Update and rename How-to-configure-lvm-raid-on-crypt.md to how-to-configure-lvm-raid-on-crypt.md

jofrance · web-flow · commit 5eb3ea32afb1 · 2020-03-18T14:30:28.000-06:00
diff --git a/articles/virtual-machines/linux/how-to-configure-lvm-raid-on-crypt.md b/articles/virtual-machines/linux/how-to-configure-lvm-raid-on-crypt.md
@@ -5,20 +5,20 @@ author: jofrance
 ms.service: security
 ms.topic: article
 ms.author: jofrance
-ms.date: 03/18/2020
+ms.date: 03/17/2020
 
 ms.custom: seodec18
 
 ---
 
 # How to Configure LVM and RAID on-crypt on a Linux VM
 
-       his document is a step by step process about how to perform LVM on crypt and Raid on crypt configurations.
-       
-       ## Environment
-       
-        Linux Distributions
-        ADE Single Pass
+This document is a step by step process about how to perform LVM on crypt and Raid on crypt configurations.
+
+### Environment
+
+- Linux Distributions
+- ADE Single Pass
 - ADE Dual Pass
 
 
@@ -29,29 +29,29 @@ ms.custom: seodec18
 - Configure LVM on top of encrypted devices (LVM-on-Crypt)
 - Configure RAID on top of encrypted devices (RAID-on-Crypt)
 
-Once the underlying device(s) are encrypted then the LVM/RAID structures are created on top of that encrypted layer 
-The Physical Volumes (PV) are created on top and those are used to create the corresponding volume group
-The volumes are created and added to /etc/fstab as any other normal LVM file system 
+Once the underlying device(s) are encrypted, then you can create the LVM or RAID structures on top of that encrypted layer. 
+The Physical Volumes (PV) are created on top and those are used to create the corresponding volume group.
+You need to create the volumes and add the required entries on /etc/fstab as any other normal LVM file system. 
 
-![Check disks attached powershell](./media/disk-encryption/lvm-raid-on-crypt/000-lvm-raid-crypt-diagram.png)
+![Check disks attached PowerShell](./media/disk-encryption/lvm-raid-on-crypt/000-lvm-raid-crypt-diagram.png)
 
-In a very similar way, the RAID device is created using the encrypted layer on the disks, a filesystem is created on top of the RAID device and added to /etc/fstab as a regular device.
+In a similar way, the RAID device is created on top of the encrypted layer on the disks. A filesystem is created on top of the RAID device and added to /etc/fstab as a regular device.
 
 ### Considerations
 
 The recommended method to use is LVM-on-Crypt.
-RAID is considered when LVM can't be used due to specific application/environment limitations.
-You will be using the EncryptFormatAll option, please check all the information about this feature here https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-linux#use-encryptformatall-feature-for-data-disks-on-linux-vms 
-While this can be done when also encrypting the OS, we're just encrypting Data drives.
-This assumes that you already reviewed the and comply with the pre-requisites mentioned here: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-linux and here https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-cli-quickstart
-The ADE dual pass version should no longer be used on new ADE encryptions since it is on deprecation path.
+RAID is considered when LVM can't be used because of specific application/environment limitations.
+You'll use the EncryptFormatAll option, check all the information about this feature here https://docs.microsoft.com/azure/virtual-machines/linux/disk-encryption-linux#use-encryptformatall-feature-for-data-disks-on-linux-vms.
+While this method can be done when also encrypting the OS, we're just encrypting Data drives.
+This procedure assumes you already reviewed and comply with the pre-requisites mentioned here: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-linux and here https://docs.microsoft.com/azure/virtual-machines/linux/disk-encryption-cli-quickstart.
+The ADE dual pass version should no longer be used on new ADE encryptions,it is on deprecation path.
 
