) return None patchingInstance = globals()[patching_class_name](logger, dist_info) - return patchingInstance \ No newline at end of file + return patchingInstance From b18a80de5103472e5bb22a75c0b77d099006baed Mon Sep 17 00:00:00 2001 From: Bam Muir Date: Thu, 10 Oct 2024 11:38:45 -0700 Subject: [PATCH 05/23] unsupported distro install fix --- VMEncryption/main/Utils/waagent | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/VMEncryption/main/Utils/waagent b/VMEncryption/main/Utils/waagent index 60c860de7..d9a66c504 100644 --- a/VMEncryption/main/Utils/waagent +++ b/VMEncryption/main/Utils/waagent @@ -1342,6 +1342,19 @@ class marinerDistro(redhatDistro): def __init__(self): super(marinerDistro, self).__init__() +############################################################ +# azurelinuxDistro +############################################################ + +class azurelinuxDistro(redhatDistro): + """ + Azurelinux Distro concrete class + Put Mariner specific behavior here... + """ + + def __init__(self): + super(azurelinuxDistro, self).__init__() + ############################################################ # asianuxDistro ############################################################ From 983b9a7fafc5d03457b7c58706eb6bbc80e24ef9 Mon Sep 17 00:00:00 2001 From: Bam Muir Date: Thu, 10 Oct 2024 11:56:39 -0700 Subject: [PATCH 06/23] Mariner -> AzureLinux --- VMEncryption/main/Utils/waagent | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VMEncryption/main/Utils/waagent b/VMEncryption/main/Utils/waagent index d9a66c504..a7e8267ba 100644 --- a/VMEncryption/main/Utils/waagent +++ b/VMEncryption/main/Utils/waagent @@ -1349,7 +1349,7 @@ class marinerDistro(redhatDistro): class azurelinuxDistro(redhatDistro): """ Azurelinux Distro concrete class - Put Mariner specific behavior here... + Put AzureLinux specific behavior here... """ def __init__(self): From 598842f0da7f176653535c72e44cbb59edfcc51a Mon Sep 17 00:00:00 2001 From: Bam Muir Date: Tue, 15 Oct 2024 14:15:30 -0700 Subject: [PATCH 07/23] add some logging to debug azl3 failure --- .../oscrypto/91adeOnline/crypt-run-generator-ade.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh b/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh index a6e38beee..17cdea019 100644 --- a/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh +++ b/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh @@ -10,20 +10,30 @@ luks=$2 bootuuid=$3 crypttab_contains "$luks" "$dev" && exit 0 +echo "Adding $luks to crypttab and updating fstab..." >> /var/log/boot_decrypt.log echo "$luks $dev /bek/LinuxPassPhraseFileName timeout=10,discard,header=/boot/luks/osluksheader" >> /etc/crypttab echo "UUID=$bootuuid /boot auto defaults 0 0" >> /etc/fstab echo "LABEL=BEK\040VOLUME /bek auto defaults,nofail 0 0" >> /etc/fstab if command -v systemctl >/dev/null; then + echo "Reloading systemd daemon and starting services..." >> /var/log/boot_decrypt.log systemctl daemon-reload systemctl start bek.mount systemctl start boot.mount systemctl start cryptsetup.target fi +# Wait for the encrypted disk to be unlocked +echo "Waiting for /dev/mapper/osencrypt to become available..." >> /var/log/boot_decrypt.log +while ! [ -b /dev/mapper/osencrypt ]; do + sleep 1 +done + if [ -b /dev/mapper/osencrypt ]; then + echo "/dev/mapper/osencrypt is available, unmounting /boot and /bek..." >> /var/log/boot_decrypt.log umount /boot umount /bek fi +echo "Script completed at $(date)" >> /var/log/boot_decrypt.log exit 0 From 