连接到 (KMIP) 外部密钥管理器时节点超时
适用于
- ONTAP 9
- 外部密钥管理(EKM)/ KMIP 配置
问题
::> security key-manager external show-status output:
Node: nascls032-n03Vserver: nascls032KeyServerPort: 5696KMIP is operational: falseReason: IOKeyServer Role Server Status Reason----------------------------------------------10.176.175.121 primary not-responding IO10.223.204.26 primary not-responding IO
EMS 日志:
[node01:mgwd:km.keyserver.notavailable:alert]: The external key management server "10.xx.yy.121:5696" is not available for Vserver "vserver01", status: "not-responding".[node01:mgwd:km.keyserver.notavailable:alert]: The external key management server "10.xx.yy.26:5696" is not available for Vserver "vserver01", status: "not-responding".
KMIP2 客户端日志:
ERR: kmip2::kmipCmds::KmipConnection:[cryptsoftErrorCb]: Error: kmip_ssl_conn_do_handshake: 10.xx.xy.121ERR: kmip2::tables::kmip_keyserver_status:[setKeyServerStatus]: Received an exception in setting up TLS connection: IO(10) Cryptsoft error code 10 = IOError: TCP connection never established, TLS handshake cannot begin.
- 来自受影响节点的 TCP 连接测试超时,而伙伴节点成功。