cluster join
Join an existing cluster created on another Luna Network HSM 7. Both appliances must be configured with the same identity mode (single or dual; see Keyring Roles and Identity Modes) and client assignment mode (auto or manual; see Client Assignment Modes).
NOTE Thales requires minimum Luna Appliance Software 7.8.5 with the lnh_cluster-1.0.4 package, Luna HSM Firmware 7.8.4, and Luna HSM Client 10.7.2 to use clusters in production environments, or minimum Luna Appliance Software 7.9.0 with the lnh_cluster-1.0.5 package, Luna HSM Firmware 7.8.4, and Luna HSM Client 10.8.0 to migrate keys from Luna application partitions.
CAUTION! If the join process is interrupted due to a network disruption, an incomplete join state can result. If this happens, contact Thales Customer Support for recovery procedures.
REST API: PUT /api/clusters/{clusterID}
User Privileges
Users with the following privileges can perform this command:
>Admin
Syntax
cluster join -clusterid <string> -clusteripaddress <ipaddress> -remotepassword <password> -partition <label> [-copassword <password>] [-force]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -clusterid | Specifies the ID of the cluster to join. | |
| -clusteripaddress | -clusterip | Specifies the IP address of the appliance whose cluster will be joined. |
| -copassword | -co | Specifies the Crypto Officer password for the cluster partition. If this option is omitted on a password-authenticated HSM, LunaSH prompts for the password. If this option is included on a multifactor quorum-authenticated HSM and the partition is not activated, it is ignored. |
| -force | -f | Join the cluster without asking for confirmation. |
| -partition | -p | Specifies the label of the cluster partition. |
| -remotepassword | -r | Specifies the admin user password for the appliance whose cluster will be joined. |
Example
lunash:>cluster join -clusterid ac2a0f56-626e-4c91-a379-489b789a47e7 -clusterip 1.2.3.4 -remotepassword IamtheAdmin -partition localpar -co IamtheCO -force Step 1/2: Executing initial 'join Cluster' request... Step 2/2: Setting cluster data and restarting service Command Result : 0 (Success)
