Azure · bamuir · Apr 1, 2022 · Apr 6, 2022 · Apr 6, 2022
diff --git a/VMEncryption/main/BekUtil.py b/VMEncryption/main/BekUtil.py
@@ -40,7 +40,7 @@ class BekUtil(object):
     def __init__(self, disk_util, logger):
         self.disk_util = disk_util
         self.logger = logger
-        self.bek_filesystem_mount_point = '/mnt/azure_bek_disk'
+        self.bek_filesystem_mount_point = '/azure_bek_disk'
         self.bek_label = 'BEK VOLUME'
         self.bek_filesystem = 'vfat'
         self.wrong_fs_msg = "BEK does not have vfat filesystem."

diff --git a/VMEncryption/main/Common.py b/VMEncryption/main/Common.py
@@ -37,7 +37,7 @@ class CommonVariables:
     wire protocol message format
     """
     encryption_key_file_name = 'LinuxPassPhraseFileName'
-    encryption_key_mount_point = '/mnt/azure_bek_disk'
+    encryption_key_mount_point = '/azure_bek_disk'
     bek_fstab_line_template = 'LABEL=BEK\\040VOLUME {0} auto defaults,discard,nofail 0 0\n'
     bek_fstab_line_template_ubuntu_14 = 'LABEL=BEK\\040VOLUME {0} auto defaults,discard,nobootwait 0 0\n'
     etc_defaults_cryptdisks_line = '\nCRYPTDISKS_MOUNT="$CRYPTDISKS_MOUNT {0}"\n'

diff --git a/VMEncryption/main/oscrypto/91ade/cryptroot-ask-ade.sh b/VMEncryption/main/oscrypto/91ade/cryptroot-ask-ade.sh
@@ -42,9 +42,9 @@ numtries=${3:-10}
 
 info "luksOpen $device $luksname"
 
-ls /mnt/azure_bek_disk/LinuxPassPhraseFileName* || (mkdir -p /mnt/azure_bek_disk/ && mount -L "BEK VOLUME" /mnt/azure_bek_disk/)
+ls /azure_bek_disk/LinuxPassPhraseFileName* || (mkdir -p /azure_bek_disk/ && mount -L "BEK VOLUME" /azure_bek_disk/)
 
-for luksfile in $(ls /mnt/azure_bek_disk/LinuxPassPhraseFileName*); do
+for luksfile in $(ls /azure_bek_disk/LinuxPassPhraseFileName*); do
     break;
 done
 
@@ -77,7 +77,7 @@ if [ $ask_passphrase -ne 0 ]; then
     unset luks_open
 fi
 
-umount /mnt/azure_bek_disk
+umount /azure_bek_disk
 
 unset device luksname luksfile
 

diff --git a/VMEncryption/main/oscrypto/centos_68/encryptstates/UnmountOldrootState.py b/VMEncryption/main/oscrypto/centos_68/encryptstates/UnmountOldrootState.py
@@ -86,14 +86,14 @@ def enter(self):
         if os.path.exists("/oldroot/mnt"):
             self.command_executor.Execute('umount /oldroot/mnt')
 
-        if os.path.exists("/oldroot/mnt/azure_bek_disk"):
-            self.command_executor.Execute('umount /oldroot/mnt/azure_bek_disk')
+        if os.path.exists("/oldroot/azure_bek_disk"):
+            self.command_executor.Execute('umount /oldroot/azure_bek_disk')
 
         if os.path.exists("/mnt"):
             self.command_executor.Execute('umount /mnt')
 
-        if os.path.exists("/mnt/azure_bek_disk"):
-            self.command_executor.Execute('umount /mnt/azure_bek_disk')
+        if os.path.exists("/azure_bek_disk"):
+            self.command_executor.Execute('umount /azure_bek_disk')
 
         self.command_executor.Execute('umount /oldroot/mnt/resource')
         self.command_executor.Execute('umount /oldroot/boot')

diff --git a/VMEncryption/main/oscrypto/rhel_68/encryptstates/UnmountOldrootState.py b/VMEncryption/main/oscrypto/rhel_68/encryptstates/UnmountOldrootState.py
@@ -83,14 +83,14 @@ def enter(self):
         if os.path.exists("/oldroot/mnt"):
             self.command_executor.Execute('umount /oldroot/mnt')
 
