14.10 Using Encrypted Volumes in a Server Cluster (Linux)

If you use an encrypted NSS volume in a Novell Cluster Services™ cluster, you must manually enter the password for the volume on one of the servers only when you first start or restart the cluster. You use NSSMU to mount the encrypted volume on one of the OES Linux servers and enter the volume password, then dismount volume before you can bring the cluster resource online for the first time.

NSS uses the password to create a key, which it stores in the server memory. The NCS software passes the key to other nodes. After all servers hold the key, the volume is available while any one of the servers is still participating actively in the cluster. If all servers in the cluster fail, you must repeat this procedure when you recover the cluster and restart services.

  1. Boot or restart the servers in the cluster.

    If you automated the loading of cluster resources, the cluster reports each resource is comatose because it cannot bring the corresponding encrypted volume online.

    If you opt to manually start cluster resources, the cluster resources are not yet active.

  2. From one of the nodes in the cluster, repeat the following steps for each of the encrypted volumes in the cluster.

    1. In NSSMU, select Volumes.

    2. In the Volumes list, select the shared volume you want to mount.

    3. Select or press F7 to mount the shared volume.

    4. When prompted, enter the password, then click OK.

      If the server already knows the key for the volume, you are not prompted for the password.

    5. In the Volumes list, select the shared volume that you want to dismount.

    6. Select or press F7 to dismount the shared volume.

  3. Follow the normal procedures to activate the cluster resources.

    For information, see the OES Novell Cluster Services Administration Guide for Linux . The node passes the key information to the other nodes. While at least one of the servers is actively participating in the cluster, you do not need to reenter the encryption password again.