Skip to main content

Restore key-manager configuration on node4

Contributors netapp-pcarriga

If you are using NetApp Volume Encryption (NVE) and NetApp Aggregate Encryption (NAE) to encrypt volumes on the system you are upgrading, the encryption configuration must be synchronized to the new nodes. If you do not synchronize the key-manager, when you relocate the node2 aggregates from node3 to node4 by using ARL, failures might occur because node4 does not have the required encryption keys to bring encrypted volumes and aggregates online.

About this task

Synchronize the encryption configuration to the new nodes by performing the following steps:

Steps
  1. Run the following command from node4:

    security key-manager onboard sync

  2. Verify that the SVM-KEK key is restored to "true" on node4 before you relocate the data aggregates:

    ::> security key-manager key query -node node4 -fields restored -key-type SVM-KEK
    Example
    ::> security key-manager key query -node node4 -fields restored -key-type SVM-KEK
    
    node     vserver   key-server   key-id                                  restored
    -------- --------- -----------  --------------------------------------- --------
    node4    svm1      ""           00000000000000000200000000000a008a81976 true
                                    2190178f9350e071fbb90f00000000000000000