Skip to main content
Install and maintain

Give back the controller - ASA A1K

Contributors dougthomp netapp-jsnyder
PDFs

Verify the storage and network connections, and then give back the controller.

Give back the controller

Reset encryption if enabled and return the controller to normal operation.

No encryption

  1. From the LOADER prompt, enter boot_ontap.

  2. Press <enter> when console messages stop.

    • If you see the login prompt, go to the next step at the end of this section.

    • If you see Waiting for giveback, press the <enter> key, log into the partner node, and then go to the next step at the end of this section.

  3. Return the impaired controller to normal operation by giving back its storage: storage failover giveback -ofnode impaired_node_name.

  4. If automatic giveback was disabled, reenable it: storage failover modify -node local -auto-giveback true.

  5. If AutoSupport is enabled, restore/unsuppress automatic case creation: system node autosupport invoke -node * -type all -message MAINT=END.

Onboard encryption (OKM)

  1. From the LOADER prompt, enter boot_ontap maint.

  2. Check the TMP firmware version with the sysconfig -v command.

    • If version is less than 5.63, contact NetApp Support.

    • If the version is more than 5.63, exit to the LOADER prompt: halt.

  3. Boot to the ONTAP menu from the LOADER prompt boot_ontap menu and select option 10.

  4. Enter the OKM passphrase. You can get this passphrase from the customer, or contact NetApp Support.

    Note You will be prompted twice for the passphrase.

  5. Enter the backup key data when prompted.

  6. At the boot menu, enter option 1 for normal boot.

  7. Press <enter> when Waiting for giveback is displayed.

  8. Move the console cable to the partner node and login as admin.

  9. Ensure any core dumps on the repaired node are saved by going to advanced mode" set -privilege advanced and then run local partner savecore.

  10. Return to admin lever: set privilege admin.

  11. Give back only the CFO aggregates (the root aggregate): storage failover giveback -fromnode local -only-cfo-aggregates true

  12. Wait 5 minutes after the giveback report completes, and check failover status and giveback status: storage failover show and storage failover show-giveback.

  13. Move the console cable to the replacement node and enter security key-manager onboard sync

    Note You will be prompted for the cluster-wide passphrase of OKM for the cluster.

  14. Check status of the keys with the following command: security key-manager key query -key-type svm-KEK.

    If the Restored column shows anything but true, contact NetApp Support.

  15. Return the impaired controller to normal operation by giving back its storage: storage failover giveback -ofnode impaired_node_name.

  16. If automatic giveback was disabled, reenable it: storage failover modify -node local -auto-giveback true.

  17. If AutoSupport is enabled, restore/unsuppress automatic case creation: system node autosupport invoke -node * -type all -message MAINT=END.

External key manager (EKM))

  1. If the root volume is encrypted with External Key Manager and the console cable is connected to the replacement node, enter boot_ontap menu and select option 11.

  2. Answer y or n to the following questions:

    Do you have a copy of the /cfcard/kmip/certs/client.crt file? {y/n}

    Do you have a copy of the /cfcard/kmip/certs/client.key file? {y/n}

    Do you have a copy of the /cfcard/kmip/certs/CA.pem file? {y/n}

    OR

    Do you have a copy of the /cfcard/kmip/servers.cfg file? {y/n}

    Do you know the KMIP server address? {y/n}

    Do you know the KMIP port? {y/n}

    Note Contact NetApp Support if you have issues.

  3. Supply the information for:

    • The client certificate (client.crt) file contents.

    • The client key (client.key) file contents.

    • The KMIP server CA(s) (CA.pem) file contents.

    • The IP address for the KMIP server.

    • The port for the KMIP server.

  4. Once the system processes, you will see the Boot Menu. Select '1' for normal boot.

  5. Check the takeover status: storage failover show.

  6. Ensure any core dumps on the repaired node are saved by going to advanced mode" set -privilege advanced and then run local partner savecore.

  7. Return the impaired controller to normal operation by giving back its storage: storage failover giveback -ofnode impaired_node_name.

  8. If automatic giveback was disabled, reenable it: storage failover modify -node local -auto-giveback true.

  9. If AutoSupport is enabled, restore/unsuppress automatic case creation: system node autosupport invoke -node * -type all -message MAINT=END.