hagroup addmember

Add a member to an HA group. Use the -slot option or the -serialnumber option to specify which HSM to add to the group.

All password-authenticated HA group members must have the same password.

All multifactor quorum-authenticated HA group members must have a challenge created, and activation turned on, and all challenges must be the same. See Activation on Multifactor Quorum-Authenticated Partitions for more information.

If you intend to add a standby member to the group, you must first use this command to add the member to the group, then use the LunaCM hagroup addstandby command to convert the member to standby status. By default, Luna Cloud HSM services are added as standby members.

NOTE V1 partitions: If you add an application partition with an existing SMK to an HA group, the primary member's SMK overwrites the existing SMK of the joining partition.

If a partition's SMK has ever been used to encrypt important SKS objects, save a backup of the SMK before adding that partition to any HA group.

NOTE If you are planning or setting up an HA group, note the following:

>A partition at Luna HSM Firmware 7.7.0 or newer cannot be a primary for an HA group where a secondary member firmware version is older than 7.7.0.

>Luna HSM Client 10.4.0 allows creation of groups with a mix of FIPS and non-FIPS member partitions.

Syntax

hagroup addmember {-serialnumber <serialnum> | -slot <slotnumber>} -group <label> -password <password>

Argument(s)	Shortcut	Description
-serialnumber <serialnum>	-se	Serial number of the member to add. This option is mandatory if -slot is not used. The serial number that identifies the partition being added to the HA group.
-slot <slotnumber>	-sl	Slot number of the member to add. This option is mandatory if -serialnumber is not used. A slot number to identify the partition being added to the HA group.
-group <label>	-g	Label for the group being joined.
-password <password>	-p	Crypto Officer password or challenge secret for the partition. This password must be the same for all HA group member partitions.

Example

lunacm:> hagroup addmember -serialnumber 1238700701515 -group myHAgroup

        Enter the password: ********
        Member 1238700701515 successfully added to group myHAgroup. New group
        configuration is:

         HA Group Label:  myHAgroup
        HA Group Number:  1154438865288
       HA Group Slot ID:  5
       Synchronization: enabled
          Group Members:  154438865288, 1238700701515
             Needs sync:  yes
        Standby Members:  <none>


Slot #    Member S/N                      Member Label    Status
======    ==========                      ============    ======
     0  154438865288                            sa78-2     alive
     1  1238700701515                            sa40-2     alive


        Please use the command "ha synchronize" when you are ready
        to replicate data between all members of the HA group.
        (If you have additional members to add, you may wish to wait
        until you have added them before synchronizing to save time by
        avoiding multiple synchronizations.)

Command Result : No Error



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-04-15 13:18:27 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information