Initalize data-at-rest encryption
Data-at-rest encryption can only be performed during a fresh installation or after a factory reset.
To initialize data-at-rest encryption as part of a factory reset, you must execute the init
command with --encrypt-data-disks
. See the steps below.
To initialize data-at-rest encryption as part of a factory reset:
- Access the Security Event Manager Controller, and run the following command:
fazbdctl reset cluster [--all-settings|--all-except-ip|--all-except-ssh|--all-except-ip-ssh]
The Security Event Manager Controller reboots after a few minutes.
- After the Security Event Manager Controller reboots, re-connect to it and run the following command to verify that all members are detected and that the version is up-to-date:
fazbdctl show members
- After verifying that all the members have a Joined state and status is not failed, run the following command:
fazbdctl init cluster --encrypt-data-disks
-
Follow the prompt to set a passphrase. Record the passphrase in a secure place and follow the remaining reset steps to complete initializing the cluster.