Install Zettaset XCrypt Full Disk

the installer sends the zettaset xcrypt full disk libraries and configuration files to each target node and encrypts the nodes and partitions listed in the hosts inv file the zettaset xcrypt full disk installer must have permission to write to the {{futurex}} pkcs #11 (fxpkcs11) log file, fxpkcs11 log , on the primary kmip node before proceeding with the steps in this procedure, run the following command as root or sudo to add write permissions on the fxpkcs11 log file $ sudo chmod 666 /tmp/fxpkcs11 log perform a sanity check on the inventory file this command confirms that the settings in your file are valid $ /install zts xcrypt full disk sh vv i hosts inv check run the installer $ /install zts xcrypt full disk sh vv i hosts inv install this creates the needed kmip and hsm servers, establishes secure connectivity between all nodes and services, and encrypts partitions at the end of the installation output display, you should see zero failures for all nodes in the play recap zettaset xcrypt full disk creates four keys on the {{vectera}} one public and one private rsa 2048 asymmetric key and two aes 256 data encryption keys view the block devices for each target node to confirm partition encryption your output reflects your partitions $ ssh target03 "lsblk o name,fstype,size,mountpoint" name fstype size mountpoint └─sdc crypto luks 5g └─crypt2 (dm 2) xfs 5g /data2 view the encryption key names by viewing cryptinittab on the target node $ ssh target03 "cat /etc/zts/conf default/cryptinittab" partition mount point mapper name key name /dev/sdc /data2 crypt2 688eda48 337f 49fd back up the cryptinittab file for each encrypted node this file is the only way to associate a key with a partition review install log when needed remove any hsm pin values from the hosts inv file