由于缺少加密密钥、MetroCluster切换模拟失败
- Views:
- 1
- Visibility:
- Public
- Votes:
- 0
- Category:
- ontap-9
- Specialty:
- metrocluster<a>2009662214.</a>
- Last Updated:
适用场景
- ONTAP 9
- MetroCluster
- Terles CipherTrust Manager (特许公司)
- 外部密钥管理器(EKM)
问题描述
- 观察到以下错误:
MCC-A::> metrocluster operation show Operation: switchover-simulate State: failed Start Time: 9/1/2023 16:13:31 End Time: 9/1/2023 16:13:40 Errors: Failed to validate the node and cluster components before the switchover operation. MCC-A (overridable veto): Partner cluster node: MCC-A-01 missing keymanager encryption key with key-id 00000000000000000200000000000xxxxxxxxxxxxxx0000000000000000.
- 在将二级密钥服务器提升为主密钥服务器后重新添加已删除的密钥服务器时、这些密钥也不会同步。
- ONTAP可以在加密卷时将密钥发布到EKM、并且可以找到这些密钥。我们会在
KMIP2-CLIENT.GZAutopSupport部分看到此信息:
DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:123: KMIP Locate executed successfully!
KmipGet但会失败:
ERR: kmip2::tables::kmip_keytable_v2: [queryKeyserverForKey]:1965: Get command failed: KmipGetException: NOT_FOUND (11)
- 在“部件号记录”/“Loki审计记录”部分, 同时给出“未找到记录”错误。可以在中查看元数据
CTM,以便将identifier与ONTAP匹配key-id:
{ "acc": "user1", "acct": "user1:user1:admin:accounts:user1", "iss": "sallyport", "sub": "efbbdcf4-c523-4ad0-8152-xxxxxxxxxxxx"}details{ "errorMessage": "record not found", "identifier": "9e968b1433004c61b2c38fd73d452d53b05ca2087fbe4332af80xxxxxxxxxxxx" }