-        if os.path.exists("/oldroot/mnt/azure_bek_disk"):
-            self.command_executor.Execute('umount /oldroot/mnt/azure_bek_disk')
+        if os.path.exists("/oldroot/azure_bek_disk"):
+            self.command_executor.Execute('umount /oldroot/azure_bek_disk')
 
         if os.path.exists("/mnt"):
             self.command_executor.Execute('umount /mnt')
 
-        if os.path.exists("/mnt/azure_bek_disk"):
-            self.command_executor.Execute('umount /mnt/azure_bek_disk')
+        if os.path.exists("/azure_bek_disk"):
+            self.command_executor.Execute('umount /azure_bek_disk')
 
         self.command_executor.Execute('umount /oldroot/mnt/resource')
         self.command_executor.Execute('umount /oldroot/boot')

diff --git a/VMEncryption/main/oscrypto/ubuntu_1404/encryptstates/UnmountOldrootState.py b/VMEncryption/main/oscrypto/ubuntu_1404/encryptstates/UnmountOldrootState.py
@@ -77,14 +77,14 @@ def enter(self):
         if os.path.exists("/oldroot/mnt"):
             self.command_executor.Execute('umount /oldroot/mnt')
 
-        if os.path.exists("/oldroot/mnt/azure_bek_disk"):
-            self.command_executor.Execute('umount /oldroot/mnt/azure_bek_disk')
+        if os.path.exists("/oldroot/azure_bek_disk"):
+            self.command_executor.Execute('umount /oldroot/azure_bek_disk')
 
         if os.path.exists("/mnt"):
             self.command_executor.Execute('umount /mnt')
 
-        if os.path.exists("/mnt/azure_bek_disk"):
-            self.command_executor.Execute('umount /mnt/azure_bek_disk')
+        if os.path.exists("/azure_bek_disk"):
+            self.command_executor.Execute('umount /azure_bek_disk')
 
         proc_comm = ProcessCommunicator()
 

diff --git a/VMEncryption/main/oscrypto/ubuntu_1604/encryptstates/UnmountOldrootState.py b/VMEncryption/main/oscrypto/ubuntu_1604/encryptstates/UnmountOldrootState.py
@@ -79,14 +79,14 @@ def enter(self):
         if os.path.exists("/oldroot/mnt"):
             self.command_executor.Execute('umount /oldroot/mnt')
 
-        if os.path.exists("/oldroot/mnt/azure_bek_disk"):
-            self.command_executor.Execute('umount /oldroot/mnt/azure_bek_disk')
+        if os.path.exists("/oldroot/azure_bek_disk"):
+            self.command_executor.Execute('umount /oldroot/azure_bek_disk')
 
         if os.path.exists("/mnt"):
             self.command_executor.Execute('umount -R /mnt')
 
-        if os.path.exists("/mnt/azure_bek_disk"):
-            self.command_executor.Execute('umount /mnt/azure_bek_disk')
+        if os.path.exists("/azure_bek_disk"):
+            self.command_executor.Execute('umount /azure_bek_disk')
 
         proc_comm = ProcessCommunicator()
 

diff --git a/VMEncryption/main/oscrypto/ubuntu_2004/encryptscripts/crypt-ade-boot b/VMEncryption/main/oscrypto/ubuntu_2004/encryptscripts/crypt-ade-boot
@@ -7,7 +7,7 @@ set -x
 #   - /usr/share/initramfs-tools/hooks/crypt-ade-hook has run
 #   - /etc/fstab file has been copied to initramfs
 #   - /etc/fstab includes an entry to mount /boot
-#   - /etc/fstab includes an entry to mount /mnt/azure_bek_disk
+#   - /etc/fstab includes an entry to mount /azure_bek_disk
 #   - hook script will append cryptsetup and exit command
 
 PREREQS="udev"
@@ -18,6 +18,6 @@ prereqs()
 }
 
 mount -a
-cryptsetup luksOpen /dev/disk/by-partuuid/ROOTPARTUUID osencrypt --header /boot/luks/osluksheader -d /mnt/azure_bek_disk/LinuxPassPhraseFileName
+cryptsetup luksOpen /dev/disk/by-partuuid/ROOTPARTUUID osencrypt --header /boot/luks/osluksheader -d /azure_bek_disk/LinuxPassPhraseFileName
 
 exit 0
diff --git a/VMEncryption/main/oscrypto/ubuntu_2004/encryptscripts/crypt-ade-hook b/VMEncryption/main/oscrypto/ubuntu_2004/encryptscripts/crypt-ade-hook
@@ -21,10 +21,10 @@ esac
 
