c. Shut down the impaired node.
3. If you saw the message This command is not supported when onboard key management is enabled,
display the keys stored in the onboard key manager:
security key-manager key show -detail
a.
If the
Restored column displays yes manually backup the onboard key management information:
â–ª
Go to advanced privilege mode and enter
y when prompted to continue: set -priv advanced
â–ª
Enter the command to display the OKM backup information:
security key-manager backup
show
▪ Copy the contents of the backup information to a separate file or your log file. You’ll need it in
disaster scenarios where you might need to manually recover OKM.
â–ª
Return to admin mode:
set -priv admin
â–ª Shut down the impaired node.
b.
If the
Restored column displays anything other than yes:
â–ª
Run the key-manager setup wizard:
security key-manager setup -node
target/impaired node name
Enter the customer’s onboard key management passphrase at the prompt. If the
passphrase cannot be provided, contact
mysupport.netapp.com
â–ª
Verify that the
Restored column displays yes for all authentication key: security key-
manager key show -detail
â–ª
Go to advanced privilege mode and enter
y when prompted to continue: set -priv advanced
â–ª
Enter the command to display the OKM backup information:
security key-manager backup
show
▪ Copy the contents of the backup information to a separate file or your log file. You’ll need it in
disaster scenarios where you might need to manually recover OKM.
â–ª
Return to admin mode:
set -priv admin
â–ª You can safely shutdown the node.
Verifying NSE configuration
Steps
1.
Display the key IDs of the authentication keys that are stored on the key management servers:
security
key-manager query
â—¦
If the
Restored column displays yes and all key managers display available, it’s safe to shut down
the impaired node.
â—¦
If the
Restored column displays anything other than yes, or if any key manager displays
unavailable, you need to complete some additional steps.
â—¦ If you see the message This command is not supported when onboard key management is enabled,
you need to complete some other additional steps
2.
If the
Restored column displayed anything other than yes, or if any key manager displayed
unavailable:
a.
Retrieve and restore all authentication keys and associated key IDs:
security key-manager
1188
To Next Page
Loading...
Need help?
General
