ONTAP 升级后、节点上的密钥自动检索失败
适用场景
- ONTAP 9
- 外部密钥管理服务器
问题描述
- 在ONTAP 升级后的交还期间、密钥未还原。
Sat Jun 18 01:06:14 -0500 [XXXXXXXXXX: mgwd: km.keyretrieve.failed:alert]: Key auto-retrieve failed on node XXXXXXXXX-02 for Vserver XXXXXXXXXX (ID -1, UUID 4b13acef-e009-11eb-a21e-d039ea30f54d).- 使用"安全密钥管理器外部还原-node XXXXXXXX-02 "进行还原时会生成权限错误。
- 对有问题的卷进行解密、完成升级并重新对其进行加密。
Sat Jun 18 02:06:46 -0500 [XXXXXXXXX: kmip2_client: kmip2.ssl.cannot.connect:alert]: Unable to make SSL/TLS connection to KMIP server. Error: SSL_PARAMSSat Jun 18 02:05:28 -0500 [XXXXXXXXX: kmip2_client: kmip2.ssl.cannot.connect:alert]: Unable to make SSL/TLS connection to KMIP server. Error: SSL_PARAMS- 理想情况下、如果密钥管理器发生超时、则会生成这些警报。
Sat Jun 18 2022 01:30:03 -05:00 [kern_kmip2_client:info:6931] [Jun 18 01:30:03]: 0x808b47200: 8003e8000006402d: ERR: kmip2::tables::kmip_keytable_v2: [populateFields]:1761: Get command failed. Exception: KmipGetException: Response status: OPERATION_FAILED. Reason: PERMISSION_DENIED. Message: The KMIP user is not authorized to access the target object.-0000001d.00006e4f 0000b907 Sat Jun 18 2022 02:03:06 -05:00 [kern_kmip2_client:info:6931] [Jun 18 02:03:06]: 0x808b48600: 8003e800000640fc: ERR: kmip2::tables::kmip_keytable_v2: [populateFields]:1761: Get command failed. Exception: KmipGetException: Response status: OPERATION_FAILED. Reason: PERMISSION_DENIED. Message: The KMIP user is not authorized to access the target object.- 此时、ONTAP 正在访问SKLM服务器、但它正在拒绝ONTAP 的kmip用户信息。
- SKLM团队/SKLM供应商必须确定拒绝密钥查询的原因、但权限不足。