hagroup addmember
Add a member to an HA group. Use the -slot option or the -serialnumber option to specify which HSM to add to the group.
All password-authenticated HA group members must have the same password.
If you intend to add a standby member to the group, you must first use this command to add the member to the group, then use the LunaCM hagroup addstandby command to convert the member to standby status. By default, Luna Cloud HSM services are added as standby members.
NOTE V1 partitions: If you add an application partition with an existing SMK to an HA group, the primary member's SMK overwrites the existing SMK of the joining partition.
If a partition's SMK has ever been used to encrypt important SKS objects, save a backup of the SMK before adding that partition to any HA group.
NOTE If you are planning or setting up an HA group, note the following:
>A partition at Luna HSM Firmware 7.7.0 or newer cannot be a primary for an HA group where a secondary member firmware version is older than 7.7.0.
>HSM Client 10.4.0 allows creation of groups with a mix of FIPS and non-FIPS member partitions.
Syntax
hagroup addmember {-serialnumber <serialnum> | -slot <slotnumber>} -group <label> -password <password>
Argument(s) | Shortcut | Description |
---|---|---|
-serialnumber <serialnum> | -se | Serial number of the member to add. This option is mandatory if -slot is not used. The serial number that identifies the partition being added to the HA group. |
-slot <slotnumber> | -sl | Slot number of the member to add. This option is mandatory if -serialnumber is not used. A slot number to identify the partition being added to the HA group. |
-group <label> | -g | Label for the group being joined. |
-password <password> | -p | Crypto Officer password or challenge secret for the partition. This password must be the same for all HA group member partitions. |
Example
lunacm:> hagroup addmember -serialnumber 1238700701515 -group myHAgroup Enter the password: ******** Member 1238700701515 successfully added to group myHAgroup. New group configuration is: HA Group Label: myHAgroup HA Group Number: 1154438865288 HA Group Slot ID: 5 Synchronization: enabled Group Members: 154438865288, 1238700701515 Needs sync: yes Standby Members: <none> Slot # Member S/N Member Label Status ====== ========== ============ ====== 0 154438865288 sa78-2 alive 1 1238700701515 sa40-2 alive Please use the command "ha synchronize" when you are ready to replicate data between all members of the HA group. (If you have additional members to add, you may wish to wait until you have added them before synchronizing to save time by avoiding multiple synchronizations.) Command Result : No Error