Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

171

172

173

174

175

176

177

178

179

180

a. Use the vxdg import dg_name command to import the disk group.

b. Use the vxvol -g dg_name startall command to initialize the disk group.

c. To test the import operation, you can configure and mount temporary file systems on the VxVM

volumes. When the configuration is complete, you will configure and mount file systems on

EVFS volumes, not on the VxVM volumes.

Step 3 (EVS only): Configuring EVS on the configuration node

On the configuration node, configure and verify EVFS using the procedures described in Chapter 4

(page 28). After you have verified EVFS operation, you must complete the following additional

tasks to use the EVFS volumes with a Serviceguard package:

a. Create a cluster key pair, an EVFS key pair that will be distributed and used on all nodes in

the cluster.

b. Add the cluster key pair to the EMD of the EVFS volumes used by the Serviceguard package.

c. Modify the entries in the /etc/evfs/evfstab file so that the package control script or

package configuration file in modular packages can enable the EVFS volumes when the

package starts.

d. Prepare the EVFS volumes for configuration on the adoptive nodes.

Step 3a: Creating a cluster key pair

A cluster key pair is an EVFS key pair that is distributed and used on all nodes in the cluster. EVFS

uses this key pair to enable the EVFS volumes from the package control script or the package

configuration file, so this key pair must exist and be the same on all nodes in the cluster. The key

pair must meet the following criteria:

• The user account name and user ID for the key owner must exist and be the same on all nodes

in the cluster.

• The user account for the key owner must have superuser privileges or the appropriate privileges

on all nodes in the cluster.

• The key ID must be unique when compared to other key IDs on all cluster nodes. Do not create

a key with a key name that already exists for the key owner on a remote node.

• Each node in the cluster must have a stored passphrase for the private key. EVFS uses the

stored passphrase to automatically enable the volume when the package fails over.

• You must use the same passphrase on all nodes, but you must create a new stored passphrase

file on each node. Stored passphrase files are encrypted with system-specific data and are

unusable on remote systems.

You must know the passphrase for the private key.

IMPORTANT: Do not use the -s option when generating the key pair with the evfspkey

keygen command. When you use the -s option, EVFS generates and stores the passphrase

for you, and you cannot retrieve the passphrase.

Use the following evfspkey keygen syntax to create the cluster key pair:

evfspkey keygen -p [-c cipher] [-u user] [-k keyname]

Step 3b: Adding the cluster keys to the EMD

Add the cluster key pair to the EMD of the EVFS volumes used by the package. Use the following

evfsvol add command:

evfsvol add -u user [-k keyname] evfs_volume_path

The user and keyname are the user name and key name for the cluster key pair.

Step 3c: Modifying /etc/evfs/evfstab entries

You must modify entries in the /etc/evfs/evfstab file for EVFS volumes used by the

Serviceguard package so EVFS can enable the volumes when the package starts. The entries in

Step 3 (EVS only): Configuring EVS on the configuration node 171