How Can I Recover Services If They Are Interrupted Due to the Loss of the Disk Encryption Key?

Question

How can I recover services if the key of the self-encrypting storage pool is damaged?

Answer

If the disk encryption key is lost, the storage system cannot access the SEDs after a transient interruption occurs. This will result in a storage pool fault and service interruption.

You can recover the services as follows:

Some operations must be performed in developer mode on the CLI. Therefore, it is recommended that you contact Huawei technical support engineers to recover the services.

1. Restore a key.

   For details, see How Can I Recover Encryption Key Files of Disks?.

2. Identify faulty disks.

   On the CLI, run show disk general to check the status of each encrypted disk.

   admin:/>show disk general  
     ID      Health Status  Running Status  Type      Capacity   Role       Disk Domain ID  Speed(RPM)  Health Mark  Bar Code              Item      AutoLock State  Key Expiration Time   
     ------  -------------  --------------  --------  ---------  ---------  --------------  ----------  -----------  --------------------  --------  --------------  ------------------- 
   DAE000.0 Fault Online SSD SED 561.994GB Member Disk 0 10000 -- 210235G6BB1000000007 0235G6BB ON 2020-12-31  
   DAE000.1 Fault Online SSD SED 561.994GB Member Disk 0 10000 -- 210235G6BB1000000007 0235G6BB ON 2020-12-31  
   DAE000.2 Fault Online SSD SED 561.994GB Member Disk 0 10000 -- 210235G6BB1000000007 0235G6BB ON 2020-12-31

   If the AutoLock State of a disk is ON and Health Status is Fault, this is a faulty disk.

3. Power off and then power on all the faulty disks.

   On the CLI, run poweroff disk and poweron disk in developer mode.

   engineer:/>poweroff disk disk_id=DAE000.0  
   DANGER: You are about to power off the disk. 
   This operation causes the disk to be unreadable and unwritable for services. If the disk domain where the disk resides is in the reconstruction or degradation state, this operation may cause reconstruction failure, service interruption, and data loss. 
   Suggestion: Before performing this operation, check the disk properties and status of the disk domain that houses the disk to avoid reconstruction failure, service interruption and data loss. Back up data before powering off.  
   Have you read danger alert message carefully?(y/n)y  
   Are you sure you really want to perform the operation?(y/n)y  
   Command executed successfully.     
   engineer:/>poweron disk disk_id=DAE000.0  
   Command executed successfully.     

   If a faulty disk is not a member of the involved storage pool, the disk's object will be released after it is powered off. As a result, powering on the disk will fail.

4. After all faulty disks have been powered on, check the health status.

   On the CLI, run show disk_domain general to check the status.

   admin:/>show disk_domain general  
   ID Name Health Status Running Status Total Capacity Free Capacity Hot Spare Capacity Used Hot Spare Capacity 
   -- ---- ------------- -------------- -------------- ------------- ------------------ ----------------------- 
   0 d0 Normal Online 4.055TB 556.242GB 524.312GB 0.000B     

   • If the Health Status is Normal or Degraded, services are being recovered.
   • If the Health Status is other values, services are not recovered. Contact Huawei engineers for assistance.