6f521e5221644a7dc74ca126216e26bad78963b6 Mon Sep 17 00:00:00 2001 From: Bam Muir Date: Tue, 15 Oct 2024 14:40:43 -0700 Subject: [PATCH 08/23] yum -> tdnf install --- VMEncryption/main/patch/azurelinuxPatching.py | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/VMEncryption/main/patch/azurelinuxPatching.py b/VMEncryption/main/patch/azurelinuxPatching.py index 3efad0082..b5a170bf7 100644 --- a/VMEncryption/main/patch/azurelinuxPatching.py +++ b/VMEncryption/main/patch/azurelinuxPatching.py @@ -35,3 +35,74 @@ def add_kernelopts(self, args_to_add): for grub_cfg_path, grub_env_path in grub_cfg_paths: for arg in args_to_add: self.command_executor.ExecuteInBash("grubby --args {0} --update-kernel ALL -c {1} --env={2}".format(arg, grub_cfg_path, grub_env_path)) + + def install_cryptsetup(self): + packages = ['cryptsetup'] + package_list = " ".join(packages) + + # Log the start of the installation process + self.logger.log(f"Checking if {package_list} is already installed.") + + # Check if the package is already installed + check_command = f"rpm -q {package_list}" + if self.command_executor.Execute(check_command): + self.logger.log(f"{package_list} not installed, proceeding with installation.") + + install_command = f"tdnf install -y {package_list}" + self.logger.log(f"Running command: {install_command} with a timeout of 100 seconds.") + + # Execute the install command with a timeout + return_code = self.command_executor.Execute(install_command, timeout=100) + + # Check for timeout error (-9 indicates timeout) + if return_code == -9: + msg = "Command: tdnf install timed out. Make sure tdnf is configured correctly and there are no network problems." + self.logger.log(msg, level='error') + raise Exception(msg) + + self.logger.log(f"Installation command completed with return code: {return_code}") + return return_code + + else: + self.logger.log(f"{package_list} is already installed.") + return 0 + + def install_extras(self): + packages = [ + 'cryptsetup', + 'lsscsi', + 'psmisc', + 'lvm2', + 'uuid', + 'at', + 'patch', + 'procps-ng', + 'util-linux' + ] + self.logger.log("Starting installation of extra packages.") + + # Modify the package list based on conditions + if self.support_online_encryption: + self.logger.log("Online encryption is supported; modifying package list.") + packages.append('nvme-cli') + packages = [pkg for pkg in packages if pkg not in ['psmisc', 'uuid', 'at', 'patch', 'procps-ng']] + + package_list = " ".join(packages) + self.logger.log(f"Final package list for installation: {package_list}") + + # Check if the packages are already installed + check_command = f"rpm -q {package_list}" + if self.command_executor.Execute(check_command): + self.logger.log(f"Packages not fully installed, proceeding with installation: {package_list}") + + install_command = f"tdnf install -y {package_list}" + self.logger.log(f"Running command: {install_command}") + + # Execute the installation command + return_code = self.command_executor.Execute(install_command) + + self.logger.log(f"Installation of packages completed with return code: {return_code}") + else: + self.logger.log(f"All required packages are already installed: {package_list}") + + self.logger.log("Completed installation of extra packages.") \ No newline at end of file From af9f72c9e4884d2b110b8afbb008b5c049cd5cee Mon Sep 17 00:00:00 2001 From: Bam Muir Date: Fri, 18 Oct 2024 15:50:53 -0700 Subject: [PATCH 09/23] debug azl3 no boot --- .../oscrypto/91adeOnline/crypt-run-generator-ade.sh | 13 ++++++++++--- .../rhel_81/encryptstates/PatchBootSystemState.py | 2 +- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh b/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh index 17cdea019..10b8a0932 100644 --- a/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh +++ b/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh @@ -23,12 +23,19 @@ if command -v systemctl >/dev/null; then systemctl start cryptsetup.target fi -# Wait for the encrypted disk to be unlocked -echo "Waiting for /dev/mapper/osencrypt to become available..." >> /var/log/boot_decrypt.log -while ! [ -b /dev/mapper/osencrypt ]; do +MAX_WAIT=15 +WAIT_TIME=0 +while ! [ -b /dev/mapper/osencrypt ] && [ $WAIT_TIME -lt $MAX_WAIT ]; do sleep 1 + WAIT_TIME=$((WAIT_TIME+1)) done +if ! [ -b /dev/mapper/osencrypt ]; then + echo "Failed to unlock /dev/mapper/osencrypt after $MAX_WAIT seconds" >> /var/log/boot_decrypt.log + # Optionally reboot or drop into a shell for further troubleshooting +fi + + if [ -b /dev/mapper/osencrypt ]; then echo "/dev/mapper/osencrypt is available, unmounting /boot and /bek..." >> /var/log/boot_decrypt.log umount /boot diff --git a/VMEncryption/main/oscrypto/rhel_81/encryptstates/PatchBootSystemState.py b/VMEncryption/main/oscrypto/rhel_81/encryptstates/PatchBootSystemState.py index e05dfc61a..51a792275 100644 --- a/VMEncryption/main/oscrypto/rhel_81/encryptstates/PatchBootSystemState.py +++ b/VMEncryption/main/oscrypto/rhel_81/encryptstates/PatchBootSystemState.py @@ -95,7 +95,7 @@ def should_exit(self): sleep(5) # the restarted vm shall see the marker and advance the state machine - self.command_executor.Execute('reboot') + # self.command_executor.Execute('reboot') # reboot race condition sleep sleep(5) else: From d3885e880ab6f420d4753762c932012bb863d994 Mon Sep 17 00:00:00 2001 From: Bam Muir Date: Mon, 21 Oct 2024 14:39:20 -0700 Subject: [PATCH 10/23] update common_parameters for RA Ev2 Test .edp 1.4.0.12 --- VMEncryption/main/common_parameters.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/VMEncryption/main/common_parameters.json b/VMEncryption/main/common_parameters.json index 7082b143d..fc278ba0b 100644 --- a/VMEncryption/main/common_parameters.json +++ b/VMEncryption/main/common_parameters.json @@ -1,5 +1,5 @@ { - "extension_version": "1.4.0.6", + "extension_version": "1.4.0.12", "extension_name": "AzureDiskEncryptionForLinux", - "extension_provider_namespace": "Microsoft.Azure.Security" + "extension_provider_namespace": "Microsoft.Azure.Security.Edp" } From 5a5f0a986437c395af58c80e1a28793ed37102a1 Mon Sep 17 00:00:00 2001 From: Bam Muir Date: Tue, 22 Oct 2024 10:41:34 -0700 Subject: [PATCH 11/23] undo common params namespace; RA ev2 release fix --- VMEncryption/main/common_parameters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VMEncryption/main/common_parameters.json b/VMEncryption/main/common_parameters.json index fc278ba0b..40bdf594e 100644 --- a/VMEncryption/main/common_parameters.json +++ b/VMEncryption/main/common_parameters.json @@ -1,5 +1,5 @@ { "extension_version": "1.4.0.12", "extension_name": "AzureDiskEncryptionForLinux", - "extension_provider_namespace": "Microsoft.Azure.Security.Edp" + "extension_provider_namespace": "Microsoft.Azure.Security" } From 0244e7cd9a3542a8b59c54ab9af0b8b3374d14a0 Mon Sep 17 00:00:00 2001 From: Vishal Mishra Date: Wed, 30 Oct 2024 16:09:43 -0700 Subject: [PATCH 12/23] Fix null characters in guest agent stdout. --- VMEncryption/main/Utils/HandlerUtil.py | 4 ---- VMEncryption/main/handle.py | 1 - 2 files