 ### Procedure
 
-When using the "on crypt" configurations you will be following the process outlined below:
+When using the "on crypt" configurations, you'll be following the process outlined below:
 
 >[!NOTE] 
->We're using variables throughout the document, please replace the values accordingly.
+>We're using variables throughout the document, replace the values accordingly.
 ### General Steps
 ####Deploy a VM 
 >[!NOTE] 
@@ -67,7 +67,7 @@ New-AzVm -ResourceGroupName ${RGNAME} `
 -Credential ${creds} `
 -Verbose
 ```
-CLI
+CLI:
 ```bash
 az vm create \
 -n ${VMNAME} \
@@ -91,7 +91,7 @@ $vm = Get-AzVM -Name ${VMNAME} -ResourceGroupName ${RGNAME}
 $vm = Add-AzVMDataDisk -VM $vm -Name $dataDiskName -CreateOption Attach -ManagedDiskId $dataDisk1.Id -Lun 0
 Update-AzVM -VM ${VM} -ResourceGroupName ${RGNAME}
 ```
-CLI
+CLI:
 ```bash
 az vm disk attach \
 -g ${RGNAME} \
@@ -107,42 +107,42 @@ Powershell:
 $VM = Get-AzVM -ResourceGroupName ${RGNAME} -Name ${VMNAME}
 $VM.StorageProfile.DataDisks | Select-Object Lun,Name,DiskSizeGB
 ```
-![Check disks attached powershell](./media/disk-encryption/lvm-raid-on-crypt/001-lvm-raid-check-disks-powershell.png)
+![Check disks attached PowerShell](./media/disk-encryption/lvm-raid-on-crypt/001-lvm-raid-check-disks-powershell.png)
 CLI:
 ```bash
 az vm show -g ${RGNAME} -n ${VMNAME} --query storageProfile.dataDisks -o table
 ```
-![Check disks attached cli](./media/disk-encryption/lvm-raid-on-crypt/002-lvm-raid-check-disks-cli.png)
+![Check disks attached CLI](./media/disk-encryption/lvm-raid-on-crypt/002-lvm-raid-check-disks-cli.png)
 Portal:
-![Check disks attached cli](./media/disk-encryption/lvm-raid-on-crypt/003-lvm-raid-check-disks-portal.png)
+![Check disks attached CLI](./media/disk-encryption/lvm-raid-on-crypt/003-lvm-raid-check-disks-portal.png)
 OS:
 ```bash
 lsblk 
 ```
 ![Check disks attached portal](./media/disk-encryption/lvm-raid-on-crypt/004-lvm-raid-check-disks-os.png)
 #### Configure the disks to be encrypted
-This is done that the operating system level, the corresponding disks are configured for a traditional ADE encryption:
+This configuration is done that the operating system level, the corresponding disks are configured for a traditional ADE encryption:
 
 Filesystems are created on top of the disks
 Temporary mount points are created to mount the filesystems
 The Filesystems are configured on /etc/fstab to be mounted at boot time
 
-Check the device letter assigned to the new disks, on this example we're using 4 data disks
+Check the device letter assigned to the new disks, on this example we're using four data disks
 
