8. From the partner node, giveback the partner controller: storage failover giveback -fromnode local
-only-cfo-aggregates true
9. Once booted only with CFO aggregate run the security key-manager onboard sync command:
10. Enter the cluster-wide passphrase for the Onboard Key Manager:
Enter the cluster-wide passphrase for the Onboard Key Manager:
All offline encrypted volumes will be brought online and the
corresponding volume encryption keys (VEKs) will be restored
automatically within 10 minutes. If any offline encrypted volumes
are not brought online automatically, they can be brought online
manually using the "volume online -vserver <vserver> -volume
<volume_name>" command.
11. Ensure that all keys are synced: security key-manager key query -restored false
There are no entries matching your query.
No results should appear when filtering for false in the restored parameter.
12. Giveback of the node from the partner: storage failover giveback -fromnode local
Option 2: Systems with external key manager server configuration
Restore the external key manager configuration from the ONATP boot menu.
Before you begin
You need the following information for restoring the external key manager (EKM) configuration:
• You need a copy of the /cfcard/kmip/servers.cfg file from another cluster node, or, the following
information:
• The KMIP server address.
• The KMIP port.
• A copy of the /cfcard/kmip/certs/client.crt file from another cluster node, or, the client certificate.
• A copy of the /cfcard/kmip/certs/client.key file from another cluster node, or, the client key.
• A copy of the /cfcard/kmip/certs/CA.pem file from another cluster node, or, the KMIP server CA(s).
Steps
1. Select Option 11 from the ONTAP boot menu.
15
To Next Page
Loading...
