Accessing LunaCM
The LunaCM utility (LunaCM) is the client-side administrative command interface for Luna Cloud HSMs.
To access LunaCM
1.Open a Command Prompt or console window.
2.Go to the HSM Client software directory and start the LunaCM utility:
>cd /usr/safenet/cryptovisor/client/p11/bin
>./lunacm
Some preliminary status information is displayed, followed by the lunacm:> command-line prompt.
3.You can now issue any LunaCM utility command to manage your Luna Cloud HSMs. For a summary, type "help" and press Enter.
Scripted Use
This document generally describes LunaCM being used via its own persistent interface or shell, where the tool is launched and remains open for administrative users to issue commands at their convenience. However, for headless operation and other administrative scenarios, it is possible to launch LunaCM from a Windows or UNIX/Linux command prompt to execute a single command and immediately close. Similarly, it is possible to invoke LunaCM by referring it to a file that contains a list of commands to execute. Some command-line launch-time flags are provided.
lunacm [-c <command>] [-q <command>] [-s <slot id> <command>] [-e <script filename>] [-f <script filename>]
| Option | Description |
|---|---|
| Non-repeating, single-instance commands | |
| . <command> | If no option is specified, LunaCM launches its full, persistent shell interface. |
| -c <command> | This option displays the banner and runs a single instance of a LunaCM command, and then returns to the operating system command prompt. |
| -q <command> | This option runs a single instance of a LunaCM command, and then returns to the operating system command prompt. The banner is suppressed. |
| -s <slot number> <command> | This option runs a single instance of a LunaCM command against the specified slot, and then returns to the operating system command prompt. The banner is suppressed. |
| Scripting options | |
| -e <script filename> | Launch LunaCM with this option followed by the name of a file containing a list of LunaCM commands, with one command per line. This option halts when the first error is encountered. Use this option when debugging your scripts. |
| -f <script filename> |
Launch LunaCM with this option followed by the name of a file containing a list of LunaCM commands, with one command per line. This option continues after any command that results in an error (as long as the command concludes by returning control). |
NOTE When preparing a script file, any commands with a -force option should include that option to suppress prompts (like "Type 'proceed'...") that could halt the progression of scripted commands. If a command requires inputs (like passwords, domains, etc), those parameters must be provided as part of the command.
TIP Change in scripted operation from Luna HSM 6.x to Luna HSM 7.x
When scripting multi-step operations, a common way to provide responses to interactive commands (example, the lunacm hagroup creategroup command needs a response of "copy", or "remove", or "quit") is to use "echo" to pipe the response text into the command within your script.
This worked well for Luna 5.x/6.x, in the below example presenting "copy" to resolve the interim prompt.
“echo copy | lunacm -q hagroup creategroup -serialNumber <serialNumber> -label <HAgroupName> -password <partitionPass>"
To accomplish the same result with Luna 7.x.x, do the following:
1.Create a file, in this example, “copy.txt” that contains only the word “copy” as its content.
2.Run the “lunacm” commands as below to create the HA group, and to add a member to the HA group, while inputting the “copy” prompt:
•In cmd (for .bat script):
type copy.txt | lunacm -c hagroup creategroup -label HA -slot 0 -p ********
type copy.txt | lunacm -c hagroup addmember -group HA -slot 1 -p ********
•In Powershell (for powershell script) :
Get-Content .\copy.txt | .\lunacm.exe -c hagroup creategroup -label HA -slot 0 -p ********
Get-Content .\copy.txt | .\lunacm.exe -c hagroup addmember -group HA -slot 1 -p ********
Use the same technique in similar situations.
