Updating a GPFS cluster to nistCompliance SP800-131A
Learn how to generate FIPS compliant authentication keys for GPFS.
About this task
A cluster upgraded from GPFS version below 4.1 may have
nistCompliance set to
off and may be operating with keys which are not NIST SP800-131A-compliant. When enabling FIPS at
the GPFS level, this becomes an issue and the following warning might be
generated:[root@node0101 ~]# mmchconfig FIPS1402mode=yes
mmchconfig: Attention: The authentication keys for cluster gpfs-9940062_hadomain_1-cluster.apdomain.ibm.com (this cluster)
may not be FIPS140-2 compliant. Use mmauth genkey {new | commit} to replace
the keys as described in the 'Updating a cluster to nistCompliance SP800-131A'
section of the documentation.
Make the system compliant with NIST SP800-131A:
- For a single rack system (system with single GPFS cluster), follow the steps that are described in Updating a GPFS cluster to nistCompliance SP800-131A for a single rack system.
- For a multi-rack system (system with multiple GPFS clusters), follow the steps that are described in Updating a GPFS cluster to nistCompliance SP800-131A for a multi-rack system.