 # add /etc/fstab entries and mount point directories
 mkdir -p $DESTDIR/boot
-mkdir -p $DESTDIR/mnt/azure_bek_disk
+mkdir -p $DESTDIR/azure_bek_disk
 BOOTUUID=$(findmnt -fn -o UUID /boot)
 echo "/dev/disk/by-uuid/$BOOTUUID /boot ext2 defaults 0 0" >> "$DESTDIR/etc/fstab"
-echo "/dev/disk/by-label/BEK\\x20VOLUME /mnt/azure_bek_disk auto defaults 0 0" >> "$DESTDIR/etc/fstab"
+echo "/dev/disk/by-label/BEK\\x20VOLUME /azure_bek_disk auto defaults 0 0" >> "$DESTDIR/etc/fstab"
 
 # inject luks header
 mkdir -p ${DESTDIR}/boot/luks

diff --git a/VMEncryption/main/oscrypto/ubuntu_2004/encryptstates/PatchBootSystemState.py b/VMEncryption/main/oscrypto/ubuntu_2004/encryptstates/PatchBootSystemState.py
@@ -128,7 +128,7 @@ def _modify_pivoted_oldroot(self):
             # add root partition UUID to boot script cryptsetup command
             self.command_executor.Execute("sed -i 's/ROOTPARTUUID/{0}/g' /usr/share/initramfs-tools/scripts/init-premount/crypt-ade-boot".format(root_partition_uuid), True)
             # add root partition UUID to /etc/crypttab
-            entry = 'osencrypt /dev/disk/by-partuuid/{0} /mnt/azure_bek_disk/LinuxPassPhraseFileName luks,discard,header=/boot/luks/osluksheader'.format(root_partition_uuid)
+            entry = 'osencrypt /dev/disk/by-partuuid/{0} /azure_bek_disk/LinuxPassPhraseFileName luks,discard,header=/boot/luks/osluksheader'.format(root_partition_uuid)
             self._append_contents_to_file(entry, '/etc/crypttab')
         else:
             message = "Failed to get root partition UUID"

diff --git a/VMEncryption/main/oscrypto/ubuntu_2004/encryptstates/UnmountOldrootState.py b/VMEncryption/main/oscrypto/ubuntu_2004/encryptstates/UnmountOldrootState.py
@@ -75,14 +75,14 @@ def enter(self):
         if os.path.exists("/oldroot/mnt"):
             self.command_executor.Execute('umount /oldroot/mnt')
 
-        if os.path.exists("/oldroot/mnt/azure_bek_disk"):
-            self.command_executor.Execute('umount /oldroot/mnt/azure_bek_disk')
+        if os.path.exists("/oldroot/azure_bek_disk"):
+            self.command_executor.Execute('umount /oldroot/azure_bek_disk')
 
         if os.path.exists("/mnt"):
             self.command_executor.Execute('umount -R /mnt')
 
-        if os.path.exists("/mnt/azure_bek_disk"):
-            self.command_executor.Execute('umount /mnt/azure_bek_disk')
+        if os.path.exists("/azure_bek_disk"):
+            self.command_executor.Execute('umount /azure_bek_disk')
 
         proc_comm = ProcessCommunicator()
 

diff --git a/VMEncryption/main/test/test_UbuntuPatching.py b/VMEncryption/main/test/test_UbuntuPatching.py
@@ -61,12 +61,12 @@ def test_update_prereq(self, ce_mock, exists_mock, open_mock):
         self.assertEqual(exists_mock.call_count, 2)
 
         # Test 2: Other Entries along with osencrypt
-        crypttab_contents="mapper_name /dev/dev_path /mnt/azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
+        crypttab_contents="mapper_name /dev/dev_path /azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
         "osencrypt /dev/sda1 none luks,discard,header=/boot/luks/osluksheader,keyscript=/usr/sbin/azure_crypt_key.sh\n"\
-        "mapper_name1 /dev/dev_path1 /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
-        expected_crypttab_contents="mapper_name /dev/dev_path /mnt/azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
+        "mapper_name1 /dev/dev_path1 /azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
+        expected_crypttab_contents="mapper_name /dev/dev_path /azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
         "osencrypt /dev/disk/azure/root-part1 none luks,discard,header=/boot/luks/osluksheader,keyscript=/usr/sbin/azure_crypt_key.sh\n"\
-        "mapper_name1 /dev/dev_path1 /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
+        "mapper_name1 /dev/dev_path1 /azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
         open_mock.reset_mock()
         ce_mock.reset_mock()
         exists_mock.reset_mock()
@@ -79,11 +79,11 @@ def test_update_prereq(self, ce_mock, exists_mock, open_mock):
 
         # Test 3: osencrypt already with /dev/disk/azure/root-part1
         crypttab_contents="""osencrypt /dev/disk/azure/root-part1 none luks,discard,header=/boot/luks/osluksheader,keyscript=/usr/sbin/azure_crypt_key.sh
-        mapper_name /dev/dev_path /mnt/azure_bek_disk/LinuxPassPhraseFileName luks,nofail
-        mapper_name1 /dev/dev_path1 /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"""
+        mapper_name /dev/dev_path /azure_bek_disk/LinuxPassPhraseFileName luks,nofail
+        mapper_name1 /dev/dev_path1 /azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"""
         expected_crypttab_contents="""osencrypt /dev/disk/azure/root-part1 none luks,discard,header=/boot/luks/osluksheader,keyscript=/usr/sbin/azure_crypt_key.sh
-        mapper_name /dev/dev_path /mnt/azure_bek_disk/LinuxPassPhraseFileName luks,nofail
-        mapper_name1 /dev/dev_path1 /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"""
+        mapper_name /dev/dev_path /azure_bek_disk/LinuxPassPhraseFileName luks,nofail
+        mapper_name1 /dev/dev_path1 /azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"""
         open_mock.reset_mock()
         ce_mock.reset_mock()
         exists_mock.reset_mock()
@@ -96,15 +96,15 @@ def test_update_prereq(self, ce_mock, exists_mock, open_mock):
 
         # Test 4: crypttab has comments and empty lines
         crypttab_contents="#This is mock crypttab file\n"\
-        "mapper_name /dev/dev_path /mnt/azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
+        "mapper_name /dev/dev_path /azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
         "osencrypt /dev/sda1 none luks,discard,header=/boot/luks/osluksheader,keyscript=/usr/sbin/azure_crypt_key.sh\n"\
         "\n"\
-        "mapper_name1 /dev/dev_path1 /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
+        "mapper_name1 /dev/dev_path1 /azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
         expected_crypttab_contents="#This is mock crypttab file\n"\
-        "mapper_name /dev/dev_path /mnt/azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
+        "mapper_name /dev/dev_path /azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
         "osencrypt /dev/disk/azure/root-part1 none luks,discard,header=/boot/luks/osluksheader,keyscript=/usr/sbin/azure_crypt_key.sh\n"\
         "\n"\
-        "mapper_name1 /dev/dev_path1 /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
+        "mapper_name1 /dev/dev_path1 /azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
         open_mock.reset_mock()
         ce_mock.reset_mock()
         exists_mock.reset_mock()
@@ -117,15 +117,15 @@ def test_update_prereq(self, ce_mock, exists_mock, open_mock):
 
         # Test 5: osencrypt entry with /dev/disk/by-id/wwn-*
         crypttab_contents="#This is mock crypttab file\n"\
-        "mapper_name /dev/dev_path /mnt/azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
+        "mapper_name /dev/dev_path /azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
         "osencrypt /dev/disk/by-id/wwn-0x60022480b469b749f472dfc8093da5dd-part1 none luks,discard,header=/boot/luks/osluksheader,keyscript=/usr/sbin/azure_crypt_key.sh\n"\
         "\n"\
-        "mapper_name1 /dev/dev_path1 /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
+        "mapper_name1 /dev/dev_path1 /azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
         expected_crypttab_contents="#This is mock crypttab file\n"\
-        "mapper_name /dev/dev_path /mnt/azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
+        "mapper_name /dev/dev_path /azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
         "osencrypt /dev/disk/azure/root-part1 none luks,discard,header=/boot/luks/osluksheader,keyscript=/usr/sbin/azure_crypt_key.sh\n"\
         "\n"\
-        "mapper_name1 /dev/dev_path1 /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
+        "mapper_name1 /dev/dev_path1 /azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
         open_mock.reset_mock()
         ce_mock.reset_mock()
         exists_mock.reset_mock()
@@ -138,15 +138,15 @@ def test_update_prereq(self, ce_mock, exists_mock, open_mock):
 
