Applying updates to a encrypted Azure IaaS Red Hat VM using Yum Update

In this post, we will describe the steps you must take before you apply the updates (patch) to an already encrypted Azure IaaS Red Hat VM using yum update or newly encrypted IaaS Red Hat VM using yum update. Lets take a look at the below two scenarios:

A. Deploying new encrypted IaaS Red Hat VM in Azure and applying updates using yum updates

1. Create a RHEL 7.3 VM from Azure gallery image
2. Attach/mount data disks
3. Encrypt all disks using the Azure disk encryption (ADE) supported scenarios and interfaces from ADE located here
4. Reboot when ADE PS cmdlet Get-AzureRmVmDiskEncryptionStatus returns "VMRestartPending" (for OS disk encryption)
5. Run the command "Yum update" on the VM (this should update both kernel and Dracut modules)
6. Run the commands on the VM from https://gist.github.com/mayank88mahajan/38faf934c86b89ad766c4c16dcd5f4aa

The above step 6 will generate a new initramfs image corresponding to the new kernel version with the patched up version of Dracut module

Reboot the VM

B. Applying updates using yum updates to existing (running) encrypted IaaS Red Hat VM in Azure

1. Run the command "Yum update" on the VM (this should update both kernel and Dracut modules)

2. Run the commands on the VM from https://gist.github.com/mayank88mahajan/38faf934c86b89ad766c4c16dcd5f4aa

The above step 2 will generate a new initramfs image corresponding to the new kernel version with the patched up version of Dracut modules

Reboot the VM