changed, 5 deletions(-) diff --git a/VMEncryption/main/Utils/HandlerUtil.py b/VMEncryption/main/Utils/HandlerUtil.py index 5e6934a6f..869ba180b 100644 --- a/VMEncryption/main/Utils/HandlerUtil.py +++ b/VMEncryption/main/Utils/HandlerUtil.py @@ -170,13 +170,9 @@ def exit_if_same_seq(self, exit_status=None): sys.exit(0) def log(self, message): - # write message to stderr for inclusion in QOS telemetry - sys.stderr.write(message) self._log(self._get_log_prefix() + ': ' + message) def error(self, message): - # write message to stderr for inclusion in QOS telemetry - sys.stderr.write(message) self._error(self._get_log_prefix() + ': ' + message) def _parse_config(self, config_txt): diff --git a/VMEncryption/main/handle.py b/VMEncryption/main/handle.py index 479fc00b3..33022e7b1 100644 --- a/VMEncryption/main/handle.py +++ b/VMEncryption/main/handle.py @@ -898,7 +898,6 @@ def enable(): message=msg) finally: lock.release_lock() - logger.log("exiting enable lock, PID {0}".format(os.getpid())) def are_required_devices_encrypted(volume_type, encryption_status, disk_util, bek_util, encryption_operation): are_data_disk_encrypted = True if encryption_status['data'] == 'Encrypted' else False From 471cf61558f0b0d3371bd271a783f191e66db423 Mon Sep 17 00:00:00 2001 From: Bam Date: Wed, 11 Dec 2024 12:21:12 -0800 Subject: [PATCH 13/23] Manual unlock cmd, add cryptsetup to dracut --- .../main/oscrypto/91adeOnline/crypt-run-generator-ade.sh | 3 ++- VMEncryption/main/patch/redhatPatching.py | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh b/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh index 10b8a0932..3cabbbca8 100644 --- a/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh +++ b/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh @@ -20,7 +20,8 @@ if command -v systemctl >/dev/null; then systemctl daemon-reload systemctl start bek.mount systemctl start boot.mount - systemctl start cryptsetup.target + /user/sbin/cryptsetup luksOpen /dev/disk/azure/root-part-3 osencrypt --header /boot/luks/osluksheader -d /bek/LinuxPassPhraseFileName + # systemctl start cryptsetup.target fi MAX_WAIT=15 diff --git a/VMEncryption/main/patch/redhatPatching.py b/VMEncryption/main/patch/redhatPatching.py index 875e9e99e..8f394e8bb 100644 --- a/VMEncryption/main/patch/redhatPatching.py +++ b/VMEncryption/main/patch/redhatPatching.py @@ -324,6 +324,8 @@ def install_and_enable_ade_online_enc(self, root_partuuid, boot_uuid, rootfs_dis # Change config so that dracut will force add the dm_crypt kernel module self.append_contents_to_file('\nadd_drivers+=" dm_crypt "\n', '/etc/dracut.conf.d/ade.conf') + # Change config so that dracut will force add the cryptsetup binary + self.append_contents_to_file('\ninstall_items+=" /usr/sbin/cryptsetup "\n', '/etc/dracut.conf.d/ade.conf') # Add the new kernel param additional_params = ["rd.luks.ade.partuuid={0}".format(root_partuuid), @@ -339,9 +341,9 @@ def install_and_enable_ade_online_enc(self, root_partuuid, boot_uuid, rootfs_dis #Add the plain os disk base to the "LVM Reject list" and add osencrypt device to the "Accept list" self.append_contents_to_file('\ndevices { filter = ["a|osencrypt|", "r|' + root_partuuid + '|"] }\n', '/etc/lvm/lvm.conf') # Force dracut to include LVM and Crypt modules - self.append_contents_to_file('\nadd_dracutmodules+=" crypt lvm"\n', + self.append_contents_to_file('\nadd_dracutmodules+=" crypt lvm "\n', '/etc/dracut.conf.d/ade.conf') else: - self.append_contents_to_file('\nadd_dracutmodules+=" crypt"\n', + self.append_contents_to_file('\nadd_dracutmodules+=" crypt "\n', '/etc/dracut.conf.d/ade.conf') self.add_kernelopts(["root=/dev/mapper/osencrypt"]) \ No newline at end of file From 272fe1613dab6b930f0a2052d22d127dabb608cf Mon Sep 17 00:00:00 2001 From: Bam Date: Wed, 11 Dec 2024 12:40:47 -0800 Subject: [PATCH 14/23] allow reboot call --- .../main/oscrypto/rhel_81/encryptstates/PatchBootSystemState.