• If the KeyManager type displays external and the Restored column displays yes , it's safe to shut
down the impaired node.
• If the
KeyManager type displays onboard and the Restored column displays yes , you need to
complete some additional steps.
• If the
KeyManager type displays external and the Restored column displays anything other than yes ,
you need to complete some additional steps.
• If the
KeyManager type displays onboard and the Restored column displays anything other than yes ,
you need to complete some additional steps.
Step 2. If the
KeyManager type displays onboard and the Restored column displays yes , manually backup the
OKM information:
a. Go to advanced privilege mode and enter y when prompted to continue: set -priv advanced
b. Enter the command to display the key management information: security key-manager onboard
show-backup
c. Copy the contents of the backup information to a separate file or your log file. You'll need it in
disaster scenarios where you might need to manually recover OKM.
d. Return to admin mode:
set -priv admin
e. Shut down the impaired node.
Step 3. If the
KeyManager type displays external and the Restored column displays anything other than yes :
a. Restore the external key management authentication keys to all nodes in the cluster:
security
key-manager external restore
If the command fails, contact Lenovo Support.
https://datacentersupport.lenovo.com/
b. Verify that the Restored column equals yes for all authentication keys: security key-manager key
query
c. Shut down the impaired node.
Step 4. If the
KeyManager type displays onboard and the Restored column displays anything other than yes :
a. Enter the onboard security key-manager sync command:
security key-manager onboard sync
Note: Enter the customer's onboard key management passphrase at the prompt. If the
passphrase cannot be provided, contact Lenovo Support.
https://datacentersupport.lenovo.com/
b. Verify the Restored column shows yes for all authentication keys: security key-manager key query
c. Verify that the
KeyManager type shows onboard , manually backup the OKM information.
d. Go to advanced privilege mode and enter
y when prompted to continue: set -priv advanced
e. Enter the command to display the key management backup information: security key-manager
onboard show-backup
f. Copy the contents of the backup information to a separate file or your log file. You'll need it in
disaster scenarios where you might need to manually recover OKM.
g. Return to admin mode: set -priv admin
h. You can safely shutdown the node.
Verifying LSE configuration
Step 1. Display the key IDs of the authentication keys that are stored on the key management servers:
security key-manager query
• If the
KeyManager type displays external and the Restored column displays yes , it's safe to shut
down the impaired node.
Chapter 4. Hardware replacement procedures 49
To Next Page
Loading...
