Symptoms
vCMP guests (ALL Guests) fail to load after reboot of hypervisor when the host master-key is changed and then the guests' master-keys are changed before first rebooting the hypervisor.
Impact
Deployed guests cannot decrypt their configurations and so are inoperative.
Conditions
-- Issue the following command on vCMP Host hypervisor system:
$ tmsh modify sys crypto master-key prompt-for-password
-- Issue the following command on guests deployed on this hypervisor, before rebooting the hypervisor:
$ tmsh modify sys crypto master-key prompt-for-password
Workaround
In order to change the host master-key without causing service interruption to deployed vCMP guests (except for the necessary reboot):
1. On the host and with guests deployed, issue the following command:
$ tmsh modify /sys crypto master-key prompt-for-password
2. After this interactive command completes, again on the host issue the following command:
$ tmsh save sys config && tmsh reboot
3. Wait for the host and guests to come back up, then issue the following command on each guest:
$ tmsh modify /sys crypto master-key prompt-for-password
