yes
:
a. Restore the external key management authentication keys to all nodes in the cluster:
security key-
manager external restore
If the command fails, contact NetApp Support.
b. Verify that the
Restored
column equals
yes
for all authentication keys:
security key-manager
key query
c. Shut down the impaired node.
4. If the
Key Manager
type displays
onboard
and the
Restored
column displays anything other than
yes
:
a. Enter the onboard security key-manager sync command:
security key-manager onboard sync
Enter the customer’s onboard key management passphrase at the prompt. If the
passphrase cannot be provided, contact NetApp Support.
b. Verify the
Restored
column shows
yes
for all authentication keys:
security key-manager key
query
c. Verify that the
Key Manager
type shows
onboard
, manually backup the OKM information.
d. Go to advanced privilege mode and enter
y
when prompted to continue:
set -priv advanced
e. Enter the command to display the key management backup information:
security key-manager
onboard show-backup
f. Copy the contents of the backup information to a separate file or your log file. You’ll need it in disaster
scenarios where you might need to manually recover OKM.
g. Return to admin mode:
set -priv admin
h. You can safely shutdown the node.
Verify NSE configuration
1. Display the key IDs of the authentication keys that are stored on the key management servers:
security
key-manager query
◦
If the
Key Manager
type displays
external
and the
Restored
column displays
yes
, it’s safe to shut
down the impaired node.
◦
If the
Key Manager
type displays
onboard
and the
Restored
column displays
yes
, you need to
complete some additional steps.
◦
If the
Key Manager
type displays
external
and the
Restored
column displays anything other than
yes
, you need to complete some additional steps.
◦
If the
Key Manager
type displays
external
and the
Restored
column displays anything other than
yes
, you need to complete some additional steps.
2. If the
Key Manager
type displays
onboard
and the
Restored
column displays
yes
, manually backup
the OKM information:
a. Go to advanced privilege mode and enter
y
when prompted to continue:
set -priv advanced
6