Table of ContentsView in Frames

Verifying key management server links

You use the key_manager status or key_manager query commands to verify that all key management servers are successfully linked to the storage system. These commands are useful for verifying proper operation and troubleshooting.

About this task

Both commands display whether key management servers are responding.

Steps

  1. Access the nodeshell by entering the following command: system node run -node node_name
  2. Perform one of the following actions:
    If you want to... Then enter the following command:
    Check the status of a specific key management server key_manager status -key_server key_server_ip_address
    Check the status of all key management servers key_manager status
    Check the status of all key management servers and view additional server details. key_manager query

    The key_manager query command displays additional information about key tags and key IDs.

  3. Check the output to verify that all of the appropriate keys are available in the Data ONTAP key table.
    If the output of the key_manager query command displays key IDs marked with an asterisk (*), those keys exist on a key server but are not currently available in the Data ONTAP key table. To import those keys from the key management server into the key table, enter the following command: key_manager restore
  4. Exit the nodeshell and return to the clustershell by entering the following command: exit

Examples

The following command checks the status of all key management servers linked to the storage system:

storage-system> key_manager status                       
Key server                       Status
172.16.132.118                    Server is responding
172.16.132.211                    Server is responding

The following command checks the status of all key management servers linked to the storage system and displays additional information:

storage-system> key_manager query                         
Key server 172.16.132.118 is responding.
Key server 172.16.132.211 is responding.

Key server 172.16.132.118 reports 4 keys.

Key tag                           Key ID
--------                          -------
storage-system                       080CDCB20...
storage-system                       080CDCB20...
storage-system                       080CDCB20...
storage-system                       080CDCB20...

Key server 172.16.132.211 reports 4 keys.

Key tag                           Key ID
--------                          -------
storage-system                      *080CDCB20...
storage-system                       080CDCB20...
storage-system                       080CDCB20...
storage-system                      *080CDCB20...