Brocade Fabric OS Command Reference (Supporting Fabric OS v7.3.0) User Manual

192

Fabric OS Command Reference

53-1003131-01

cryptoCfg

2

This command is required only when a node that was earlier part of encryption
group (online and DISCOVERED) was ejected or left the encryption group and is
now added back to that encryption group. A member node that is online during
registration is added automatically to the encryption group. The following operand
is required:

node_WWN

Specifies the WWN of the node to be added back to the encryption group.

--eject -membernode

Removes a member node from the existing encryption group. The node is
specified by its node WWN. This command is valid only on the group leader. The
node must be online (in DISCOVERED state) for this command to succeed. To
remove a node that is not online (in DISCOVERING State), use the --dereg
-membernode command. You must remove the EEs from the HA cluster and
delete any Crypto Target container/LUN configurations from this node before
ejecting the node or the command fails. The following operand is required when
ejecting a member node:

node_WWN

Specifies the node WWN of the node to be removed from the encryption group.

--leave_encryption_group

Clears the node's states pertaining to the node's membership in the encryption
group. This command is invoked from the member node that is to be ejected from
the encryption group.

If there are CryptoTarget container/LUN configurations on the node and the
encryption engines of this node are part of any HA Cluster configuration, this
command prompts you to either continue leaving the encryption group while
retaining the configuration, or to abort the leave operation. It is recommended that
you remove the EEs from the HA cluster and delete any CryptoTarget container
and Crypto LUN configurations from this node prior to initiating a leave operation.

--genmasterkey

Generates a master key. A master key is needed when an opaque key vault such
as DPM is used. The master key must be exported (backed up) before it may be
used. This command is valid only on the group leader. Only one master key per
key vault is needed for the entire encryption group. When a master key is
generated and a master key exists, the current master key becomes the alternate
master Key and the newly generated master key becomes the current master key.

--exportmasterkey

Exports the current master key encrypted in a key generated from a specified
pass phrase. By default this command backs up the key to the attached key
vaults, or optionally to a predetermined file on the switch. This command is valid
only on the group leader. This command prompts for a pass phrase.

passphrase

Specifies the pass phrase for the master key encryption. A pass phrase must be
between 8 and 40 characters in length and can contain any character
combination. Make a note of the pass phrase, because the same pass phrase is
required to restore the master key from backup. This operand is required.

-file

Stores the encrypted master key in a predetermined file on the switch. This
operand is optional. If the -file operand is not specified, the encrypted master key
is stored in the attached key vaults, using a unique associate Key ID for tracking
the export. Upon execution, this command displays both the associated Key ID
and the master key ID. You can export the master key to the key vault more than