[gpfsug-discuss] Encryption key lifetime and cache questions

[Wahl, Edward]

This was sitting in my drafts folder for years now, and I long since solved #3, the answer is yes, and then use  '/usr/lpp/mmfs/bin/tsloadikm run' to reload.

Figured I'd still send it as I never did find hard numbers.



I’ve got a few questions that pop up from time to time and I’m curious if anyone here can help answer them:



-how long does a cached encryption key last on a client?



-is it possible on the SKLM or Scale side to tune this?



-is it possible to clear the key without shutting down Spectrum Scale?

    will "tsctl encKeyCachePurge all" work?



I have some ideas about the answer to the first one based on log messages when an SKLM server is down.

We know that if say, several thousand clients are using Scale and the primary SKLM server goes down, it takes a little while for all the nodes to blacklist it the first time so there is a measurable lifetime. I just can't find it in the docs for either.



Ed Wahl

Ohio Supercomputer Center
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20250924/6d747c07/attachment.htm>