Enabling disk encryption fails for Azure Ubuntu 16.04-LTS saying "'VolumeType' is not supported"

Question

Azure Disk Encryption for Windows and Linux IaaS VMs says that "Linux OS disk encryption is currently supported on ... Ubuntu 16.04" however when I create a new VM

$vm = New-AzureRmVMConfig -VMName "vmname" -VMSize "Standard_D2_v2"
$vm = Set-AzureRmVMOperatingSystem -VM $vm -Linux -ComputerName "vmname" -Credential $cred
$vm = Set-AzureRmVMSourceImage -VM $vm -PublisherName "Canonical" -Offer "UbuntuServer" -Skus "16.04-LTS" -Version "latest"
$vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic.Id
$osDiskUri = $storage_account.PrimaryEndpoints.Blob.ToString() + "vhds/vmname.vhd"
$vm = Set-AzureRmVMOSDisk -VM $vm -Name "myOsDisk1" -VhdUri $osDiskUri -CreateOption fromImage
New-AzureRmVM -ResourceGroupName "rgname" -Location "East US" -VM $vm

and then run

Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName "rgname" -VMName "vmname" -AadClientID "appname" -AadClientSecret "xxx=" -DiskEncryptionKeyVaultUrl $KeyVault.VaultUri -DiskEncryptionKeyVaultId $KeyVault.ResourceId;

then I get this error:

Set-AzureRmVMDiskEncryptionExtension : Long running operation failed with status 'Failed'.
ErrorCode: VMExtensionProvisioningError
ErrorMessage: VM has reported a failure when processing extension 'AzureDiskEncryptionForLinux'. Error message: "VolumeType "" is not supported".
StartTime: 6/01/2017 3:12:44 PM
EndTime: 6/01/2017 3:14:49 PM
OperationID: b976c3ab-fe5b-4356-b62f-96f3b80aeba1

This post suggests there may be some way to apply encryption earlier than this, but actually I think it relates to people with already-encrypted drives they are trying to move into Azure.

What am I doing wrong? How can I use PowerShell to enable disk encryption on Ubuntu?

Answer 1

For now, Azure does not support use Set-AzureRmVMDiskEncryptionExtension to encrypt Linux OS disk. Please refer to this article

-VolumeType

Specifies the type of virtual machine volumes to perform the encryption operation. Allowed values for virtual machines that run the Windows operating system are as follows: All, OS, and Data.

The allowed values for Linux virtual machines are as follows: Data only.

You need prepare a pre-encrypted Linux VHD and use the VHD to create an encrypted Linux VM on Azure.

Please refer to the following steps.

1.Create an Ubuntu 16.0.4 VM on Azure.

2.Prepare a pre-encrypted Linux VHD. Please refer to this article.Notes: You need prepare the VHD on-premise.

3.Upload VHD to Azure.

4.Use template to create an encrypted Linux VM on Azure.