MetroCluster中的各个集群之间的板载密钥管理器密钥不匹配

适用场景

• ONTAP 9
• MetroCluster
• 板载密钥管理器(OKM)
• NetApp 卷加密(NVE)

问题描述

• 在MetroCluster系统上升级ONTAP后、MetroCluster运行状况报告为已降级：

::> system health subsystem  show
Subsystem         Health
----------------- ------------------
SAS-connect       ok
Environment       ok
Memory            ok
Service-Processor ok
Switch-Health     ok
CIFS-NDO          ok
Motherboard       ok
IO                ok
MetroCluster     degraded
MetroCluster_Node ok
FHM-Switch        ok
FHM-Bridge        ok
SAS-connect_Cluster ok
13 entries were displayed.

• 在MetroCluster检查或切换模拟期间报告以下错误：

::> metrocluster operation show
Operation: switchover-simulate
State: failed
Errors: Failed to validate the node and cluster components before the switchover operation.
node1 (overridable veto): Internal Error. The "clus_salt" value in the Onboard Key Manager database was not properly updated

 Type of Check: onboard-key-management
                         Cluster Name: Cluster1
                  Result of the Check: warning
Additional Information/Recovery Steps: Internal Error. The "clus_salt" value in the Onboard Key Manager database was not properly updated.

• 从以下命令的输出中可以看出、SVM-KEK和NSE-AK密钥在集群之间匹配：

::> security key-manager key show -used-by SVM-KEK,NSE-AK