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VMEncryption/main/oscrypto/rhel_81/encryptstates/PatchBootSystemState.py b/VMEncryption/main/oscrypto/rhel_81/encryptstates/PatchBootSystemState.py index 51a792275..e05dfc61a 100644 --- a/VMEncryption/main/oscrypto/rhel_81/encryptstates/PatchBootSystemState.py +++ b/VMEncryption/main/oscrypto/rhel_81/encryptstates/PatchBootSystemState.py @@ -95,7 +95,7 @@ def should_exit(self): sleep(5) # the restarted vm shall see the marker and advance the state machine - # self.command_executor.Execute('reboot') + self.command_executor.Execute('reboot') # reboot race condition sleep sleep(5) else: From 7426d189b66e372f0dc56c29291f48a4c93acbf7 Mon Sep 17 00:00:00 2001 From: Bam Date: Wed, 11 Dec 2024 12:42:05 -0800 Subject: [PATCH 15/23] update common params and version --- VMEncryption/main/common_parameters.json | 2 +- VMEncryption/main/version.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VMEncryption/main/common_parameters.json b/VMEncryption/main/common_parameters.json index 40bdf594e..58930c482 100644 --- a/VMEncryption/main/common_parameters.json +++ b/VMEncryption/main/common_parameters.json @@ -1,5 +1,5 @@ { - "extension_version": "1.4.0.12", + "extension_version": "1.4.0.13", "extension_name": "AzureDiskEncryptionForLinux", "extension_provider_namespace": "Microsoft.Azure.Security" } diff --git a/VMEncryption/main/version.txt b/VMEncryption/main/version.txt index a09aa31eb..7b7ed59a5 100644 --- a/VMEncryption/main/version.txt +++ b/VMEncryption/main/version.txt @@ -1 +1 @@ -1.4.0.6 \ No newline at end of file +1.4.0.13 \ No newline at end of file From 7484a4dd6eeb74b7f92b6c944218fe1f548e1aee Mon Sep 17 00:00:00 2001 From: Bam Date: Wed, 11 Dec 2024 13:55:44 -0800 Subject: [PATCH 16/23] user -> usr --- .../main/oscrypto/91adeOnline/crypt-run-generator-ade.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh b/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh index 3cabbbca8..3b42ef0fe 100644 --- a/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh +++ b/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh @@ -20,7 +20,7 @@ if command -v systemctl >/dev/null; then systemctl daemon-reload systemctl start bek.mount systemctl start boot.mount - /user/sbin/cryptsetup luksOpen /dev/disk/azure/root-part-3 osencrypt --header /boot/luks/osluksheader -d /bek/LinuxPassPhraseFileName + /usr/sbin/cryptsetup luksOpen /dev/disk/azure/root-part-3 osencrypt --header /boot/luks/osluksheader -d /bek/LinuxPassPhraseFileName # systemctl start cryptsetup.target fi From 46303c9e4cd528651f811e58806225d4462ac6e3 Mon Sep 17 00:00:00 2001 From: Bam Date: Wed, 11 Dec 2024 13:56:39 -0800 Subject: [PATCH 17/23] update version --- VMEncryption/main/common_parameters.json | 2 +- VMEncryption/main/version.