跳转到主内容

由于F5网络负载平衡器上的SSL证书已过期、对象存储在节点重新启动后不可用

Views:
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core<a>2010057414</a>
Last Updated:

适用场景

  • ONTAP 9
  • StorageGRID
  • F5网络负载平衡器

问题描述

  • 由于硬件故障、ONTAP内置集群崩溃中的节点已被接管。

  • 节点已恢复、但交还失败、并且重新启动的节点所拥有的聚合上存在无法访问的对象存储。

cluster::> aggregate object-store show
  (storage aggregate object-store show)
Aggregate      Object Store Name Availability   Mirror Type
-------------- ----------------- -------------  -----------
...
node1_aggr2   NPH_StorageGRID   available      primary
node3_aggr1   NPH_StorageGRID   unavailable    primary
node3_aggr2   NPH_StorageGRID   available      primary

6/8/2024 08:53:51   NODE04     ERROR    Unable to connect to the object store "StorageGRID" from node 266af68c-6536-11e8-bcdd-xxxxxxxxxxxx. Reason: Connection unavailable.
6/8/2024 08:31:12   NODE04         ALERT         sfo.giveback.attemptExceeded: Attempts for automatic giveback of SFO aggregates exceeded the maximum number (3) of allowed attempts.
6/8/2024 08:30:36   NODE04         ALERT         sfo.giveback.failed: Giveback of aggregate node3_aggr2 failed due to destination check failed.
6/8/2024 08:30:36   NODE04         ALERT         sfo.sendhome.subsystemAbort: The giveback operation of 'node3_aggr2' was aborted by 'fabric pools'.
6/8/2024 08:30:36   NODE04         ERROR         gb.netra.ca.check.failed: Giveback of aggregate 'node3_aggr2' (uuid: 27f187b6-45f7-4125-b1ac-xxxxxxxxxxxx) failed due to Object store is not reachable on destination preventing object store access on the destination node.

  • 集群间LIF在节点上运行状况良好、可用于对对象存储执行ping操作。

  • 使用HTTPS并启用SSL验证。

    cluster::> storage aggregate object-store config show -fields server,port
    object-store-name server                         port
    ----------------- ------------------------------ ----
    StorageGRID       storagegrid.domain.com         443

  • 有一个自定义的CA颁发机构和证书配置。

  • 证书已过期。

cluster::*> security certificate truststore check -server storagegrid.domain.com -vserver cluster

Error: command failed: Failed to verify server's certificate chain. Reason: certificate has expired

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.