クラスタピアリングが cpeer.psk.cluster.revokedで失敗しました:エラー
環境
- ONTAP 9.x
- クラスタ ピアリング
- 暗号スイート
問題
- 新しく作成されたクラスタピアは使用できません。
source::> cluster peer showPeer Cluster Name Cluster Serial Number Availability Authentication------------------------- --------------------- -------------- --------------destination 1-80-xxxxxx Unavailable okdestination::> cluster peer showPeer Cluster Name Cluster Serial Number Availability Authentication------------------------- --------------------- -------------- --------------source 1-80-xxxxxx Unavailable ok- 両方のクラスタのすべてのノードからクラスタピアpingに相互に到達できます。
source::*> cluster peer ping -destination-cluster destinationNode: source_node1 Destination Cluster: destinationDestination Node IP Address Count TTL RTT(ms) Status---------------- ---------------- ----- ---- ------- -------------------------destination_node1 10.xx.xx.xx 1 64 0.28 interface_reachabledestination_node2 10.xx.xx.xx 1 64 0.157 interface_reachableNode: source_node2 Destination Cluster: destinationDestination Node IP Address Count TTL RTT(ms) Status---------------- ---------------- ----- ---- ------- -------------------------destination_node1 10.xx.xx.xx 1 64 0.137 interface_reachabledestination_node2 10.xx.xx.xx 1 64 0.189 interface_reachable4 entries were displayed.- ポート11104と11105もソースクラスタとデスティネーションクラスタの両方から到達できます。ネットワークまたはその他の接続問題が見つかりません。
- EMSログに表示されるアラートは次のとおりです。
Thu Apr 24 17:00:04 +0000 [source: cpeer.psk.cluster.revoked:error]: ONTAP received a TLS request to authenticate with the pre-shared key of remote cluster destination, but the relationship with the remote cluster has been revoked by the administrator of this cluster. The request was sent from address 10.xx.xx.xx in IPspace Default.Thu Apr 24 17:00:06 +0000 [source: cpeer.psk.unknown.cluster:error]: ONTAP received a TLS request to authenticate with a remote cluster's pre-shared key, but the remote cluster UUID (36beed9a-6c84-11ec-868b-xxxxxxxxx) is unrecognized. The probe arrived from address 10.xx.xx.xx in IPspace Default.Thu Apr 24 17:00:09 +0000 [source: cpeer.unavailable:alert]: Peer cluster destination is no longer available.- Ktlsハンドシェイクに失敗したアラートはEMSにも表示される
Thu Apr 24 17:00:33 +0000 [source: ktls_handshakes: csm.connectionFailed:debug]: CSM failed to create a connection: localBladeUUID = source:dblade, remoteBladeUUID = 690257a8-xxx, uniquifier = 0e063389xxxxx, transportType = UNASSIGNED, sessionTag = CPEER, localVifId = 1028, remoteVifIP = 10.xx.xx.xx, CsmError = CSM_CONNABORTED, ctLoError = CTLO_ERR_UNKNOWN, socketError = 5, and TLSerror = 167772345.Thu Apr 24 17:00:33 +0000 [stnpa3-02-st103: ktls_handshakes: csm.createSessionFailed:debug]: Cluster Session Manager (CSM) failed to create session (req=source:dblade, rsp=690257a8-ad3a-11eb-ad83-xxxxxxx, uniquifier=0e0633892xxxxxx) with transport type UNASSIGNED, session tag CPEER, record state STARTING, CSM error CSM_CONNABORTED, low-level error CTLO_ERR_OK, socket error 5, and TLS error 167772345.