Protecting LDT GuardPoints against Failure in Underlying File Systems (Linux)
LDT Recovery Challenges
The main challenge with LDT recovery is a failure to access files or specific blocks in files inside a GuardPoint. Before LDT runs the recovery process on a GuardPoint, the underlying file system was recovered before file system was mounted. File system recovery may create orphan files in the lost+found
directory inside the mount point. If an orphan file belongs to the GuardPoint, LDT cannot recover the file as the file is no longer in the same directory as it was prior to the crash while it was undergoing rekey.
LDT Recovery Enhancement
LDT has been improved for handling inconsistencies in the underlying file system during execution of LDT recovery. When enabling a GuardPoint after a system crash, LDT performs consistency checks on the files undergoing rekey at the time of crash before enabling GuardPoint. If the LDT recovery process is unable to recover any of the affected files, the GuardPoint will not be enabled and LDT will send the following alert to the CipherTrust Manager:
[CGS3266E] LDT-ALERT: Cannot enable guard point [GuardPoint] due to inconsistencies in underlying file system encountered during LDT recovery.
You can check the status of a GuardPoint and the reason for failing to enable a GuardPoint using the secfsd -status guard
command. For example, the GuardPoint/mnt/gp
failed to guard because Guard point needs LDT recovery
as reported in the Reason
column for the following example GuardPoint.
GuardPoint Policy Type ConfigState Status Reason
---------- ------ ---- ----------- ------ ------
/mnt/gp LDT220 manual guarded not guarded Guard point needs LDT recovery
Details on the specific issues encountered, including any files that could not be recovered, are reported to a log file in the /var/log/vormetric
directory. The log file name is in the format:
ldt_recovery_log:<guardpoint_name>:<timestamp>.txt
The log file name starts with ldt_recovery_log
, followed by the GuardPoint pathname and the date and time of the recovery attempt. The GuardPoint pathname and date and time are separated with “:”. For example:
/var/log/vormetric/ldt_recovery_log:_mnt_gp:2018-12-08-14:6:12.txt
Refer to the issues listed in the log file, and resolve those issues before enabling the GuardPoint again. A GuardPoint cannot be enabled in subsequent guard attempts until those issues are resolved. Each attempt generates a new log file. Check the LDT log file for missing files whose inode numbers match inode numbers of orphan files in lost+found
. If there is a match, restore the file from lost+found
to the pathname specified in the LDT recovery log file. Be sure to run the mv command to restore the file to the original location, do not run the cp
command. After resolving all or some of the reported issues, you must run the command voradmin ldt recover <GuardPoint>
to repeat the recovery process.
voradmin ldt recover <GuardPoint>
Running this command resolves the problems that can be corrected and clears the failed recovery status on the GuardPoint, allowing the GuardPoint to enable automatically within 30 seconds. If the GuardPoint does not enable, you can enable it using secfsd –guard
command, if manual guard, or enable it on the CipherTrust Manager, if auto-guard. Note that if you are unable to resolve all of the reported issues, you accept the loss of some data or files, as reported in the latest recovery log file for the GuardPoint, when you run the command voradmin ldt recover <GuardPoint>
.