Two node eg split manual recovery example – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

Fabric OS Encryption Administrator’s Guide (KMIP)

259

53-1002747-02

Encryption group merge and split use cases

6

NOTE

If one or more EG status displays as CONVERGED contact technical support as the following
procedure will not work.

To re-converge the EG, you will need to perform a series of steps. The following is a listing of the
basic steps involved - this listing is followed by an example with the details of each step:

1. Confirm that your EG is not in a CONVERGED state.

2. Determine which GL Node will remain the GL Node once the EG is re-converged.

It is recommended to pick the GL from the largest EG island that exists (i.e. if you EG islands do
not all have the same number of members). For example, if you have an EG island with 3
Nodes and another EG island with just 1 Node, pick the GL from the 3 Node EG island.

3. Use the selected EG island's GL Node to deregister every node that is not in a DISCOVERED

state.

4. Go to every other EG island and delete the associated EG.

NOTE

One additional step is needed here when a four node encryption group splits into a pair of two
node encryption groups, with each encryption group having its own group leader. This single
special case is addressed in the

“Two node EG split manual recovery example”

.

5. Reregister all Nodes from that were a part of the other EG islands.

6. Verify your EG is reconverged.

Two node EG split manual recovery example

The following example is a case where you have an EG split of a two node encryption group with
nodes named Node181 and Node182. Node181 has WWN 10:00:00:00:05:1e:33:33 and
Node182 has WWN 10:00:00:05:1e:55:55:55.

1. Perform the cryptocfg

--

show

-

groupcfg command from every node in your setup. If the EG is

split, the Encryption Group state from each node will show up as CLUSTER_STATE_DEGRADED.
If some EG Nodes are showing as CLUSTER_STATE_CONVERGED and others as
CLUSTER_STATE_DEGRADED then contact technical support. In our case, assume the User has
performed this command on both Node181 and Node182 and in each case the result was
'CLUSTER_STATE_DEGRADED'.

2. Determine which node will be encryption group leader when the EG is re-converged. In this

example, Node182 is to become the EG Leader for the EG.

3. Deregister every encryption group node not in a DISCOVERED state.

From the node that you want to be the encryption group leader when the EG is re-converged
(Node182 in this example), determine the encryption group state.

Node182:admin-> cryptocfg --show -groupcfg

The output of this command should show the Encryption Group state as
CLUSTER_STATE_DEGRADED.

Deregister the group member nodes. In this example, this is Node181 as identified by its WWN.

Node182:admin-> cryptocfg --dereg -membernode 10:00:00:05:1e:55:33:33