Manualshelf

Fabric OS Encryption Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP ISL Trunking Kit
241242243244245246247248249250
Fabric OS Encryption Administrator’s Guide 221
53-1002159-03
Encryption group merge and split use cases
6
Eject the node shown above which is in the DEF_NODE_STATE_DISCOVERED state using the
following command:
EGisland2GLNode:admin->cryptocfg --eject -membernode 10:00:00:05:1e:c1:9b:91
You can now delete the encryption group from the member node using the admin->cryptocfg
--delete -encgroup command, and perform a cryptocfg --show -groupcfg command to verify
that no encryption group is defined on the member node as was done for Node181 in the two
node example, as shown near the beginning of step 4.
5. Reregister all nodes from that were a part of the other encryption group islands.
From Node182, you need to determine the CP certificate name associated with Node181. Use
the following command to look for Node182's CP certificate name:
Node182:admin->cryptocfg --show -file -all
The output of this command will display a listing of all imported CP certificates. Identify the
certificate associated with Node181 and then use it to re-register Node181 as follows:
Node182:admin->cryptocfg --reg -membernode 10:00:00:05:1e:55:33:33 <node181's
certificate file name> <node181's IP address>
Within a minute or two; the encryption group will re-converge.
6. Verify your encryption group is re-converged.
Node181:admin->cryptocfg --show -groupcfg
Node182:admin->cryptocfg --show -groupcfg
Both nodes will now show a two node CONVERGED EG in which Node182 is the group leader
ode and Node181 is a member Node.
The above manual configuration recovery procedure will work nearly identically for all combinations
of EG split scenarios. Simply perform the following steps for the other scenarios:
Pick one EG/EG Leader to be maintained.
Using that GL Node, deregister all Nodes which are in a DISCOVERING state as determined by
the output of the cryptocfg
--show -groupmember -all command.
Go to the other EG islands and delete the EGs.
- In the one case where the other EG has a member node which is in a DISCOVERED state,
you will first need to eject that DISCOVERED Node prior to being allowed to delete that
other EG.
From the only remaining EG/EG leader, reregister the previously deregistered Nodes.
Confirm the EG is converged.