 ```bash
 lsblk 
 ```
 ![Check disks attached os](./media/disk-encryption/lvm-raid-on-crypt/004-lvm-raid-check-disks-os.png)
 
 ##### Create a filesystem on top of each disk.
-This iterates an ext4 filesystem creation on each disk defined on the "in" part of the "for" cycle.
+This command iterates an ext4 filesystem creation on each disk defined on the "in" part of the "for" cycle.
 ```bash
 for disk in c d e f; do echo mkfs.ext4 -F /dev/sd${disk}; done |bash
 ```
 ![Check disks attached os](./media/disk-encryption/lvm-raid-on-crypt/005-lvm-raid-create-temp-fs.png)
 Find the UUID of the filesystems recently created, create a temporary folder to mount it, add the corresponding entries on /etc/fstab and mount all the filesystems.
 
-This also iterates on each disk defined on the "in" part of the "for" cycle:
+This command also iterates on each disk defined on the "in" part of the "for" cycle:
 ```bash
 for disk in c d e f; do diskuuid="$(blkid -s UUID -o value /dev/sd${disk})"; \
 mkdir /tempdata${disk}; \
@@ -187,7 +187,7 @@ az vm encryption enable \
 --encrypt-format-all \
 -o table
 ```
-#### Verify the Encryption Status, proceed to the next step only when all the disks are encrypted.
+#### Verify the Encryption Status, continue to the next step only when all the disks are encrypted.
 PowerShell:
 ```powershell
 Get-AzVmDiskEncryptionStatus -ResourceGroupName ${RGNAME} -VMName ${VMNAME}
@@ -197,19 +197,19 @@ CLI:
 ```bash
 az vm encryption show -n ${VMNAME} -g ${RGNAME} -o table
 ```
-![Check encryption cli](./media/disk-encryption/lvm-raid-on-crypt/009-lvm-raid-verify-encryption-status-cli.png)
+![Check encryption CLI](./media/disk-encryption/lvm-raid-on-crypt/009-lvm-raid-verify-encryption-status-cli.png)
 Portal:
 ![Check encryption OS](./media/disk-encryption/lvm-raid-on-crypt/010-lvm-raid-verify-encryption-status-portal.png)
 OS Level:
 ```bash
 lsblk
 ```
-![Check encryption cli](./media/disk-encryption/lvm-raid-on-crypt/011-lvm-raid-verify-encryption-status-os.png)
+![Check encryption CLI](./media/disk-encryption/lvm-raid-on-crypt/011-lvm-raid-verify-encryption-status-os.png)
 You can notice the file systems were added to /var/lib/azure_disk_encryption_config/azure_crypt_mount (in case of an old encryption) or added to /etc/crypttab file in case or a newer encryption.
 
 Do not modify any of these files.
 
-This is going to be the file that will be taking care of activating these disks during the boot process so they can be later used by LVM or RAID. 
+This file is going to be taking care of activating these disks during the boot process so they can be later used by LVM or RAID. 
 
 Do not worry about the mount points on this file, as ADE will lose the ability to get the disks mounted as a normal file system after we do a pvcreate or  mdadm --create on top of those encrypted devices (which will get rid of the file system format we used during the preparation process).
 #### Remove the temp folders and temp fstab entries
@@ -237,7 +237,7 @@ Now that the underlying disks are encrypted, you can proceed to create the LVM s
 Instead of using the device name, use the /dev/mapper paths for each of the disks to perform a pvcreate (on the crypt layer on top of the disk not on the disk itself).
 ### Configure LVM on top of the encrypted layers
 #### Create the Physical Volumes
-You will get a warning asking if it is OK to wipe out the filesystem signature, You may proceed by entering 'y' or simply use the echo "y" as shown:
+You'll get a warning asking if it is OK to wipe out the filesystem signature. You may continue by entering 'y' or use the echo "y" as shown:
 ```bash
 echo "y" | pvcreate /dev/mapper/c49ff535-1df9-45ad-9dad-f0846509f052
 echo "y" | pvcreate /dev/mapper/6712ad6f-65ce-487b-aa52-462f381611a1
@@ -299,11 +299,11 @@ lsblk -fs
 df -h
 ```
 ![check lvs](./media/disk-encryption/lvm-raid-on-crypt/018-lvm-raid-lsblk-after-lvm.png)
-On this variation of lsblk, we're listing the devices showing the dependencies on reverse order, this helps to identify the devices grouped by the logical volume instead of the original /dev/sd[disk] device names.
+On this variation of lsblk, we're listing the devices showing the dependencies on reverse order, this option helps to identify the devices grouped by the logical volume instead of the original /dev/sd[disk] device names.
 
-Important: please make sure the nofail option is added to the mount point options of the LVM volumes created on top of an ADE encrypted device. This is very important to avoid the OS from getting stuck during the boot process (or in maintenance mode). The encrypted disk will be unlocked at the end of the boot process and the LVM volumes and file systems will be automatically mounted until they are unlocked by ADE, if the nofail option is not used, the OS will never get into the stage where ADE is started and the data disks are unlocked and mounted.
+Important: Make sure the nofail option is added to the mount point options of the LVM volumes created on top of an ADE encrypted device. Is important to avoid the OS from getting stuck during the boot process (or in maintenance mode). The encrypted disk will be unlocked at the end of the boot process and the LVM volumes and file systems will be automatically mounted until they're unlocked by ADE, if the nofail option is not used, the OS will never get into the stage where ADE is started, and the data disk(s) are unlocked and mounted.
 
-You can test rebooting the VM and validating the file systems are also automatically getting mounted after boot time. Please take under consideration that this process may take several minutes depending of the amount of file systems and the sizes
+You can test rebooting the VM and validating the file systems are also automatically getting mounted after boot time. Take under consideration that this process may take several minutes depending on the number of file systems and the sizes
 #### Reboot the VM and verify after reboot
 ```bash
 shutdown -r now
@@ -313,7 +313,7 @@ lsblk
 df -h
 ```
 ### For RAID-on-Crypt:
-Now the underlying disks are encrypted you can proceed to create the RAID structures, same as LVM, instead of using the device name, use the /dev/mapper paths for each of the disks.
+Now the underlying disks are encrypted you can continue to create the RAID structures, same as LVM, instead of using the device name, use the /dev/mapper paths for each of the disks.
 
 #### Configure RAID on top of the encrypted layer of the disks
 ```bash
@@ -339,7 +339,7 @@ mdadm --detail /dev/md10
 ```bash
 mkfs.ext4 /dev/md10
 ```
-Create a new mountpoint for the filesystem, add the new file system to /etc/fstab and mount it
+Create a new mountpoint for the filesystem, add the new file system to /etc/fstab, and mount it
 ```bash
 for device in md10; do diskuuid="$(blkid -s UUID -o value /dev/${device})"; \
 mkdir /raiddata; \
@@ -354,15 +354,15 @@ df -h
 ```
 ![mdadm status](./media/disk-encryption/lvm-raid-on-crypt/021-lvm-raid-lsblk-md-details.png)
 
-Important: please make sure the nofail option is added to the mount point options of the RAID volumes created on top of an ADE encrypted device. 
+Important: Make sure the nofail option is added to the mount point options of the RAID volumes created on top of an ADE encrypted device. 
 
-This is very important to avoid the OS from getting stuck during the boot process (or in maintenance mode). The encrypted disk will be unlocked at the end of the boot process and the RAID volumes and file systems will be automatically mounted until they are unlocked by ADE, if the nofail option is not used, the OS will never get into the stage where ADE is started and the data disks are unlocked and mounted.
+This is very important to avoid the OS from getting stuck during the boot process (or in maintenance mode). The encrypted disk will be unlocked at the end of the boot process and the RAID volumes and file systems will be automatically mounted until they're unlocked by ADE, if the nofail option is not used, the OS will never get into the stage where ADE is started, and the data disks are unlocked and mounted.
 
-You can test rebooting the VM and validating the file systems are also automatically getting mounted after boot time. Please take under consideration that this process may take several minutes depending of the amount of file systems and the sizes
+You can test rebooting the VM and validating the file systems are also automatically getting mounted after boot time. Please take under consideration that this process may take several minutes depending on the amount of file systems and the sizes
 ```bash
 shutdown -r now
 ```
-And when you can login:
+And when you can log in:
 ```bash
 lsblk
 df -h
@@ -371,4 +371,3 @@ df -h
 
 - [Azure Disk Encryption troubleshooting](disk-encryption-troubleshooting.md)
 
-                                                                                                                                                                                                                        
