HP Brocade 8/12c Fabric OS Encryption Administrator's Guide - Page 243
Encryption group database manual operations, Manually synchronizing the encryption group database
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 243 highlights
Encryption group database manual operations 6 Encryption group database manual operations Manual intervention may be necessary if the encryption group databases or security databases of encryption group members are not synchronized. The following sections describe manual operations that enable you to do the following: • synchronize the encryption group database. • synchronize the security database. • abort a pending database transaction. Manually synchronizing the encryption group database The - -sync -encgroup command manually synchronizes the encryption group database belonging to the group leader node with the databases of all member nodes that are out of sync. If this command is invoked when the encryption group databases are in sync, the command is ignored. NOTE When the encryption group is out of sync and the group leader reboots, the newly selected group leader pushes its database information to all other members. The new group leader's database information may be different from what was set up before the group leader was rebooted. Manually synchronizing the security database This operation can resolve problems with master key propagation. The synchronization occurs every time this command is executed regardless of whether or not the security database was in sync across all nodes in the encryption group. Use the - -sync -securitydb command to distribute the security database from the group leader node to all member nodes. This command is valid only on the group leader. Aborting a pending database transaction You can abort a pending database transaction for any device configurations invoked earlier through the CLI or Management application interfaces by completing the following steps. 1. Use the - -transshow command to determine the currently pending transaction ID. The - -transshow command displays the pending database transaction for any device configurations invoked earlier through the CLI or DCFM interfaces. The command displays the transaction status (completed or pending), the transaction ID, and the transaction owner (CLI or DCFM). 2. Use the - -transabort command to abort the transaction, where specifies the ID of the transaction to be aborted. Key vault diagnostics With the introduction of Fabric OS 7.0.0, you can run key vault diagnostics tests to identify any key vault connectivity or key operation errors. You configure the key vault diagnostic test using the cryptocfg --kvdiag command. Fabric OS Encryption Administrator's Guide 223 53-1002159-03