#Sanitize SED disks

Sanitize SED disks isn't supported to be sanitized in maintenance.
And I removed the nodes already from the cluster.

Do I need to create a new cluster and sanitize them or is there another way to sanitize them?

Disk encryption isn't available when running (4) from boot_ontap menu when skipping setup.

what type of system, os ver, disk type/etc

best bet would be nodeshell options

there are multiple ways to do it. If the cluster is still running, you can use encryption disk sanitize to sanitize the disks. If they are locked you need to encryption disk revert-to-original-state but that requires you to enter the PSID which is printed on the disk itself. If you already deleted the cluster (and the TPM keys) there's a process that basically involves re-installing ONTAP on a single unlocked disk, described here

as long as you have 9.6 or newer it should be an option in maint mode.
halt system, boot loader
boot_ontap maint
disk unpartition DISK

the important thing is that if you do encryption disk show it should show all disks as "open" or with the vendor key 0x0

after that you can disk unfail -s the disk(s) to relabel them as spare

dont you have to be in cluster mode for that though, he removed the nodes from a cluster, so all he has is loader/etc

yeah, the link I posted describes what to do (basically re-install ONTAP on a single disk). Apparently there are releases where maintenance mode also works

aye, the SED drives have a different process than normal drives.
And, as one of our new guys found out, if you run the wrong command on those stupid things you can actually make them unusable, forever.

nah, you should always be able unlock them again with the PSID that's printed on the drive

that's what the PSID is for in the first place 🙂

and here is the link to the exact commands after the cluster is up and running. it's pretty quick and easy

https://docs.netapp.com/us-en/ontap/encryption-at-rest/sanitize-fips-drive-sed-task.html

yep, it is really quick, however, if you need to sanitize disks that are in an aggregate that's used, be sure to do maximum 2 disks and wait for the rebuild to finish, and then do the next ones. That way it is nondisruptive (although a potentially long process) 🙂

guessing he's blowing everything away and doesn't care about any data or keeping it ND, but that's just from his first post of not having a cluster to start with :p

true, in this case it doesn't really matter

Sorry been in a meeting. Starting from the top.
AFF-A400 running 9.14.1P7
X4013 7.6TB

ah, yea. you'll need to

1. create a cluster using a single disk and sanitize everything from within the CLI
2. hook all the drives up to an external 'generic' controller (lsi/etc) and sed util them all. (not supported by netapp, at all)

Yeah coz I've ran from boot_ontap menu 9a to unpartition etc... then went in maintenance to sanitize it.
But I get "disk sanitize: SSD "disk" does not support SCSI sanitize".

So I initialized the option 4 in boot_ontap to start a new cluster. But skipping the setup with ctrl-c at the autosupport question to log into node does not work either, coz that view does not contain the fully library of commands.

I would like to skip creating a new cluster because I've decommed a lot of nodes.... so I need to create a few clusters then.

But I would guess that is the way to go.

sadly, yes.
SED disks require specific functions to wipe them and that's only available from within the OS

but, if one node can access all the disk shelves.. go that route

Sadly not 😄 Alot of seperate HA pairs that owns 1 shelf each...
But then I've explored my options at least. So its not an easier fix for this.

In different sites as well

I knew I could do it in the cluster before I decom them, but I thought it was easier than this to fix after.
Sanitizing disks in a cluster with production data is scary, escpecially when the sanitizing of SED disks are instant.

But thanks @shrewd basalt and @modern pike for the info, appreciate it!

no problem, sorry it isn't better news 😄

If you don't need to keep the drives around for any reason, you could go the old school analog methond of Hammer or Drill Press.

Wrong maintenance command I think this is it

disk encrypt sanitize -all

Wait for messages.
DO NOT: disk encrypt show -> the console will hang. Known issue

Then halt

When you reboot the disks will be open 0x0

The commands referenced earlier kicks off a sanitize on an unencrypted disk which is why it failed for you

Missed that command, I was looking for something like that. I scrolled back in history and found it.
So I'm gonna give it a try. I'll keep you updated.

Worked like wonders! Didn't even need to assign the disks to the controller.
Thanks! 💯 💯

I ran "disk show -v" did not use "encrypt" but it hanged as well lol...
Power cycled it from the BMC. So we are all good, the sanitize was completed before i ran disk show.
So I guess we are good now.