本文介绍了无法加密CIS CentOS Marketplace VMS的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 我正在部署CIS Hardened CentOS Marketplace图像作为我们公司基础设施构建的标准。 根据公司规则,所有操作系统和数据磁盘应该是使用Azure磁盘加密加密。 但是,我无法通过AZ CLI加密CIS CentOS 6或7版本。 见日志.. $ CentOS 6 -------- [cisadm @ ciscentos6~] $ cat / etc / centos-release CentOS版本6.10(最终) [ cisadm @ ciscentos6~] $ rpm -q centos-release centos-release-6-10.el6.centos.12.3.x86_64 az cli> az vm encryption enable --resource-group" cistestrg2" --name" ciscentos6" --disk-encryption-keyvault" ciscentkv" --volume-type OS 发行版不在CLI的已知支持列表中。使用https://aka.ms/adelinux进行交叉检查 VM处理扩展"AzureDiskEncryptionForLinux"时报告失败。错误消息:"无法启用带有错误的扩展名:[Errno 2]没有这样的文件或目录:'/ var / lib / azure_disk_encryption_config / azure_crypt_config.ini',堆栈跟踪:回溯(最近一次调用最后一次) : 文件"/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.1.0.17/main/handle.py" ;,第647行,在enable_encryption中为   encryption_config.commit() 文件"/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.1.0.17/main/EncryptionConfig.py" ;,第65行,在提交中   self.encryption_config.save_configs(key_value_pairs) 文件"/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.1.0.17/main/ConfigUtil.py" ;,第62行,在save_configs中为   open(self.config_file_path,'wb')as configfile: $ IOError:[Errno 2]没有这样的文件或目录:'/ var / lib / azure_disk_encryption_config / azure_crypt_config.ini' "。 CentOS 7 -------- [centadm @ ciscentos7~] $ uname -a Linux ciscentos7 3.10.0-862.14。 4.el7.x86_64#1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU / Linux [centadm @ ciscentos7~] $ cat / etc / centos-release CentOS Linux版本7.5.1804(核心版) [centadm @ ciscentos7~] $ rpm -q centos-release centos-release -7-5.1804.4.el7.centos.x86_64 [centadm @ ciscentos7~] $ az cli> az vm encryption enable --resource-group" cistestrg2" --name" ciscentos7" --disk-encryption-keyvault" ciscentkv" --volume-type OS 发行版不在CLI的已知支持列表中。使用https://aka.ms/adelinux进行交叉检查 VM处理扩展"AzureDiskEncryptionForLinux"时报告失败。错误消息:"centos 7.5.1804不支持操作系统卷加密"。 请参阅支持的Linux版本的Azure磁盘加密。 $ https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-faq#bkmk_LinuxOSSupport I'm deploying CIS Hardened CentOS Marketplace images as the Standard for our Company Infrastructure build.As per the Company Rules all the OS and Data Disks should be Encrypted using Azure Disk Encryption.However, I'm unable to encrypt either of the CIS CentOS 6 or 7 version through AZ CLI.See Logs..CentOS 6--------[cisadm@ciscentos6 ~]$ cat /etc/centos-releaseCentOS release 6.10 (Final)[cisadm@ciscentos6 ~]$ rpm -q centos-releasecentos-release-6-10.el6.centos.12.3.x86_64az cli> az vm encryption enable --resource-group "cistestrg2" --name "ciscentos6" --disk-encryption-keyvault "ciscentkv" --volume-type OSThe distro is not in CLI's known supported list. Use https://aka.ms/adelinux to cross checkVM has reported a failure when processing extension 'AzureDiskEncryptionForLinux'. Error message: "Failed to enable the extension with error: [Errno 2] No such file or directory: '/var/lib/azure_disk_encryption_config/azure_crypt_config.ini', stack trace: Traceback (most recent call last): File "/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.1.0.17/main/handle.py", line 647, in enable_encryption encryption_config.commit() File "/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.1.0.17/main/EncryptionConfig.py", line 65, in commit self.encryption_config.save_configs(key_value_pairs) File "/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.1.0.17/main/ConfigUtil.py", line 62, in save_configs with open(self.config_file_path, 'wb') as configfile:IOError: [Errno 2] No such file or directory: '/var/lib/azure_disk_encryption_config/azure_crypt_config.ini'".CentOS 7--------[centadm@ciscentos7 ~]$ uname -a Linux ciscentos7 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux [centadm@ciscentos7 ~]$ cat /etc/centos-release CentOS Linux release 7.5.1804 (Core) [centadm@ciscentos7 ~]$ rpm -q centos-release centos-release-7-5.1804.4.el7.centos.x86_64 [centadm@ciscentos7 ~]$az cli> az vm encryption enable --resource-group "cistestrg2" --name "ciscentos7" --disk-encryption-keyvault "ciscentkv" --volume-type OSThe distro is not in CLI's known supported list. Use https://aka.ms/adelinux to cross checkVM has reported a failure when processing extension 'AzureDiskEncryptionForLinux'. Error message: "OS volume encryption is not supported on centos 7.5.1804".See Supported versions of Linux for Azure Disk Encryption.https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-faq#bkmk_LinuxOSSupport我们是否知道MS何时开始支持CentOS 7.5的CIS加固图像的Azure磁盘加密Do we have any idea as to When MS will start Supporting Azure Disk Encryption for CIS Hardened Images for CentOS 7.5推荐答案 @cloudfirstltd,请使用Powershell,我在测试时遇到了同样的问题。 AZ CLI似乎不支持Linux的加密过程。 $ 这是它的完整文档: https://docs.microsoft.com/en-us/azure/security/azure-security -disk-encryption-linux 另外,make 一定要添加 -SkipVmBackup; 在运行脚本时标记,例如: @cloudfirstltd, please use Powershell, I ran into the same issue previously while testing. AZ CLI doesn't seem to support the encryption process for Linux. This is the full documentation for it: https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-linux Also, make sure to add the -SkipVmBackup; flag when running the script, ex: Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName rgname -VMName rgname -VMName vmName -DiskEncryptionKeyV aultUrl vmName -DiskEncryptionKeyVaultUrl 这篇关于无法加密CIS CentOS Marketplace VMS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 09-25 23:18