Encryption events
The following table lists the events that are created for the Encryption component.
| Event | Event Type | Severity | Message | Description | Cause | User Action |
|---|---|---|---|---|---|---|
| encryption_configured | INFO_ADD_ENTITY |
INFO |
New encryption provider for {ID} is configured. | A new encryption provider is configured. | N/A | N/A |
| encryption_removed | INFO_ADD_ENTITY |
INFO |
An encryption provider for {ID} is removed. | An encryption provider is removed. | N/A | N/A |
| rkmconf_backend_err | STATE_CHANGE |
ERROR |
RKM backend server {0} returned an unrecoverable error {1}. | The RKM backend server failed. | The RKM backend server encountered an unrecoverable error. | Ensure that the specification of the backend key management server in the RKM instance is correct and the key server is running on the specified host. The event can be manually cleared by using the mmhealth event resolve rkmconf_backend_err <event id> command. |
| rkmconf_backenddown_err | STATE_CHANGE |
ERROR |
The RKM backend server {0} cannot be reached. | The RKM backend server cannot be reached. | The RKM backend server is down or unreachable. | Ensure that the specification of the backend key management server in the RKM instance is correct and the key server is running on the specified host. The event can be manually cleared by using the mmhealth event resolve rkmconf_backenddown_err <event id> command. |
| rkmconf_certexp_err | STATE_CHANGE |
ERROR |
Key server certificate error {0}. | The RKM client or server certificate expired. | The client or server certificate for the key server expired. | Follow the documented procedure to update the key server and/or RKM configuration with a new client or server certificate. The event can be manually cleared by using the mmhealth event resolve rkmconf_certexp_err command. |
| rkmconf_certexp_ok | STATE_CHANGE |
INFO |
No expired certificates are encountered. | Certificates that are related to RKM backend configuration are valid. | N/A | N/A |
| rkmconf_certexp_warn | TIP |
TIP |
Key server certificate warning {0}. | The RKM client or server certificate can expire soon. | The client or server certificate for the key server approaches its expiration time. | Follow the documented procedure to update the key server and/or RKM configuration with a new client or server certificate. The event can be manually cleared by using the mmhealth event resolve rkmconf_ccertexp_warn command. |
| rkmconf_certwarn_ok | STATE_CHANGE |
INFO |
No certificates that are approaching the expiration time are encountered. | Certificates that are related to RKM backend configuration are valid. | N/A | N/A |
| rkmconf_configuration_err | STATE_CHANGE |
ERROR |
RKM configuration error {0}. | The content of the RKM configuration file cannot be parsed correctly. | The RKM configuration file contains incorrect data. | Ensure that the content of the RKM configuration file conforms with the documented format (regular setup), or that the arguments that are provided to the mmkeyserv command conform to the documentation (simplified setup). The event can be manually cleared by using the mmhealth event resolve rkmconf_configuration_err command. |
| rkmconf_enckey_ok | STATE_CHANGE |
INFO |
Event for {ID} is marked as resolved. | The RKM backend configuration for encryption key retrieval is working correctly. | N/A | N/A |
| rkmconf_filenotfound_err | STATE_CHANGE |
ERROR |
The mmfsd daemon is not able to read the RKM configuration file. | Cannot read the RKM configuration file. | The file does not exist or its content is not valid. | Check that either the /var/mmfs/etc/RKM.conf exists (regular setup only), or the file system encryption was enabled by using the simplified setup. The event can be manually cleared by using the mmhealth event resolve rkmconf_filenotfound_err command. |
| rkmconf_fileopen_err | STATE_CHANGE |
ERROR |
Cannot open RKM configuration file for reading {0}. | Cannot open the RKM configuration file for reading. | The RKM configuration file exists but cannot be opened for reading. | Check that, as root, you can open the RKM configuration file with a text editor. The event can be manually cleared by using the mmhealth event resolve rkmconf_fileopen_err command. |
| rkmconf_fileread_err | STATE_CHANGE |
ERROR |
Cannot read RKM configuration file: {0}. | Cannot read the RKM configuration file. | The content of the RKM configuration file might be corrupted. | Check that, as root, you can open the RKM configuration file with a text editor. The event can be manually cleared by using the mmhealth event resolve rkmconf_fileread_err command. |
| rkmconf_getkey_err | STATE_CHANGE |
ERROR |
MEK {0} is not available from RKM backend server {1}. | Cannot get key from RKM backend server. | Failed to retrieve the MEK from the RKM backend servers. | Ensure that the MEK specified by the UUID provided is available from the RKM specified by using the mmkeyserv key show command. The event can be manually cleared by using the mmhealth event resolve rkmconf_getkey_err <event id> command. |
| rkmconf_instance_err | STATE_CHANGE |
ERROR |
RKM instance error {0}. | RKM instance configuration error. | The RKM instance configuration is not correct. One of the attributes is not valid or out of range. | Ensure that the definition of the RKM instance is correct and its attributes conform to their defined format. The event can be manually cleared by using the mmhealth event resolve rkmconf_instance_err command. |
| rkmconf_keystore_err | STATE_CHANGE |
ERROR |
Keystore file error {0}. | Keystore file error. | The keystore file for the key management server is not accessible or its content is not valid, or the ownership and/or permissions are too permissive. | Ensure that the content of the keystore file conforms with the documented format and that only root can read and write the file. The event can be manually cleared by using the mmhealth event resolve rkmconf_keystore_err command. |
| rkmconf_ok | STATE_CHANGE |
INFO |
The RKM backend configuration is correct and working as expected. | The RKM backend configuration is working correctly. | N/A | N/A |
| rkmconf_permission_err | STATE_CHANGE |
ERROR |
Incorrect ownership and/or file system permissions for RKM configuration file {0}. | The RKM configuration file has incorrect file system permissions. | The RKM configuration file was created with incorrect file system permissions. | Check that the RKM.conf file is owned by root:root, and
has read and write permission for owner only. The event can be manually cleared by using the
mmhealth event resolve rkmconf_permission_err command. |