Cohesity DataPlatform CLI
You may also configure Entrust KeyControl KMS using the Cohesity DataPlatform CLI. Here are some examples of CLI commands that can be used to configure the KMS.
Log in to the Cohesity server
% iris_cli -server xx.xxx.xxx.xxx -username=admin -password=xxxxxx
Cohesity Command Line Interface.
Version: 1.0
This command line tool helps to run any cluster management operations.
admin@xx.xxx.xxx.xxx>Create a KMIP KMS
admin@xx.xxx.xxx.xxx> kms create-kmip
DESCRIPTION
Create a new kmip KMS.
PARAMS
ca-certificate-path [string] required File path to ca-certificate.
client-certificate [string] required File path to client-certificate.
client-key [string] required File path to client-key.
ip [string] required IP address of the KMS.
kmip-protocol-version [string] required kmip-protocol-version
name [string] optional Name of the KMS.
port [int] required KMS Port. Default KMIP port is 5696.List current KMS settings
admin@xx.xxx.xxx.xxx> kms list
KMS ID : 0
KMS TYPE : kInternalKMS
KMS NAME : Internal KMS
KMS CONNECTION STATUS : false
KMS ID : 5287
KMS TYPE : kCryptsoftKMS
KMS NAME : KeyControl
KMS CONNECTION STATUS : true
KMS IP : xx.xxx.xxx.xxx
KMS PORT : 5696
KMIP PROTOCOL VERSION : KMIP1_2
CLIENT CERTIFICATE EXPIRY DATE: Wednesday, 02-Nov-22 10:13:59 EDTModify Cohesity DataPlatform KMS settings
If you update the Key Management settings after initial configuration, the keychain service must be restarted for the new settings to take effect. This restart is done using the CLI using the following steps.
| For instructions on accessing and general use of the Cohesity CLI, please see the Cohesity CLI section of the Cohesity Virtual Edition Setup Guide. |
admin@xx.xxx.xxx.xxx> cluster restart service-names="keychain"
Success: Restarting the cluster services [keychain] ...
admin@xx.xxx.xxx.xxx> cluster status
CLUSTER ID : 5781262160172702
CLUSTER NAME : cohesitycluster
CLUSTER INCARNATION ID : 1636053457920
SERVICE STATE SYNC : DONE
CLUSTER ACTIVE OPERATION : RESTARTING SERVICES
CLUSTER HEAL STATUS : NORMAL
CLUSTER IP Preference : 1
NODE ID : 2639329736857246
NODE IPS : xx.xxx.xxx.xxx
SOFTWARE VERSION : 6.5.1f_release-20210913_13f6a4bf
ACTIVE OPERATION : kClusterRestart
SERVICE NAME :
alerts : 29301, 29322
apollo : 29378, 29395
athena : 34581, 34610
atom : 34580, 34596
bifrost_broker : 23858, 23865
bridge : 30906, 38313
bridge_proxy : 34731, 34870
eagle_agent : 23790, 41368
gandalf : 60546, 60549
groot : 42065, 42068
iris : 7240, 7262
iris_proxy : 540, 22376
keychain : 17784, 17844
librarian : 25926, 25944
logwatcher : 63390
magneto : 40109, 40165
newscribe : 23755, 23777
nexus : 54968
nexus_proxy : 61200, 61203
patch : 17875, 18107
rtclient : 17874, 17895
smb2_proxy : 17782, 17852
smb_proxy : 17877, 17924
stats : 29337, 29345
statscollector : 63389
storage_proxy : 17873, 18215
tricorder : 23694
vault_proxy : 17876, 17909
yoda : 37198, 37226