hagroup creategroup

Create an HA group. Use the -slot or -serialnumber options to specify the primary member for the group. All password-authenticated HA group members must have the same password. All multifactor quorum-authenticated HA group members must have a challenge created, and activation turned on, and all challenges must be the same. See Activation on Multifactor Quorum-Authenticated Partitions for more information. By default, you cannot create a group using a Luna Cloud HSM service as the primary member; it must be added to an existing group.

However, if you prefer to use the Luna Cloud HSM service as an active HA member, you must first edit the following toggle in the Chrystoki.conf/crystoki.ini configuration file (see Configuration File Summary):

[Toggles]
lunacm_cv_ha_ui = 0

CAUTION!    Failover to Luna Cloud HSM is supported in an HA group with password-authenticated Luna partitions only. When configured in an HA group with multifactor quorum-authenticated Luna partitions, Luna Cloud HSM functions as a backup only.

For a more in-depth look at HA groups and their options please see High-Availability Groups.

Syntax

hagroup creategroup {-serialnumber <serialnum> | -slot <slotnumber>} -label <label> -password <password>

Argument(s)	Shortcut	Description
-serialnumber <serialnum>	-se	Serial number of the partition selected to be the primary member of the HA group.
-slot <slotnumber>	-sl	Slot number of the partition selected to be the primary member of the HA group.
-label <label>	-l	Label for the HA group being created.
-password <password>	-p	Crypto Officer password or challenge secret for the primary partition. This password must be the same for all HA group member partitions.

Example

lunacm:> hagroup creategroup -serialnumber 154438865288 -label myHAgroup

        Enter the password: ********

Warning:  There are objects currently on the new member.
          Do you wish to propagate these objects within the HA
          group, or remove them?

          Type 'copy' to keep and propagate the existing
          objects, 'remove' to remove them before continuing,
          or 'quit' to stop adding this new group member.
          >  copy


        New group with label "myHAgroup" created with group number 1154438865288.
        Group configuration is:

         HA Group Label:  myHAgroup
        HA Group Number:  1154438865288
       HA Group Slot ID:  Not Available
        Synchronization: enabled
          Group Members:  154438865288
             Needs sync:  no
        Standby Members:  <none>

Slot #    Member S/N                      Member Label    Status
======    ==========                      ============    ======
     0  154438865288                            sa78-2     alive


Command Result : No Error



LunaCM v7.0.0. Copyright (c) 2006-2017 SafeNet.

        Available HSMs:

        Slot Id ->              0
        Label ->                sa78-2
        Serial Number ->        154438865288
        Model ->                LunaSA 7.0.0
        Firmware Version ->     7.0.1
        Configuration ->        Luna User Partition With SO (PW) Signing With Cloning Mode
        Slot Description ->     Net Token Slot

        Slot Id ->              1
        Label ->                sa40-2
        Serial Number ->        1238700701515
        Model ->                LunaSA 7.0.0
        Firmware Version ->     7.0.1
        Configuration ->        Luna User Partition With SO (PW) Signing With Cloning Mode
        Slot Description ->     Net Token Slot

        Slot Id ->              5
        HSM Label ->            myHAgroup
        HSM Serial Number ->    1154438865288
        HSM Model ->            LunaVirtual
        HSM Firmware Version -> 7.0.1
        HSM Configuration ->    Luna Virtual HSM (PW) Signing With Cloning Mode
        HSM Status ->           N/A - HA Group



        Current Slot Id: 0