cluster member authorize
Authorize the specified cluster member to create objects on the cluster's keyrings.
NOTE Thales requires minimum Luna Appliance Software 7.8.5 with the lnh_cluster-1.0.4 package, Luna HSM Firmware 7.8.4, and Luna HSM Client 10.7.2 to use clusters in production environments, or minimum Luna Appliance Software 7.9.0 with the lnh_cluster-1.0.5 package, Luna HSM Firmware 7.8.4, and Luna HSM Client 10.8.0 to migrate keys from Luna application partitions.
Manual member authorization is required only:
>to authorize the first member of a new cluster
>to authorize the only member of a single-member cluster that has rebooted or recovered
>to authorize the first member of a cluster where all members rebooted or recovered
In a cluster where at least one member remains active and connected, new and rejoining members automatically take their authorization from that member, and manual re-authorization is not required.
REST API: PUT /api/clusters/{clusterID}/members/{memberID}
User Privileges
Users with the following privileges can perform this command:
>Admin
Syntax
cluster member authorize -partition <name> [-copassword <password>] [-memberid <string>]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -copassword | -c | The cluster partition Crypto Officer password. If this option is omitted on a password-authenticated HSM, LunaSH prompts for the password. If this option is included on a multifactor quorum-authenticated HSM and the partition is not activated, it is ignored. |
| -memberid | -m | Specifies the member ID to be authorized. See cluster member list. |
| -partition | -p | Specifies the label of the cluster partition. |
Example
lunash:>>cluster member authorize -memberid ecb8f151-8184-412d-840a-6cd15e8ffb36 -partition clusterpar -copassword IamtheCO Success Command Result : 0 (Success)
