HP 1606 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 154
Use the following procedure to decommission a LUN., to obtain a list of all the currently
View all HP 1606 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 154 highlights
3 Crypto LUN configuration When a device decommission operation fails on the encryption group leader for any reason, the crypto configuration remains uncommitted until a user-initiated commit or a subsequent device decommission operation issued on the encryption group leader completes successfully. Device decommission operations should always be issued from a committed configuration. If not, the operation will fail with the error message An outstanding transaction is pending in Switch/EG. IF this happens, you can resolve the problems by committing the configuration from the encryption group leader. Provided that the crypto configuration is not left uncommitted because of any crypto configuration changes or a failed device decommission operation issued on a encryption group leader node, this error message will not be seen for any device decommission operation issued serially on an encryption group member node. If more than one device decommission operation is tried in an encryption group from member nodes simultaneously, then this error message is transient and will go away after device decommission operation is complete. If the device decommissioning operation fails, wait briefly and retry the operation. If a LUN is removed when undergoing decommission or when it is in a decommissioned failed state, or if a container hosting the LUN is deleted, you must use the -force option on the commit operation (cryptocfg --commit -force). If you do not, the commit operation fails with a decommission in progress error. Use the following procedure to decommission a LUN. 1. Log into the node that hosts the container as Admin or FabricAdmin. 2. Enter the cryptocfg -decommission command. cryptocfg --decommission -container disk_ct0 -initiator 21:01:00:1b:32:29:5d:1c -LUN 0 3. Enter cryptocfg -show -decommissionedkeyids to obtain a list of all the currently decommissioned key IDs to be deleted after a decommissioning operation manually from the keyvault. cryptocfg -show -decommissionedkeyids 4. Delete the listed key IDs from the key vault. 5. Enter the cryptocfg -delete -decommissionedkeyids command to purge all the key IDs associated with decommissioned LUN. cryptocfg -delete -decommissionedkeyids 6. Enter the cryptocfg -show -decommissionedkeyids command to verify that the deleted key IDs are no longer listed. The cache is also cleared when cryptocfg --zeroizeEE is executed on the encryption engine. 136 Fabric OS Encryption Administrator's Guide 53-1001864-01