提问人:Abdullah 提问时间:11/18/2023 更新时间:11/18/2023 访问量:37
使用 terraform 对数据磁盘进行 Azure 磁盘加密 [已关闭]
Azure Disk Encryption on data disks using terraform [closed]
问:
我有具有一个 OS 磁盘和一个数据磁盘的 VM,我想使用 terraform 在这些 VM 上的所有磁盘上启用 Azure 磁盘加密。我在下面使用,var.volume_type的值是“全部”
resource "azurerm_virtual_machine_extension" "vmextension" {
count = "${lower(var.vm_os_type) == "windows" ? 1 : 0}"
name = "${random_string.password.result}"
location = "${data.azurerm_resource_group.test.location}"
resource_group_name = "${data.azurerm_resource_group.test.name}"
virtual_machine_name = "${var.vm_name}"
publisher = "Microsoft.Azure.Security"
type = "AzureDiskEncryption"
type_handler_version = "${var.type_handler_version == "" ? "2.2" : var.type_handler_version}"
auto_upgrade_minor_version = true
settings = <<SETTINGS
{
"EncryptionOperation": "${var.encrypt_operation}",
"KeyVaultURL": "${data.azurerm_key_vault.keyvault.vault_uri}",
"KeyVaultResourceId": "${data.azurerm_key_vault.keyvault.id}",
"KeyEncryptionKeyURL": "${var.encryption_key_url}",
"KekVaultResourceId": "${data.azurerm_key_vault.keyvault.id}",
"KeyEncryptionAlgorithm": "${var.encryption_algorithm}",
"VolumeType": "${var.volume_type}"
}
SETTINGS
tags = "${var.tags}"
}
运行此操作后,“Azure 磁盘加密”显示为“已启用”,但是如果我运行“az vm encryption show --name testvm --resource-group test-resource-group”
"name": "testvm-OSDISK",
"statuses": [
{
"code": "EncryptionState/encrypted",
"displayStatus": "Encryption is enabled on disk",
"level": "Info",
"message": null,
"time": null
}
]
},
{
"encryptionSettings": null,
"name": "testvm-DATADISK-0",
"statuses": [
{
"code": "EncryptionState/notEncrypted",
"displayStatus": "Disk is not encrypted",
"level": "Info",
"message": null,
"time": null
}
]
}
],
"status": null,
"substatus": null
为什么数据盘不显示为已加密?如果我登录到 VM,我会在 OS 和数据磁盘上看到一个锁定标志。
答: 暂无答案
评论