Skip to main content
NetApp Knowledge Base

Slow KMIP key fetching during ANDU extending the time to complete upgrade

  1. Last updated
  2. Save as PDF
Views:
36
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9

  • External Key-Manager Encryption

Issue

  • Slow KMIP key-sync during ANDU extending the time to complete.

  • Each node in the cluster takes couple of hours to complete the upgrade.

  • From the console logs, it can be found that the ONTAP locating the keys from External KMIP server.

[Apr 27 18:06:13]: 0x808806100: 0: DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:122: UUID returned : 744d83a4-226e-4f7b-8a2e-5e10a00f6466
[Apr 27 18:06:13]: 0x808806100: 0: DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:122: UUID returned : 69cb274f-0da8-41cb-a427-0a32ce3032b4
[Apr 27 18:06:13]: 0x808806100: 0: DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:122: UUID returned : cd529bd0-21ce-4885-bdbb-3aadacea7d1c
[Apr 27 18:06:13]: 0x808806100: 0: DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:122: UUID returned : c04a380d-e328-4ee9-a7e2-a56324fb8e86
[Apr 27 18:06:13]: 0x808806100: 0: DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:122: UUID returned : 0ce62b7b-aa8e-46b3-9513-83a09c464fed
[Apr 27 18:06:13]: 0x808806100: 0: DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:122: UUID returned : 5276645d-b238-4154-9d7b-606140d84f31
[Apr 27 18:06:13]: 0x808806100: 0: DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:122: UUID returned : 3aca3443-9bd0-45a7-9ae5-dd53c56f8aed
[Apr 27 18:06:13]: 0x808806100: 0: DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:122: UUID returned : af3b95f8-8232-4c5b-8b06-fd24dbc60ce7
[Apr 27 18:06:13]: 0x808806100: 0: DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:122: UUID returned : 13e0375e-78ac-4ce4-8009-85f188e06020
[Apr 27 18:06:13]: 0x808806100: 0: DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:122: UUID returned : aef7d7ee-82d9-4d7c-abb4-9edc2f042e8d
[Apr 27 18:06:13]: 0x808806100: 0: DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:129: KMIP Locate executed successfully!

  • Once the KMIP is located, the keys will be stored.

Apr 27 18:27:06 [Node-1:crypto.key.stored:notice]: Stored key with key ID 0000000000000000020000000000050000052118dedc54f353c9c02714f86db60000000000000000. Key digest: 7f8b9afacd160e24a63e38f535a69fe9905110a107cf2d03d8a577708d5319c6.
Apr 27 18:27:06 [Node-1:crypto.key.stored:notice]: Stored key with key ID 00000000000000000200000000000500008911e75b78c9ad5934a069ee91675d0000000000000000. Key digest: dced548cf1da0d3f36e08d2c392fe3e836bc782d5bd89c1c16312513eea71032.
Apr 27 18:27:06 [Node-1:crypto.key.stored:notice]: Stored key with key ID 0000000000000000020000000000050000a4b8ddefbce7124e8b5a5d1967ecba0000000000000000. Key digest: f4d535fde61f6668f19603321ed559e98912e5b0d0a9aac7f0a9b35f9a1a8c93.
Apr 27 18:27:06 [Node-1:crypto.key.stored:notice]: Stored key with key ID 000000000000000002000000000005000234f163fb9f78d4ba43365b9db64c990000000000000000. Key digest: db01995eaff08aa9545eb7602a95345f72b6a9d918f1b492ec2eab38a9aecdad.
Apr 27 18:27:06 [Node-1:crypto.key.stored:notice]: Stored key with key ID 00000000000000000200000000000500023c9e23705ee4a7793a5957045e16f30000000000000000. Key digest: 33a69a7389548400e35fbe38aeed390ad0132d42419843eeb30f4a082de3eca3.

  • This process almost take couple of hours which delays the boot process.

 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.