メインコンテンツまでスキップ

暗号化キーが見つからないためにMetroClusterのスイッチオーバー-simulateが失敗する

Views:
1
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
metrocluster<a>2009662214</a>
Last Updated:

環境

  • ONTAP 9
  • MetroCluster
  • タレスCipherTrust Manager(CTM)
  • 外部キーマネージャ(EKM)

問題

  • 次のエラーが表示されます。
MCC-A::> metrocluster operation show
    Operation: switchover-simulate
      State: failed
    Start Time: 9/1/2023 16:13:31
     End Time: 9/1/2023 16:13:40
      Errors: Failed to validate the node and cluster components before the switchover operation.
          MCC-A (overridable veto): Partner cluster node: MCC-A-01 missing keymanager encryption key with key-id 00000000000000000200000000000xxxxxxxxxxxxxx0000000000000000.

 

  • セカンダリキーサーバをプライマリに昇格した後に削除されたキーサーバを再追加すると、キーも同期されません。
  • ONTAPは、ボリュームを暗号化するときにEKMにキーを発行し、それらを見つけることができます。KMIP2-CLIENT.GZ AutopSupportセクションに次のような情報が表示されます。

DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:123: KMIP Locate executed successfully!

  • KmipGet ただし、は次のように失敗します。

ERR: kmip2::tables::kmip_keytable_v2: [queryKeyserverForKey]:1965: Get command failed: KmipGetException: NOT_FOUND (11)

  • CTM Records/Loki Audit recordsセクションで、  record not foundエラーが同時に表示されます。にメタデータを表示して CTMidentifier ONTAPと一致させることができ key-idます。
{
  "acc": "user1",
  "acct": "user1:user1:admin:accounts:user1",
  "iss": "sallyport",
  "sub": "efbbdcf4-c523-4ad0-8152-xxxxxxxxxxxx"
}
details
{
  "errorMessage": "record not found",
  "identifier": "9e968b1433004c61b2c38fd73d452d53b05ca2087fbe4332af80xxxxxxxxxxxx"   
}

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.