Configuring HA Auto-Recovery

When auto-recovery is enabled, Luna HSM Client performs periodic recovery attempts when it detects a member failure. HA auto-recovery is disabled by default for new HA groups. To enable it, you must set a maximum number of recovery attempts. You can also set the frequency of recovery attempts, and the auto-recovery mode (activeBasic or activeEnhanced). These settings will apply to all HA groups configured on the client.

To configure HA auto-recovery

1.Set the desired number of recovery attempts by specifying the retry count as follows:

Set a value of 0 to disable HA auto-recovery

Set a value of -1 for unlimited retries

Set any specific number of retries from 1 to 500

lunacm:> hagroup retry -count <retries>

2.[Optional] Set the desired frequency of recovery attempts by specifying the time in seconds. The acceptable range is 60-1200 seconds (default: 60).

lunacm:> hagroup interval -interval <seconds>

3.[Optional] Set the auto-recovery mode. The default is activeBasic.

lunacm:> hagroup recoverymode -mode {activeBasic | activeEnhanced}

4.[Optional] Check that auto-recovery has been enabled. You are prompted for the Crypto Officer password/challenge secret.

lunacm:> hagroup listgroups