Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit

231

232

233

234

235

236

237

238

239

240

Fabric OS Encryption Administrator’s Guide 219

53-1002159-03

Encryption group merge and split use cases

Two node EG split manual recovery example

The following example is a case where you have an EG split of a two node encryption group with

nodes named Node181 and Node182. Node181 has WWN 10:00:00:00:05:1e:33:33 and

Node182 has WWN 10:00:00:05:1e:55:55:55.

1. Perform the cryptocfg

--show -groupcfg command from every node in your setup. If the EG is

split, the Encryption Group state from each node will show up as CLUSTER_STATE_DEGRADED.

If some EG Nodes are showing as CLUSTER_STATE_CONVERGED and others as

CLUSTER_STATE_DEGRADED then contact technical support. In our case, assume the User

has performed this command on both Node181 and Node182 and in each case the result was

'CLUSTER_STATE_DEGRADED'.

2. Determine which node will be encryption group leader when the EG is re-converged. In this

example, Node182 is to become the EG Leader for the EG.

3. Deregister every encryption group node not in a DISCOVERED state.

From the node that you want to be the encryption group leader when the EG is re-converged

(Node182 in this example), determine the encryption group state.

Node182:admin->cryptocfg --show -groupcfg

The output of this command should show the Encryption Group state as

CLUSTER_STATE_DEGRADED.

Deregister the group member nodes. In this example, this is Node181 as identified by its WWN.

Node182:admin->cryptocfg --dereg -membernode 10:00:00:05:1e:55:33:33

Display the encryption group state again.

Node182:admin->cryptocfg --show -groupcfg

Node182 should now show up with an Encryption Group state of

CLUSTER_STATE_CONVERGED.

In this two node example, there is only one other node in the encryption group, and therefore

the is only one node to deregister. When you have a 3:1 split or a 2:2 split, issue the following

command from the group leader node you are keeping.

Switch:admin->cryptocfg --show -groupmember -all

The output of this command will show you every node that was ever a part of this encryption

group. Look at State: for all nodes to determine which ones to deregister. Only the nodes with a

state of DEF_NODE_STATE_DISCOVERING must be deregistered from the group leader node

you are keeping. The example below shows that the node with WWN 10:00:00:05:1e:c1:9a:86

needs to be deregistered.

Switch:admin > cryptocfg --show -groupmember -all

NODE LIST

Total Number of defined nodes: 4

Group Leader Node Name: 10:00:00:05:1e:54:22:44

Encryption Group state: CLUSTER_STATE_DEGRADED

…. Output truncated…

Node Name: 10:00:00:05:1e:c1:9a:86

State: DEF_NODE_STATE_DISCOVERING