Netezza Performance Server for Cloud Pak for Data
System
Note: This feature is not
supported if you have Netezza Performance Server 11.2.2.X
and later installed on Cloud Pak for Data System 2.X.
You use the nzkey
change -spukey command to change the AEK for the storage array
SEDs.
Before you begin
Before you begin, make sure that you have your new AEK for the SPU. Use the nzkey
generate command to generate a new AEK for the SPU key. If you are changing the SPU key
for the storage array drives, system must be in the Paused or
Offline mode because the system manager must be running to propagate the new key.
No queries or I/O activity can be active. The new AEK is immediately communicated from the system
manager to the SPUs.
If you attempt to put the system in the Online state,
the state change waits until all the SPUs and disks are updated with the new AEK. The command
creates a backup copy of the current keystore before it changes the key. After the change is
finished, create a backup of the new keystore by using the nzkeybackup
command.
Procedure
- Log in to the host container as the nz user.
- Transition the system to the
Paused or Offline
state.
[nz@iphost1 ~]$ nzsystem pause
Are you sure you want to pause the system (y|n)? [n] y
- Log in as the root user.
- Use the nzkey change command to change the SPU key:
[root@ipshost ~] /nz/kit/bin/adm/nzkey change -spukey -file /tmp/spukey_change -backupdir /tmp/backups/
# Keystore archive /tmp/backups/keydb_20140711054140.tar.gz written
==========================================================
AEK Summary
==========================================================
Result: Key operation completed successfully.
-> You can run 'nzsystem resume' to resume the system state.
- Create a backup of the updated keystore:
[root@ipshost ~] /nz/kit/bin/adm/nzkeybackup /nz/var/keybackup.tar.gz
Keystore archive /nz/var/keybackup.tar.gz written
- Log out of the root account and return to the nz account.
- Run the nzsystem resume command to return the system to the Online
state.