ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Onboard Key Manager onboard sync question

WAYNEWATKINS
‎2020-05-27 04:54 AM
4,747 Views

ONTAP version 9.6P7 - Using Onboard KMS for Aggregate Level Encryption -

 

When I query the KMS using the security key-manager key query command it reports back some keys as False under restored on just one of the nodes (2-node cluster). It then tells me to use the security key-manager onboard sync command to restore a key(s).

 

I've ran the sync command a couple of times and nothing appears to happen? It still displays False keys?

 

The only volume I have at the moment is an SVM root volume which was encrypted at creation time in a data aggregate fine.

 

Has anyone else seen the sync command work before?  

0 Kudos
1 ACCEPTED SOLUTION

TMACMD
NetApp A-Team
‎2020-05-27 05:59 AM
In response to WAYNEWATKINS
4,712 Views

Yeah...I think you are seeing the bug I was talking about (Fixed in 9.7 at least, maybe a 9.6P but not sure)

 

It might be this one.

https://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=1259828

(although it says fixed in 9.6P7) 

 

Once you upgrade to ONTAP 9.7, this should be fully resolved. I have seen this before. It is a display bug. You could open a case with NetApp Support so they may track it.

View solution in original post

0 Kudos
4 REPLIES 4

TMACMD
NetApp A-Team
‎2020-05-27 05:22 AM
4,733 Views

Please provide the exact commands!

 

The commands were modified/deprecated into ONTAP 9.7. For using the onboard key-manager, you should be using the:

security key-manager onboard

Command sets. Specifically:

security key-manager onboard sync

 I know there was/is a bug when NOT using the "onboard" commands.

0 Kudos

WAYNEWATKINS
‎2020-05-27 05:31 AM
In response to TMACMD
4,728 Views

I'm using the following command to check key status

security key-manager key query -node node

 

Then using the following

security key-manager onboard sync

This then prompts me for the cluster-wide passphrase.

 

If I check the key status again later it still reports keys needed to be restored?

 

Thanks

0 Kudos

TMACMD
NetApp A-Team
‎2020-05-27 05:59 AM
In response to WAYNEWATKINS
4,713 Views

Yeah...I think you are seeing the bug I was talking about (Fixed in 9.7 at least, maybe a 9.6P but not sure)

 

It might be this one.

https://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=1259828

(although it says fixed in 9.6P7) 

 

Once you upgrade to ONTAP 9.7, this should be fully resolved. I have seen this before. It is a display bug. You could open a case with NetApp Support so they may track it.

0 Kudos

WAYNEWATKINS
‎2020-05-27 06:51 AM
In response to TMACMD
4,691 Views

I did hit that bug so I upgraded to 9.6P7 which stopped the "Loop detected in next()" messages.

Now, I am seeing this new issue? 

May be it will go away if upgraded 9.7? I'm a bit reluctant to go to 9.7 at the moment as we have seen a performance issue after recently upgrading to 9.7 which is under investigation.

Thank you.

0 Kudos
Announcements
All Community Forums
Public