Checking the Root Drive Encryption Status

If you specified yes when prompted about the debug console while running the htroot encrypt command, you can start an ssh session on the server using the id_rsa key file obtained while running htroot encrypt. Opening an ssh session on the VM invokes the HyTrust Debug Console, which allows you to view the encryption log file. (For more information on htroot encrypt, see Encrypting Linux Root and Swap Drives.)

1. If you need a copy of the id_rsa key file for the VM:

   1. Log into the KeyControl webGUI on any node in the cluster using an account with Cloud Admin privileges.
   2. Navigate to the Cloud > VMs tab and select the VM whose key file you want to download.
   3. Select Actions > Download Bootloader SSH Key.

2. Open an ssh session by entering the command ssh -i id_rsa root@vm_name, where id_rsa is the name of the id_rsa file and vm_name is the IP address or hostname. For example:

   # ssh -i id_rsa root@192.168.140.133
   Warning: Permanently added '192.168.140.133' (RSA) to the list of known hosts.
   BusyBox v1.20.2 (Ubuntu 1:1.20.0-8.1ubuntu1) built-in shell (ash)
   Enter 'help' for a list of built-in commands.
   
   HyTrust Debug Console
   
   1. Show HT encryption log file
   2. Authenticate
   3. Show Network info
   4. Restart Network
   5. Advanced access
   6. logout
   
   Action:  

3. Select option 1 and look for the status sections. For example, here are a few of the lines towards the end of the output:

   ------------ KeyControl and status -----------------
   192.168.140.151:443
   Connected
   ---------------------------------------------------
   
   ------------ Encryption / Decryption status --------
   Root device encryption
   Processing:  21%
   Time left: 00:13:53
   ---------------------------------------------------
   

   We can see that we are connected to KeyControl and that encryption is in progress. At this point, the operation is 21% complete and there are just under 14 minutes left.