hagroup addmember

Add a member to an HA group. Use the -slot option or the -serialnumber option to specify which HSM to add to the group.

All password-authenticated HA group members must have the same password.

All PED-authenticated HA group members must have a challenge created, and activation turned on, and all challenges must be the same. See Activation and Auto-activation on Multi-factor- (PED-) Authenticated Partitions for more information.

If you intend to add a standby member to the group, you must first use this command to add the member to the group, then use the LunaCM hagroup addstandby command to convert the member to standby status. By default, Luna Cloud HSM services are added as standby members.

NOTE   Back up the SMK in any partition where that SMK is likely to be overwritten, if that SMK is ever likely to be needed to insert (decrypt) any SKS blobs.

If an SMK is cloned from one partition to another (such as must be done when adding members to an HA group), a pre-existing SMK already in the target partition is overwritten by the incoming SMK. Any blobs still encrypted with it are lost, unless a backup exists.

Syntax

hagroup addmember {-serialnumber <serialnum> | -slot <slotnumber>} -group <label> -password <password>

Argument(s) Shortcut Description
-serialnumber <serialnum> -se Serial number of the member to add. This option is mandatory if -slot is not used. The serial number that identifies the partition being added to the HA group.
-slot <slotnumber> -sl Slot number of the member to add. This option is mandatory if -serialnumber is not used. A slot number to identify the partition being added to the HA group.
-group <label> -g Label for the group being joined.
-password <password> -p Crypto Officer password or challenge secret for the partition. This password must be the same for all HA group member partitions.

Example

lunacm:> hagroup addmember -serialnumber 1238700701515 -group myHAgroup

        Enter the password: ********
        Member 1238700701515 successfully added to group myHAgroup. New group
        configuration is:

         HA Group Label:  myHAgroup
        HA Group Number:  1154438865288
       HA Group Slot ID:  5
       Synchronization: enabled
          Group Members:  154438865288, 1238700701515
             Needs sync:  yes
        Standby Members:  <none>


Slot #    Member S/N                      Member Label    Status
======    ==========                      ============    ======
     0  154438865288                            sa78-2     alive
     1  1238700701515                            sa40-2     alive


        Please use the command "ha synchronize" when you are ready
        to replicate data between all members of the HA group.
        (If you have additional members to add, you may wish to wait
        until you have added them before synchronizing to save time by
        avoiding multiple synchronizations.)

Command Result : No Error