Encryption events
The following table lists the events that are created for the Encryption component.
| Event | Event Type |
Severity | Call Home | Details |
|---|---|---|---|---|
| encryption_configured | ADD_ENTITY | INFO | no | Message: New encryption provider for {id} is configured. |
| Description: A new encryption provider is configured. | ||||
| Cause: N/A | ||||
| User Action: N/A | ||||
| encryption_removed | DELETE_ENTITY | INFO | no | Message: An encryption provider for {id} is removed. |
| Description: An encryption provider is removed. | ||||
| Cause: N/A | ||||
| User Action: N/A | ||||
| rkm_cert_expired | STATE_CHANGE FAILED |
ERROR | no | Message: Key server certificate error: {id}. |
| Description: The RKM client or server certificate expired. | ||||
| Cause: The client or server certificate for the key server expired. | ||||
| User Action: Follow the documented procedure to update the key server and/or RKM configuration with a new client or server certificate. | ||||
| rkm_duplicate | STATE_CHANGE FAILED |
ERROR | no | Message: RKM.conf contains duplicate RKM IDs {id}. |
| Description: RKM.conf contains duplicate RKM IDs. | ||||
| Cause: RKM.conf contains duplicate RKM IDs. | ||||
| User Action: Verify that the rkmid is unique across the stanzas in all the RKM.conf files. | ||||
| rkm_keyring | STATE_CHANGE FAILED |
ERROR | no | Message: Could not open keyring file: {id}. |
| Description: The RKM client is not able to open open the keyring file. | ||||
| Cause: The RKM client is not able to open open the keyring file. | ||||
| User Action: Ensure that the content of the keystore file conforms with the documented format and that only root can read and write the file. | ||||
| rkm_no_access | STATE_CHANGE FAILED |
ERROR | no | Message: Access Failed: {id}. |
| Description: Access Failed. | ||||
| Cause: Access Failed. Run the '/usr/lpp/mmfs/bin/tskeyservmon testkeyserver all -Y' command to see details. | ||||
| User Action: Verify that the given client is authorized to access the keys from this keyserver. Run the '/usr/lpp/mmfs/bin/tskeyservmon testkeyserver all' command to see details. | ||||
| rkm_no_label | STATE_CHANGE FAILED |
ERROR | no | Message: Key Label not found: {id}. |
| Description: Key Label not found. | ||||
| Cause: Key Label not found. | ||||
| User Action: Verify that a key with the specified label exists in the client keystore. | ||||
| rkm_ok | STATE_CHANGE HEALTHY |
INFO | no | Message: All checks are OK for {id}. |
| Description: RKM.conf setup is OK. | ||||
| Cause: N/A | ||||
| User Action: N/A | ||||
| rkm_passphrase | STATE_CHANGE FAILED |
ERROR | no | Message: Incorrect passphrase: {id}. |
| Description: Incorrect passphrase. | ||||
| Cause: Incorrect passphrase. | ||||
| User Action: Verify that the passphrase for the client keystore is correct. | ||||
| rkm_warn | INFO | WARNING | no | Message: Command to retrieve the encryption status did time out. |
| Description: Encryption status data is not available now. | ||||
| Cause: The command '/usr/lpp/mmfs/bin/tskeyservmon testkeyserver all -Y' does not return data in the allotted time. | ||||
| User Action: Check the RKM config and the output of the '/usr/lpp/mmfs/bin/tskeyservmon testkeyserver all' command. | ||||
| rkmconf_backend_err | STATE_CHANGE FAILED |
ERROR | no | Message: RKM backend server {0} returned an unrecoverable error {1}. |
| Description: The RKM backend server failed. | ||||
| Cause: The RKM backend server encountered an unrecoverable error. | ||||
| User Action: Ensure that the specification of the backend key management server in the RKM instance is correct and the key server is running on the specified host. The event can be manually cleared by using the mmhealth event resolve rkmconf_backend_err event id or mmhealth event resolve ALL command. | ||||
| rkmconf_backenddown_err | STATE_CHANGE FAILED |
ERROR | no | Message: The RKM backend server {0} cannot be reached. |
| Description: The RKM backend server cannot be reached. | ||||
| Cause: The RKM backend server is down or unreachable. | ||||
| User Action: Ensure that the specification of the backend key management server in the RKM instance is correct and the key server is running on the specified host. The event can be manually cleared by using the mmhealth event resolve rkmconf_backenddown_err event id or mmhealth event resolve ALL command. | ||||
| rkmconf_certexp_err | STATE_CHANGE FAILED |
ERROR | no | Message: Key server certificate error: {0} |
| Description: The RKM client or server certificate expired. | ||||
| Cause: The client or server certificate for the key server expired. | ||||
| User Action: Follow the documented procedure to update the key server and/or RKM configuration with a new client or server certificate. The event can be manually cleared by using the mmhealth event resolve rkmconf_certexp_err command. | ||||
| rkmconf_certexp_ok | STATE_CHANGE HEALTHY |
INFO | no | Message: No expired certificates are encountered. |
| Description: Certificates that are related to RKM backend configuration are valid. | ||||
| Cause: N/A | ||||
| User Action: N/A | ||||
| rkmconf_certexp_warn | TIP | TIP | no | Message: Key server certificate warning: {0} |
| Description: The RKM client or server certificate can expire soon. | ||||
