Step 2: Distribute a new key by copying it to cluster nodes

Edit online

Ensure that you distribute the same encryption key to each cluster node; otherwise, PowerHA® SystemMirror® cannot communicate between cluster nodes.

About this task

To generate a new key and copy it to other cluster nodes:

Procedure

On the node where you want to create a key, enter smit hacmp
In SMIT, select System Management (C-SPOC) > Security and Users > PowerHA SystemMirror Cluster Security > Configure Message Authentication Mode and Key Management > Generate/Distribute a Key and press Enter.
The Generate/Distribute a Key panel appears.
Enter field values as follows:

Table 1. Generate/Distribute a Key fields

Field Value

Type of Key to Generate Lists the active authentication mode

Distribute a Key No
Copy the key file from the node where the key was generated to each node in the PowerHA SystemMirror cluster.
On each node, a key is stored in the /usr/es/sbin/cluster/etc directory. The name of the key identifies the encryption type selected:
- key_md5_des
- key_md5_3des
- key_md5_aes

Table 1. Generate/Distribute a Key fields
Field	Value
Type of Key to Generate	Lists the active authentication mode
Distribute a Key	No

Results

You can copy the file to diskette and then go to each node and copy the key file to the appropriate directory, or you can use a remote copy command such as ftp or rcp .

Important: A key may already be present on each node, make sure that you copy the key to each node. The new key overwrites the older one if the keys are of the same type, for example if the key is for 3DES. If the keys on the nodes do not match, PowerHA SystemMirror does not function.