Skip to main content
Install and maintain

Give back the controller - FAS8300 and FAS8700

Contributors dougthomp
PDFs

Return control of storage resources to the replacement controller so your FAS8300 and FAS8700 system can resume normal operation.

No encryption or External Key Manager (EKM)

Return the impaired controller to normal operation by giving back its storage.

Steps

  1. From the LOADER prompt, enter boot_ontap.

  2. Press <enter> when console messages stop.

    • If you see the login prompt, go to the next step at the end of this section.

    • If you see Waiting for giveback, press the <enter> key, log into the partner node, and then go to the next step at the end of this section.

  3. Return the impaired controller to normal operation by giving back its storage: storage failover giveback -ofnode impaired_node_name

  4. If automatic giveback was disabled, reenable it: storage failover modify -node local -auto-giveback true

  5. If AutoSupport is enabled, restore/unsuppress automatic case creation: system node autosupport invoke -node * -type all -message MAINT=END

Onboard encryption (OKM)

Restore and reseal onboard encryption keys for OKM and return the controller to normal operation.

Before you begin

Before starting, review security key-manager onboard show-backup or contact NetApp Support.

Steps

  1. Boot to the ONTAP menu from the LOADER prompt boot_ontap menu and select option 10.

  2. Retrieve and verify the cluster-wide passphrase from the healthy controller.

    1. Run the following command to retrieve the cluster-wide passphrase:

      security key-manager onboard show-backup

    2. Verify the cluster-wide passphrase using the following command:

      security key-manager onboard verify-backup

  3. Enter the OKM passphrase.

    Note You are prompted twice for the passphrase.

  4. Enter the backup key data when prompted.

  5. At the boot menu, enter option 1 for normal boot.

  6. Press <enter> when Waiting for giveback is displayed.

  7. Move the console cable to the partner node and login as admin.

  8. Give back only the CFO aggregates (the root aggregate): storage failover giveback -fromnode local -only-cfo-aggregates true

  9. Wait 5 minutes after the giveback report completes, and check failover status and giveback status: storage failover show and storage failover show-giveback.

  10. Synchronize and verify status of the keys:

    1. Move the console cable back to the replacement controller.

    2. Synchronize missing keys: security key-manager onboard sync

      Note You are prompted for the cluster-wide passphrase of OKM for the cluster.

    3. Verify status of the keys: security key-manager key query -restored false

      The output should show no results when properly synchronized.

      If the output shows results (the key IDs of keys that are not present in the system's internal key table), contact NetApp Support.

  11. Return the impaired controller to normal operation by giving back its storage: storage failover giveback -ofnode impaired_node_name

  12. If automatic giveback was disabled, reenable it: storage failover modify -node local -auto-giveback true

    Note Do not override veto on giveback for missing keys. Contact NetApp Support.

  13. If AutoSupport is enabled, restore/unsuppress automatic case creation: system node autosupport invoke -node * -type all -message MAINT=END

What's next?

After you've transferred the ownership of storage resources back to the replacement controller, you need to complete the controller replacement procedure.