| Cause: The client or server certificate for the key server approaches its expiration time. | ||||
| User Action: Follow the documented procedure to update the key server and/or RKM configuration with a new client or server certificate. The event can be manually cleared by using the mmhealth event resolve rkmconf_certexp_warn command. | ||||
| rkmconf_certwarn_ok | STATE_CHANGE HEALTHY |
INFO | no | Message: No certificates that are approaching the expiration time are encountered. |
| Description: Certificates that are related to RKM backend configuration are valid. | ||||
| Cause: N/A | ||||
| User Action: N/A | ||||
| rkmconf_configuration_err | STATE_CHANGE FAILED |
ERROR | no | Message: RKM configuration error: {0} |
| Description: The content of the RKM configuration file cannot be parsed correctly. | ||||
| Cause: The RKM configuration file contains incorrect data. | ||||
| User Action: Ensure that the content of the RKM configuration file conforms with the documented format (regular setup), or that the arguments that are provided to the mmkeyserv command conform to the documentation (simplified setup). The event can be manually cleared by using the mmhealth event resolve rkmconf_configuration_err command. | ||||
| rkmconf_enckey_ok | STATE_CHANGE HEALTHY |
INFO | no | Message: Event for {id} is marked as resolved. |
| Description: The RKM backend configuration for encryption key retrieval is working correctly. | ||||
| Cause: N/A | ||||
| User Action: N/A | ||||
| rkmconf_filenotfound_err | STATE_CHANGE FAILED |
ERROR | no | Message: The mmfsd daemon is not able to read the RKM configuration file. |
| Description: Cannot read the RKM configuration file. | ||||
| Cause: The file does not exist or its content is not valid. | ||||
| User Action: Check that either the '/var/mmfs/etc/RKM.conf' exists (regular setup only), or the file system encryption was enabled by using the simplified setup. The event can be manually cleared by using the mmhealth event resolve rkmconf_filenotfound_err command. | ||||
| rkmconf_fileopen_err | STATE_CHANGE FAILED |
ERROR | no | Message: Cannot open RKM configuration file for reading {0}. |
| Description: Cannot open the RKM configuration file for reading. | ||||
| Cause: The RKM configuration file exists but cannot be opened for reading. | ||||
| User Action: Check that, as root, you can open the RKM configuration file with a text editor. The event can be manually cleared by using the mmhealth event resolve rkmconf_fileopen_err command. | ||||
| rkmconf_fileread_err | STATE_CHANGE FAILED |
ERROR | no | Message: Cannot read RKM configuration file {0}. |
| Description: Cannot read the RKM configuration file. | ||||
| Cause: The content of the RKM configuration file might be corrupted. | ||||
| User Action: Check that, as root, you can open the RKM configuration file with a text editor. The event can be manually cleared by using the mmhealth event resolve rkmconf_fileread_err command. | ||||
| rkmconf_getkey_err | STATE_CHANGE FAILED |
ERROR | no | Message: MEK {0} is not available from RKM backend server {1}. |
| Description: Cannot get key from RKM backend server. | ||||
| Cause: Failed to retrieve the MEK from the RKM backend servers. | ||||
| User Action: Ensure that the MEK specified by the UUID provided is available from the RKM specified by using the mmkeyserv key show command. The event can be manually cleared by using the mmhealth event resolve rkmconf_getkey_err event id or mmhealth event resolve ALL command. | ||||
| rkmconf_instance_err | STATE_CHANGE FAILED |
ERROR | no | Message: RKM instance error: {0} |
| Description: RKM instance configuration error. | ||||
| Cause: The RKM instance configuration is not correct. One of the attributes is not valid or out of range. | ||||
| User Action: Ensure that the definition of the RKM instance is correct and its attributes conform to their defined format. The event can be manually cleared by using the mmhealth event resolve rkmconf_instance_err command. | ||||
| rkmconf_keystore_err | STATE_CHANGE FAILED |
ERROR | no | Message: Keystore file error: {0} |
| Description: Keystore file error. | ||||
| Cause: The keystore file for the key management server is not accessible or its content is not valid, or the ownership and/or permissions are too permissive. | ||||
| User Action: Ensure that the content of the keystore file conforms with the documented format and that only root can read and write the file. The event can be manually cleared by using the mmhealth event resolve rkmconf_keystore_err command. | ||||
| rkmconf_ok | STATE_CHANGE HEALTHY |
INFO | no | Message: The RKM backend configuration is correct and working as expected. |
| Description: The RKM backend configuration is working correctly. | ||||
| Cause: N/A | ||||
| User Action: N/A | ||||
| rkmconf_permission_err | STATE_CHANGE FAILED |
ERROR | no | Message: Incorrect ownership and/or file system permissions for RKM configuration file {0}. |
| Description: The RKM configuration file has incorrect file system permissions. | ||||
| Cause: The RKM configuration file was created with incorrect file system permissions. | ||||
| User Action: Check that the RKM.conf file is owned by root:root, and has read and write permission for owner only. The event can be manually cleared by using the mmhealth event resolve rkmconf_permission_err command. |
