beautypg.com

Two node eg split manual recovery example – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 243

background image

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

225

53-1002925-01

Encryption group merge and split use cases

6

NOTE

If one or more EG status displays as CONVERGED contact technical support as the following
procedure will not work.

To reconverge the EG, you will need to perform a series of steps. The following is a listing of the
basic steps involved - this listing is followed by an example with the details of each step:

1. Confirm that your EG is not in a CONVERGED state.

2. Determine which GL Node will remain the GL Node once the EG is reconverged.

It is recommended to pick the GL from the largest EG island that exists (for example, if your EG
islands do not all have the same number of members). If you have an EG island with 3 Nodes
and another EG island with just 1 Node, pick the GL from the 3 Node EG island.

3. Use the selected EG island's GL Node to deregister every node that is not in a DISCOVERED

state.

4. Go to every other EG island and delete the associated EG.

NOTE

One additional step is needed here when a four node encryption group splits into a pair of two
node encryption groups, with each encryption group having its own group leader. This single
special case is addressed in the

“Two node EG split manual recovery example”

.

5. Reregister all Nodes from that were a part of the other EG islands.

6. Verify your EG is reconverged.

Two node EG split manual recovery example

The following example is a case where you have an EG split of a two node encryption group with
nodes named Node181 and Node182. Node181 has WWN 10:00:00:00:05:1e:33:33 and
Node182 has WWN 10:00:00:05:1e:55:55:55.

1. Perform the cryptocfg

--

show

-

groupcfg command from every node in your setup. If the EG is

split, the Encryption Group state from each node will show up as CLUSTER_STATE_DEGRADED.
If some EG Nodes are showing as CLUSTER_STATE_CONVERGED and others as
CLUSTER_STATE_DEGRADED then contact technical support. In our case, assume the User
has performed this command on both Node181 and Node182 and in each case the result was
'CLUSTER_STATE_DEGRADED'.

2. Determine which node will be encryption group leader when the EG is re-converged. In this

example, Node182 is to become the EG Leader for the EG.

3. Deregister every encryption group node not in a DISCOVERED state.

From the node that you want to be the encryption group leader when the EG is re-converged
(Node182 in this example), determine the encryption group state.

Node182:admin-> cryptocfg --show -groupcfg

The output of this command should show the Encryption Group state as
CLUSTER_STATE_DEGRADED.

Deregister the group member nodes. In this example, this is Node181 as identified by its WWN.

Node182:admin-> cryptocfg --dereg -membernode 10:00:00:05:1e:55:33:33

See also other documents in the category Brocade Computer Accessories: