This section explains the procedure to install the Thales Luna software bundle onto the Avi Load Balancer Controller.

To enable support for Thales Luna Network HSM, the downloaded Thales Luna client software bundle must be uploaded to the Avi Load Balancer Controller. It must be named safenet.tar and can be prepared as follows:

• Copy files from the downloaded software into any given directory, for instance, safenet_pkg.

• Change directory (cd) to that directory, and enter the cp commands as follows:

  • Extract the tar file using tar -xzf 610-000397-003_SW_Linux_Luna_Client_V7.3.0_RevA.tar.

    Note:

    This example uses HSM version 7.3.3.

    cp LunaClient_7.3.0-165_Linux/64/configurator-7.3.0-165.x86_64.rpm configurator-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/libcryptoki-7.3.0-165.x86_64.rpm libcryptoki-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/vtl-7.3.0-165.x86_64.rpm vtl-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/lunacmu-7.3.0-165.x86_64.rpm lunacmu-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/cklog-7.3.0-165.x86_64.rpm cklog-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/multitoken-7.3.0-165.x86_64.rpm multitoken-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/ckdemo-7.3.0-165.x86_64.rpm ckdemo-7.3.0-165.x86_64.rpm
    cp LunaClient_7.3.0-165_Linux/64/lunacm-7.3.0-165.x86_64.rpm lunacm-7.3.0-165.x86_64.rpm
    tar -cvf safenet.tar configurator-7.3.0-165.x86_64.rpm libcryptoki-7.3.0-165.x86_64.rpm vtl-7.3.0-165.x86_64.rpm lunacmu-7.3.0-165.x86_64.rpm cklog-7.3.0-165.x86_64.rpm multitoken-7.3.0-165.x86_64.rpm ckdemo-7.3.0-165.x86_64.rpm lunacm-7.3.0-165.x86_64.rpm

• HSM package can be uploaded in the web interface at Administration > Settings > Upload HSM Packages.

• HSM package upload is also supported through the CLI. You can use the following command in the Avi Load Balancer Controller CLI shell to upload the HSM package:

  upload hsmpackage filename /tmp/safenet_pkg/safenet.tar

This command uploads the packages and installs them on the Avi Load Balancer Controller or Avi Load Balancer Controller,if clustered. If the Controller is deployed as a three-node cluster, the command installs the packages on all three nodes. Upon completion of the above command, the system displays HSM Package uploaded successfully message.

• Avi Load Balancer Service Engines in an SE group referring to an HSM group need a one-time reboot for auto-installation of the HSM packages. To reboot Avi Load Balancer SE, issue the following CLI shell command:

  reboot serviceengine Avi-se-ksueq

• To allow Avi Load Balancer Controllers to talk to Thales Luna HSM, the Thales Luna client software bundle distributed with the product must be uploaded to Avi Load Balancer. The software bundle preparation and upload is described above. In this example, note that the Avi Load Balancer SE name is Avi-se-ksueq.