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VMEncryption/main/common_parameters.json b/VMEncryption/main/common_parameters.json index 58930c482..39d03bf3a 100644 --- a/VMEncryption/main/common_parameters.json +++ b/VMEncryption/main/common_parameters.json @@ -1,5 +1,5 @@ { - "extension_version": "1.4.0.13", + "extension_version": "1.4.0.14", "extension_name": "AzureDiskEncryptionForLinux", "extension_provider_namespace": "Microsoft.Azure.Security" } diff --git a/VMEncryption/main/version.txt b/VMEncryption/main/version.txt index 7b7ed59a5..90da41452 100644 --- a/VMEncryption/main/version.txt +++ b/VMEncryption/main/version.txt @@ -1 +1 @@ -1.4.0.13 \ No newline at end of file +1.4.0.14 \ No newline at end of file From e9673d28118af4567077ecb0d67eca7d51152a77 Mon Sep 17 00:00:00 2001 From: Bam Date: Wed, 11 Dec 2024 13:59:14 -0800 Subject: [PATCH 18/23] root-part-3 to root-part3 --- .../main/oscrypto/91adeOnline/crypt-run-generator-ade.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh b/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh index 3b42ef0fe..872515031 100644 --- a/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh +++ b/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh @@ -20,7 +20,7 @@ if command -v systemctl >/dev/null; then systemctl daemon-reload systemctl start bek.mount systemctl start boot.mount - /usr/sbin/cryptsetup luksOpen /dev/disk/azure/root-part-3 osencrypt --header /boot/luks/osluksheader -d /bek/LinuxPassPhraseFileName + /usr/sbin/cryptsetup luksOpen /dev/disk/azure/root-part3 osencrypt --header /boot/luks/osluksheader -d /bek/LinuxPassPhraseFileName # systemctl start cryptsetup.target fi From 13f505c01628fd8b1aadfc7f1eece0c76ae84e2d Mon Sep 17 00:00:00 2001 From: Bam Date: Fri, 13 Dec 2024 15:32:07 -0800 Subject: [PATCH 19/23] 2.4.0.15 mariner bug repro --- VMEncryption/main/common_parameters.json | 2 +- .../main/oscrypto/91adeOnline/crypt-run-generator-ade.sh | 6 ++++-- VMEncryption/main/version.txt | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/VMEncryption/main/common_parameters.json b/VMEncryption/main/common_parameters.json index 39d03bf3a..cb68c09d5 100644 --- a/VMEncryption/main/common_parameters.json +++ b/VMEncryption/main/common_parameters.json @@ -1,5 +1,5 @@ { - "extension_version": "1.4.0.14", + "extension_version": "1.4.0.15", "extension_name": "AzureDiskEncryptionForLinux", "extension_provider_namespace": "Microsoft.Azure.Security" } diff --git a/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh b/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh index 872515031..985244743 100644 --- a/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh +++ b/VMEncryption/main/oscrypto/91adeOnline/crypt-run-generator-ade.sh @@ -20,8 +20,10 @@ if command -v systemctl >/dev/null; then systemctl daemon-reload systemctl start bek.mount systemctl start boot.mount - /usr/sbin/cryptsetup luksOpen /dev/disk/azure/root-part3 osencrypt --header /boot/luks/osluksheader -d /bek/LinuxPassPhraseFileName - # systemctl start cryptsetup.target + systemctl start cryptsetup.target + # manual unlock fix + # /usr/sbin/cryptsetup luksOpen /dev/disk/azure/root-part3 osencrypt --header /boot/luks/osluksheader -d /bek/LinuxPassPhraseFileName + fi MAX_WAIT=15 diff --git a/VMEncryption/main/version.txt b/VMEncryption/main/version.txt index 90da41452..6dfcfa789 100644 --- a/VMEncryption/main/version.txt +++ b/VMEncryption/main/version.txt @@ -1 +1 @@ -1.4.0.14 \ No newline at end of file +1.4.0.15 \ No newline at end of file From dd371dfdc67f6d7e062157a56f648b39a81240e6 Mon Sep 17 00:00:00 2001 From: Vishal Mishra Date: Fri, 20 Dec 2024 15:16:29 -0800 Subject: [PATCH 20/23] Fix LVM encryption in RHEL 9. --- VMEncryption/main/DiskUtil.