<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10pt" ><div dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10pt" ><div dir="ltr" >Bob,</div>
<div dir="ltr" > </div>
<div dir="ltr" >Scale does not yet have a tool to perform a health-check on a key server, or an independent mechanism to retrieve keys.</div>
<div dir="ltr" > </div>
<div dir="ltr" >One can use a command such as 'mmkeyserv key show' to retrieve the list of keys from a given SKLM server (and use that to determine whether the key server is responsive), but being able to retrieve a list of keys does not necessarily mean being able to retrieve the actual keys, as the latter goes through the KMIP port/protocol, and the former uses the REST port/API:</div>
<div dir="ltr" > </div>
<div dir="ltr" ><tt><font size="3" face="" ># mmkeyserv key show --server 192.168.105.146 --server-pwd /tmp/configKeyServ_pid11403914_keyServPass --tenant sklm3Tenant</font></tt><br><tt><font size="3" face="" >KEY-ad4f3a9-01397ebf-601b-41fb-89bf-6c4ac333290b</font></tt><br><tt><font size="3" face="" >KEY-ad4f3a9-019465da-edc8-49d4-b183-80ae89635cbc</font></tt><br><tt><font size="3" face="" >KEY-ad4f3a9-0509893d-cf2a-40d3-8f79-67a444ff14d5</font></tt><br><tt><font size="3" face="" >KEY-ad4f3a9-08d514af-ebb2-4d72-aa5c-8df46fe4c282</font></tt><br><tt><font size="3" face="" >KEY-ad4f3a9-0d3487cb-a674-44ab-a7d0-1f68e86e2fc9</font></tt></div>
<div dir="ltr" ><tt><font size="3" face="" >[...]</font></tt></div>
<div dir="ltr" > </div>
<div dir="ltr" >Having a tool that can retrieve keys independently from mmfsd would be useful capability to have. Could you submit an RFE to request such function?</div>
<div dir="ltr" > </div>
<div dir="ltr" >Thanks,</div>
<div dir="ltr" > </div>
<div dir="ltr" > Felipe</div>
<div dir="ltr" > </div>
<div dir="ltr" >----<br>Felipe Knop knop@us.ibm.com<br>GPFS Development and Security<br>IBM Systems<br>IBM Building 008<br>2455 South Rd, Poughkeepsie, NY 12601<br>(845) 433-9314 T/L 293-9314<br> </div>
<div dir="ltr" > </div>
<div dir="ltr" > </div>
<blockquote data-history-content-modified="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: "Oesterlin, Robert" <Robert.Oesterlin@nuance.com><br>Sent by: gpfsug-discuss-bounces@spectrumscale.org<br>To: gpfsug main discussion list <gpfsug-discuss@spectrumscale.org><br>Cc:<br>Subject: [EXTERNAL] [gpfsug-discuss] Encryption - checking key server health (SKLM)<br>Date: Wed, Feb 19, 2020 11:35 AM<br> <br><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=utf8" >-->
<div><p style="margin: 0px;" ><span style="font-size:11.0pt" >I’m looking for a way to check the status/health of the encryption key servers from the client side - detecting if the key server is unavailable or can’t serve a key. I ran into a situation recently where the server was answering HTTP requests on the port but wasn’t returning they key. I can’t seem to find a way to check if the server will actually return a key.<o:p></o:p></span></p>
<p style="margin: 0px;" ><span style="font-size:11.0pt" ><o:p> </o:p></span></p>
<p style="margin: 0px;" ><span style="font-size:11.0pt" >Any ideas?<o:p></o:p></span></p>
<p style="margin: 0px;" ><span style="font-size:11.0pt" ><o:p> </o:p></span></p>
<p style="margin: 0px;" ><span style="font-size:11.0pt" ><o:p> </o:p></span></p>
<p style="margin: 0px;" >Bob Oesterlin<o:p></o:p></p>
<p style="margin: 0px;" >Sr Principal Storage Engineer, Nuance<o:p></o:p></p>
<p style="margin: 0px;" ><o:p> </o:p></p></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" >_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a> </font></div></blockquote>
<div dir="ltr" > </div></div></div><BR>