无法创建收到加密错误的卷

最后更新
另存为PDF

Views:: 4

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

适用场景

ONTAP 9
外部密钥管理器(EKM)
HyTrust外部密钥服务器5.5.1版

问题描述

尝试使用NetApp卷加密(NVE)和HyTrust密钥服务器创建加密卷时出错：

::> volume create -vserver vserver1 -volume vol1 -aggregate aggr1 -size 300g -policy policy1 -encrypt true
 Error: [Job 5347] Job failed: Failed to create the volume on node "node-01". Reason: Failed to store NVE key with key ID"00000000000000000200000000000500bd49b0b28b08190885da887a9a2f87040000000000000000" on external key server "10.20.XX.XX:5696". Cryptsoft error: "Response status: OPERATION_FAILED. Reason: GENERAL_FAILURE. Message: DB_GENERAL"

密钥服务器可用

cluster01::*> security key-manager external show-status
 Node  Vserver  Primary Key Server                                 Status
 ----  -------  -------------------------------------------------  ------------
 node1-01
       vserver1
                10.20.XX.XX:5696                  available
 node1-02
       vserver1
                10.20.XX.XX:5696                  available
 2 entries were displayed.

在M木质日志和KMIP2_client日志中、我们可以看到：

MGWD

8003e8000000f1c1: ERR: Table::volume_create: create_imp: 3539: inside pushing state: [Job 5347] Job failed: Failed to create the volume on node "node-01". Reason: Failed to store NVE key with key ID "000000000000000002000000000005004e223eb5005bbbb96fa4b28c84fbb6820000000000000000" on external key server "10.20.XX.XX:5696". Cryptsoft error: "Response status: OPERATION_FAILED. Reason: ITEM_NOT_FOUND. Message: NOT_FOUND".

KMIP2_client
 
 [kern_kmip2_client:info:8732] [Aug 20 06:23:43]: 0x80a005a00: 0: ERR: kmip2::tables::kmip_keytable_v2: [registerNveKey]:678: Error registering VEK. Exception: KmipBatchRegisterActivateException: Response status: OPERATION_FAILED. Reason: ITEM_NOT_FOUND. Message: NOT_FOUND.