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VMEncryption/main/DiskUtil.py b/VMEncryption/main/DiskUtil.py index 5de5e9b69..7e1b6d33b 100644 --- a/VMEncryption/main/DiskUtil.py +++ b/VMEncryption/main/DiskUtil.py @@ -1048,7 +1048,7 @@ def get_device_items(self, dev_path): if property_item_pair[0] == 'MODEL': device_item.model = property_item_pair[1].strip('"') - if property_item_pair[0] == 'MAJ:MIN': + if property_item_pair[0] == 'MAJ:MIN' or property_item_pair[0] == "MAJ_MIN": device_item.majmin = property_item_pair[1].strip('"') device_item.device_id = self.get_device_id(self.get_device_path(device_item.name)) From 850e94304e11e10fc34fd43fda3f33f934606ad3 Mon Sep 17 00:00:00 2001 From: Vishal Mishra Date: Fri, 10 Jan 2025 13:39:51 -0800 Subject: [PATCH 21/23] Increase version. --- VMEncryption/main/common_parameters.json | 2 +- VMEncryption/main/version.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VMEncryption/main/common_parameters.json b/VMEncryption/main/common_parameters.json index ddde56f9e..39d03bf3a 100644 --- a/VMEncryption/main/common_parameters.json +++ b/VMEncryption/main/common_parameters.json @@ -1,5 +1,5 @@ { - "extension_version": "1.4.0.9", + "extension_version": "1.4.0.14", "extension_name": "AzureDiskEncryptionForLinux", "extension_provider_namespace": "Microsoft.Azure.Security" } diff --git a/VMEncryption/main/version.txt b/VMEncryption/main/version.txt index 8350ceb77..90da41452 100644 --- a/VMEncryption/main/version.txt +++ b/VMEncryption/main/version.txt @@ -1 +1 @@ -1.4.0.9 \ No newline at end of file +1.4.0.14 \ No newline at end of file From 1f1d8e470c8aa3d2b250b24c704c5e8b94cb3d45 Mon Sep 17 00:00:00 2001 From: Vishal Mishra Date: Mon, 13 Jan 2025 17:29:08 -0800 Subject: [PATCH 22/23] Increase version. --- VMEncryption/main/common_parameters.json | 2 +- VMEncryption/main/version.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VMEncryption/main/common_parameters.json b/VMEncryption/main/common_parameters.json index 39d03bf3a..512c4a9d9 100644 --- a/VMEncryption/main/common_parameters.json +++ b/VMEncryption/main/common_parameters.json @@ -1,5 +1,5 @@ { - "extension_version": "1.4.0.14", + "extension_version": "1.4.0.16", "extension_name": "AzureDiskEncryptionForLinux", "extension_provider_namespace": "Microsoft.Azure.Security" } diff --git a/VMEncryption/main/version.txt b/VMEncryption/main/version.txt index 90da41452..a131f7263 100644 --- a/VMEncryption/main/version.txt +++ b/VMEncryption/main/version.txt @@ -1 +1 @@ -1.4.0.14 \ No newline at end of file +1.4.0.16 \ No newline at end of file From 1995ab7004b2f853c8506a017a7e406c88b2bb2c Mon Sep 17 00:00:00 2001 From: Bam Date: Tue, 21 Jan 2025 09:55:39 -0800 Subject: [PATCH 23/23] 1.4.0.17 Test for Bug Repro --- VMEncryption/main/common_parameters.json | 2 +- VMEncryption/main/version.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VMEncryption/main/common_parameters.json b/VMEncryption/main/common_parameters.json index 512c4a9d9..10f1a8321 100644 --- a/VMEncryption/main/common_parameters.json +++ b/VMEncryption/main/common_parameters.json @@ -1,5 +1,5 @@ { - "extension_version": "1.4.0.16", + "extension_version": "1.4.0.17", "extension_name": "AzureDiskEncryptionForLinux", "extension_provider_namespace": "Microsoft.Azure.Security" } diff --git a/VMEncryption/main/version.txt b/VMEncryption/main/version.txt index a131f7263..8189fdc55 100644 --- a/VMEncryption/main/version.txt +++ b/VMEncryption/main/version.txt @@ -1 +1 @@ -1.4.0.16 \ No newline at end of file +1.4.0.17 \ No newline at end of file