Monitoring node encryption in maintenance mode

If you enabled node encryption for the appliance during installation, you can monitor the node-encryption status of each appliance node, including the node-encryption state and key management server (KMS) details.

Before you begin

Procedure

  1. From the StorageGRID Appliance Installer, select Configure Hardware > Node Encryption.

    KMS clear configuration

    The Node Encryption page includes these three sections:

    • Encryption Status shows whether node encryption is enabled or disabled for the appliance.
    • Key Management Server Details shows information about the KMS being used to encrypt the appliance. You can expand the server and client certificate sections to view certificate details and status.
      • To address issues with the certificates themselves, such as renewing expired certificates, see the information about KMS in the instructions for administering StorageGRID.
      • If there are unexpected problems connecting to KMS hosts, verify that the domain name system (DNS) servers are correct and that appliance networking is correctly configured.

        Checking the DNS server configuration

      • If you are unable to resolve your certificate issues, contact technical support.
    • Clear KMS Key disables node encryption for the appliance, removes the association between the appliance and the key management server that was configured for the StorageGRID site, and deletes all data from the appliance. You must clear the KMS key before you can install the appliance into another StorageGRID system.

      Clearing the key management server configuration

      Attention: Clearing the KMS configuration deletes data from the appliance, rendering it permanently inaccessible. This data is not recoverable.
  2. When you are done checking node-encryption status, reboot the node. From the StorageGRID Appliance Installer, select Advanced > Reboot Controller, and then select one of these options:
    • Select Reboot into StorageGRID to reboot the controller with the node rejoining the grid. Select this option if you are done working in maintenance mode and are ready to return the node to normal operation.
    • Select Reboot into Maintenance Mode to reboot the controller with the node remaining in maintenance mode. Select this option if there are additional maintenance operations you need to perform on the node before rejoining the grid.

    Reboot controller in maintenance mode

    It can take up to 20 minutes for the appliance to reboot and rejoin the grid. To confirm that the reboot is complete and that the node has rejoined the grid, go back to the Grid Manager. The Nodes tab should display a normal status icon alert green checkmark for the appliance node, indicating that no alerts are active and the node is connected to the grid.


    Appliance node rejoined grid