由于使用覆盖否决进行手动交还、加密卷脱机
适用场景
- ONTAP 9
- 空闲数据加密
- 板载密钥管理器
问题描述
- 在节点重新启动期间 (由于维护、ONTAP升级等任何原因)、 系统会定期报告交还失败情况:
[node2: cf_giveback: gb.sfo.veto.kmgr.keysmissing:error]: Giveback of aggregate aggr1 failed due to the unavailability of the volume encryption keys for the encrypted volumes of the aggregate on partner node node1.
- 交还是通过覆盖否决手动执行的、在否决后、加密 卷将脱机:
[node1: vv_apply_special18: wafl.mount.transient.error:error]: WAFL: Unable to mount volume vol1, UUID 2075XXXX-XXXX-XXXX-XXXX-XXXXXXXXea91 due to Encryption key error.. Volume is taken offline due to transient errors.
- 如果在升级期间出现这种情况,andu可以 暂停:
cluster1::> cluster image show-update-progress
Estimated Elapsed
Update Phase Status Duration Duration
-------------------- ----------------- --------------- ---------------
Pre-update checks completed 00:10:00 00:00:52
ONTAP updates completed 02:34:00 02:06:29
Post-update checks paused-on-error 00:10:00 00:40:38
Details:
Post-update Check Status Error-Action
-------------------- ----------------- --------------------------------------
Volume Health Status Error Error: Volumes are found to be not
online after the upgrade.
Action: Check for volumes not online
in the cluster.
Status: Paused - An error occurred in "Post-update checks" phase. The update cannot continue until the error has been resolved. Resolve all issues, then use the "cluster image resume-update" command to resume the update.
- 命令
security key-manager key show
( 在ONTAP 9.6中已弃用)显示以下错误:
Error: One or more nodes have onboard key management keys that need to be restored. Run the "security key-manager onboard sync" command to restore the onboard key hierarchy on those nodes.