All nodes that mount a file system must have access all the keys used in the file system.
The topic describes steps to configure a remote cluster to mount an encrypted file system when the
regular setup is used to configure encryption on the home cluster.
To replicate an encryption configuration on a remote cluster, you must copy encryption
configuration files from the configured node in the home cluster to all nodes in the remote
cluster.
To copy the Remote Key Management (RKM) server configuration file and the client
keystore files on a remote cluster, complete the following steps:
-
If the remote cluster does not have the encryption configuration for other file system, copy
the /var/mmfs/etc/RKM.conf file into the same directory on the remote
nodes.
-
If the remote cluster is configured with regular setup for other file systems, complete the
following steps:
- Back up the /var/mmfs/etc/RKM.conf file on all nodes in the
remote cluster.
- On a single node in the remote cluster, edit the
/var/mmfs/etc/RKM.conf file to add the RKM stanza that is needed to mount the
file system.
- Copy the edited /var/mmfs/etc/RKM.conf file into all nodes in the
remote cluster.
- Copy the keystore files that the new RKM stanza references to the same directories on the
target node. The suggested location for the keystore files on the configured node is
/var/mmfs/etc/RKMcerts/.