When deploying Azure VMs with disk encryption you have to restart the VM. The disc encrypting part is an async process that finishes after the arm templates are finished. It can take up to and hour before the whole disk is encrypted. To make life easier I made a powershell script that checks the status of the encrypted disks and if the VM needs a restart:
get-azurermvm | % {
$rgname = $_.ResourceGroupName
$vmname = $_.Name
$status = Get-AzureRmVMDiskEncryptionStatus -ResourceGroupName $rgname -VMName $vmname
$osVolumeEncrypted = $status.OsVolumeEncrypted
$dataVolumesEncrypted = $status.DataVolumesEncrypted
Write-Host "Status $vmname OsVolumeEncrypted:$osVolumeEncrypted DataVolumesEncrypted:$dataVolumesEncrypted"
if ($status.OsVolumeEncrypted -eq 'VMRestartPending' -or $status.DataVolumesEncrypted -eq 'VMRestartPending'){
Write-Host "Restarting $vmname in rg $rgname"
Get-AzurermVM -Name $vmname -ResourceGroupName $_.ResourceGroupName | Restart-AzurermVM
}
}
The script is really slow on Linux VMs. A nice extra can be that when you find a disk in the status EncryptionInProgress, then wait till the status is VMRestartPending and reboot the VM.
{ Think Rethink } 