cluster member partition migration begin
This command begins the process of migrating keys from Luna application partitions to Luna keyrings.
CAUTION! This overwrites the existing SMK on the migrating partition. If any important key material is backed up/encrypted using the old SMK, it will be unrecoverable unless you have a backup of the SMK. This includes cryptographic blobs backed up to a Luna Backup HSM. Refer to Partition Backup and Restore for more information.
NOTE This command requires minimum Luna Appliance Software 7.9.0 with the lnh_cluster-1.0.5 package installed.
Thales requires minimum Luna Appliance Software 7.8.5 with the lnh_cluster-1.0.4 package, Luna HSM Firmware 7.8.4, and Luna HSM Client 10.7.2 to use clusters in production environments, or minimum Luna Appliance Software 7.9.0 with the lnh_cluster-1.0.5 package, Luna HSM Firmware 7.8.4, and Luna HSM Client 10.8.0 to migrate keys from Luna application partitions.
REST API: PUT /api/clusters/{clusterID}/member/partitions/{partitionID}/migration
User Privileges
Users with the following privileges can perform this command:
>Admin
Syntax
cluster member partition migration begin -partitionid <UUID> [-copassword <password>] [-popassword <password>] [-clusterco <password>] [-clusterpo <password>] [-force]
| Argument(s) | Shortcut | Description |
|---|---|---|
| -clusterco <password> | -clusterc | Specifies the Crypto Officer password for the cluster partition. If this option is not included, LunaSH prompts you to enter it. |
| -clusterpo <password> | -clusterp | Specifies the Partition SO password for the cluster partition. If this option is not included, LunaSH prompts you to enter it. |
| -copassword <password> | -co | Specifies the Crypto Officer password for the migrating partition. If this option is not included, LunaSH prompts you to enter it. |
| -force | -f | Begin the migration process without prompting for confirmation. |
| -partitionid <UUID> | -pa | Specifies the UUID of the migrating partition. See cluster member partition list. |
| -popassword <password> | -po | Specifies the Partition SO password for the migrating partition. If this option is not included, LunaSH prompts you to enter it. |
Example
lunash:>cluster member partition migration begin -partitionid f66b649a-af1e-402b-8408-8acfb21e06f5
Please enter the Migrating Partition CO password:
> ********
Please enter the Migrating Partition PO password:
> ********
Please enter the Cluster Partition CO password:
> ********
Please enter the Cluster Partition PO password:
> ********
WARNING !! This operation will result in the migrating partition's current SMK to
be overwritten. It will not be recoverable. Please ensure it has been
backed up before proceeding.
If you are sure that you wish to proceed, then type 'proceed', otherwise type 'quit'
> proceed
Proceeding...
Success
Command Result : 0 (Success)
