Description
Allows you to set the encryption level for a specified storage group on the QoreStor. You turn encryption on or off by using the --set ON or --set OFF command options. The --mode option sets the mode of key lifecycle management as one of the following:
- static—A global, fixed key is used to encrypt all data.
- internal—Content encryption keys are generated and rotated on a specified period of days.
If you select Internal as the mode of key management, you need to set the --interval option, which specifies the number of days for key rotation when a new key is to be generated.
|
NOTE: In Internal mode there is a maximum limit of 1023 keys. The key rotation period is set to 30 days by default when the passphrase is set and/or encryption is turned on. You can later change the key rotation period from 7 days to 70 years for internal mode. |
|
NOTE: After encryption is enabled, all of the data that is backed up is encrypted and is kept encrypted until it is expired and cleaned by the system cleaner. Note that encryption is an irreversible process. |
|
NOTE: Due to export regulations, the encryption at rest feature is not available in certain markets, and, therefore, may not be available in your locale. |
Syntax
storage_group --encryption --name <name> [--set <ON | OFF>] [--mode < static | internal >] [--interval <7 days to 70 years>]
Where
--name Name of the storage group. Valid values are [a-z,A-Z,0-9,'-' and '_'] and maximum of 32 characters.
--set Valid values are On and Off.
--mode Valid values are static and internal.
--interval Valid values are between 7 days to 70 years (in days)
Result
Storage Group "StorageGroup_1" updated successfully.
Description
Deletes the specified storage group from the QoreStor.
|
NOTE: Before a storage group can be deleted, all of the containers inside the storage group must first be deleted. |
Syntax
storage_group --delete --name <name>
Where
--name Name of storage_group.
Result
Storage Group "StorageGroup_1" has been deleted.
Description
Sets the passphrase for the specified storage group to be used to encrypt content encryption keys. (The passphrase string can take up to 255 characters. And, alphanumeric and special characters can be entered as part of the passphrase string.) This command will prompt you to enter and confirm a passphrase. This command also requires a filesystem server restart.
|
NOTE: It is mandatory to define a passphrase to enable encryption for a storage group. If the passphrase is compromised or lost, the administrator should change it immediately so that the content encryption keys do not become vulnerable. |
Syntax
storage_group --setpassphrase --name <name>
Where
--name Storage group name
Result
Storage Group "StorageGroup_1" updated successfully.
Passphrase updated successfully.
Description
Displays the list of all storage_group-related options that can be used as a reference when using the QoreStor CLI.
Syntax
storage_group --help
Result
Usage:
storage_group --show [--name <name>]
[--verbose]
storage_group --add --name <name>
[--compression_mode <fast|best>]
[--quota <Quota value in GiB or TiB>]
storage_group --update --name <name>
--compression_mode <fast|best>
[--quota <Quota value in GiB or TiB>]
storage_group --encryption --name <name>
[--set <ON | OFF>]
[--mode < static | internal >]
[--interval <7 days to 70 years>]
storage_group --delete --name <name>
storage_group --setpassphrase --name <name>
storage_group --help
storage_group <command> <command-arguments>
<command> can be one of:
--show Displays the current list of storage_group.
--add Adds a new storage_group.
--update updates a storage_group.
--encryption updates encryption settings of a storage_group.
--delete Deletes an existing storage_group.
--setpassphrase sets passphrase to a storage_group.
For command-specific help, please type storage_group --help <command>
eg:
storage_group --help show