         # Test 6: osencrypt entry with /dev/disk/by-id/scsi-*
         crypttab_contents="#This is mock crypttab file\n"\
-        "mapper_name /dev/dev_path /mnt/azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
+        "mapper_name /dev/dev_path /azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
         "osencrypt /dev/disk/by-id/scsi-0x60022480b469b749f472dfc8093da5dd-part1 none luks,discard,header=/boot/luks/osluksheader,keyscript=/usr/sbin/azure_crypt_key.sh\n"\
         "\n"\
-        "mapper_name1 /dev/dev_path1 /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
+        "mapper_name1 /dev/dev_path1 /azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
         expected_crypttab_contents="#This is mock crypttab file\n"\
-        "mapper_name /dev/dev_path /mnt/azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
+        "mapper_name /dev/dev_path /azure_bek_disk/LinuxPassPhraseFileName luks,nofail\n"\
         "osencrypt /dev/disk/azure/root-part1 none luks,discard,header=/boot/luks/osluksheader,keyscript=/usr/sbin/azure_crypt_key.sh\n"\
         "\n"\
-        "mapper_name1 /dev/dev_path1 /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
+        "mapper_name1 /dev/dev_path1 /azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"
         open_mock.reset_mock()
         ce_mock.reset_mock()
         exists_mock.reset_mock()
@@ -159,11 +159,11 @@ def test_update_prereq(self, ce_mock, exists_mock, open_mock):
 
         # Test 7: /dev/disk/azure/root-part1 does not exist
         crypttab_contents="""osencrypt /dev/disk/azure/scsi0/lun0-part1 none luks,discard,header=/boot/luks/osluksheader,keyscript=/usr/sbin/azure_crypt_key.sh
-        mapper_name /dev/dev_path /mnt/azure_bek_disk/LinuxPassPhraseFileName luks,nofail
-        mapper_name1 /dev/dev_path1 /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"""
+        mapper_name /dev/dev_path /azure_bek_disk/LinuxPassPhraseFileName luks,nofail
+        mapper_name1 /dev/dev_path1 /azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"""
         expected_crypttab_contents="""osencrypt /dev/disk/azure/scsi0/lun0-part1 none luks,discard,header=/boot/luks/osluksheader,keyscript=/usr/sbin/azure_crypt_key.sh
-        mapper_name /dev/dev_path /mnt/azure_bek_disk/LinuxPassPhraseFileName luks,nofail
-        mapper_name1 /dev/dev_path1 /mnt/azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"""
+        mapper_name /dev/dev_path /azure_bek_disk/LinuxPassPhraseFileName luks,nofail
+        mapper_name1 /dev/dev_path1 /azure_bek_disk/LinuxPassPhraseFileName_1_0 luks,nofail"""
         open_mock.reset_mock()
         ce_mock.reset_mock()
         exists_mock.reset_mock()

diff --git a/VMEncryption/main/test/test_bek_util.py b/VMEncryption/main/test/test_bek_util.py
@@ -16,7 +16,7 @@ def setUp(self):
     @mock.patch('DiskUtil.DiskUtil', autospec=True)
     def test_is_bek_volume_mounted_and_formatted_expected(self, disk_util_mock):
         bek_util = BekUtil(disk_util_mock, self.logger)
-        disk_util_mock.get_mount_items.return_value = [{"src":"/dev/sdc1", "dest":"/mnt/azure_bek_disk", "fs":"vfat"}]
+        disk_util_mock.get_mount_items.return_value = [{"src":"/dev/sdc1", "dest":"/azure_bek_disk", "fs":"vfat"}]
         bek_expected, fault_reason = bek_util.is_bek_volume_mounted_and_formatted()
         self.assertTrue(bek_expected)
 
@@ -31,7 +31,7 @@ def test_is_bek_volume_mounted_and_formatted_not_mounted(self, disk_util_mock):
     @mock.patch('DiskUtil.DiskUtil', autospec=True)
     def test_is_bek_volume_mounted_and_formatted_wrong_fs(self, disk_util_mock):
         bek_util = BekUtil(disk_util_mock, self.logger)
-        disk_util_mock.get_mount_items.return_value = [{"src":"/dev/sdc1", "dest":"/mnt/azure_bek_disk", "fs":"wrongFS"}, {"src":"/dev/sda1", "dest":"/", "fs":"ext4"}]
+        disk_util_mock.get_mount_items.return_value = [{"src":"/dev/sdc1", "dest":"/azure_bek_disk", "fs":"wrongFS"}, {"src":"/dev/sda1", "dest":"/", "fs":"ext4"}]
         bek_expected, fault_reason = bek_util.is_bek_volume_mounted_and_formatted()
         self.assertFalse(bek_expected)
         self.assertEqual(fault_reason, bek_util.wrong_fs_msg)