Client-Computer HAadmin Commands (vtl)
NAME
vtl haAdmin -newGroup - create a new HA group.
SYNOPSIS
vtl haAdmin -newGroup -serialNum <serialnumber> -label <label> -password <password>
DESCRIPTION
Creates a new High Availability (HA) group. The user selects a label for the new group, and provides a primary partition and it's password. Using these, the HA group is set up and is ready for new partitions to be added to it. Note that the user must be assigned the partition in question, and the NTLA must be correctly established.
The new HA group will be assigned an HA group number that is used for all other commands associated with this HA group.
The new HA group will appear as an additional slot in the client machine's slot list. The slot will be denoted as an HA Virtual Card Slot slot-type when using C_GetSlotInfo call
If there are any existing objects on the partition, the user is asked if he would like to keep them, remove them, or quit to further examine them.
If this new HA group is a copy of a group on another client, the user will be warned that there is an existing HA key on the partition. If the user's intention is to have both clients able to talk to the same set of partitions in HA groups, the user must type 'copy' to keep and use the existing HA key. (If the user removes it, the partition will no longer be a working member of the other HA group(s) to which it belongs.)
VTL manages the HA groups that you create, and must therefore remember each group and each member (serial number) that is used. You might wish to create a group, then create additional groups based on the configuration of the first one, by "re-using" the primary member - deleting that primary member from the first group and using it to start another group [a Luna SA can be a member of just one HA group at one time].
This can work for a second and a third HA group, but cannot be done for any additional HA groups (fourth, fifth, etc.) unless you remove an existing group before you attempt to create any new group.
The maximum concurrent HA groups administered by one vtl and re-using the same primary member is three.
To administer many HA groups, all started by the same Luna SA, from one administrative workstation, run Virtual Machine environments on that workstation with a separate instance of vtl in each VM.
OPTIONS
-serialNum <serialnumber> [mandatory] The serial number of the primary partition for the group. The partition's serial number can be obtained using 'partition -show' from the lunash, or by using C_GetTokenInfo via a PKCS#11 application such as ckdemo. All partitions have unique serial numbers.
-label <label> [mandatory] Provide a label for the new HA group. This is the value that will be returned to the PKCS#11 call C_GetTokenInfo for the HA slot.
-password <password> [mandatory] The text password for the primary partition. Note that for Luna SA with Trusted Path Authentication partitions, all partitions that will be added to the HA group must share this password. You may wish to use the lunash command 'partition -changePw' to set the password before completing this step.
SAMPLE OUTPUT
vtl haAdmin -newGroup -label testgroup -serial 65010001 -password
testpassword
Warning: There
are 2 objects currently on the new member.
Do
you wish to propagate these objects within the HA
group,
or remove them?
Type
'copy' to keep and propagate the existing
objects,
'remove' to remove them before continuing,
or
'quit' to stop adding this new group member.
>
copy
New group with label “testgroup” created at group number
165010001.
Group configuration is:
HA Group Label: testgroup
HA Group Number: 1150520008
HA Group Slot #: unknown
Synchronization: enabled
Group Members: 150520008
Standby members: <none>
In Sync: yes
Error When Attempting More than Three Groups
The following is an example of what happens if you are re-using a primary Luna SA to attempt to create a fourth HA group, without deleting any of the earlier groups. VTL on your administrative computer must keep track of all HA groups that it is managing, and it allows a maximum of three:
hbash-3.2# ./vtl haadmin -new -l ha4 -s 951357004
Please enter the password for the partition:
> *******
Warning: There are 119 objects currently on the new member.
Do you wish to propagate these objects within the HA
group, or remove them?
Type 'copy' to keep and propagate the existing
objects, 'remove' to remove them before continuing,
or 'quit' to stop adding this new group member.
> copy
Can not generate a unique serial number for the HA group.
You may want to delete any un-used HA group and try again.
'vtl haAdmin -newGroup' aborted.
bash-3.2# ./vtl