Manage passwords for virtual images

Using the password tool in IBM Service Delivery Manager

Thanks to a new tool available for IBM® Service Delivery Manager (see Download) password management for virtual images is now significantly easier. This article details the procedures for using the tool to change passwords in the IBM Tivoli® Monitoring, NFS server, Tivoli Service Automation Manager, and Tivoli Usage and Accounting Manager virtual images.

Share:

Szymon Czachor (Szymon.Czachor@pl.ibm.com), Software Engineer, IBM

Szymon Czachor is a software engineer at the IBM software lab in Krakow, Poland.



Andrzej Wieczorek (Andrzej.Wieczorek@pl.ibm.com), Software Engineer, IBM

Andrzej Wieczorek is a software engineer at the IBM software lab in Krakow, Poland.



15 October 2012

Also available in Chinese Japanese

IBM Service Delivery Manager is a preintegrated software stack, deployed as a set of virtual images that automate IT service deployment and provide resource monitoring and cost management in a cloud. Each component of the stack — IBM Tivoli Monitoring, NFS server, Tivoli Service Automation Manager, and Tivoli Usage and Accounting Manager — has its own user management system. IBM Service Delivery Manager has delivered a tool that helps you manage passwords efficiently for each component. This tip describes how to apply the new functionality.

Installation

The password tool is delivered in four RPM files, one for each image, available (along with associated shell scripts and other required files) for download with this article:

  • ITM-ISDM-SLES10-1.1-0extension.noarch.rpm
  • NFS-ISDM-SLES10-1.1-0extension.noarch.rpm
  • TIVSAM-ISDM-SLES10-1.1-0extension.noarch.rpm
  • TUAM-ISDM-SLES10-1.1-0extension.noarch.rpm

Install the relevant package on each image with the following commands:

  • On the IBM Tivoli Monitoring image:
    rpm -i --replacefiles ITM-ISDM-SLES10-1.1-0extension.noarch.rpm
  • On the NFS server image:
    rpm -i --replacefiles NFS-ISDM-SLES10-1.1-0extension.noarch.rpm
  • On the Tivoli Service Automation Manager image:
    rpm -i --replacefiles TIVSAM-ISDM-SLES10-1.1-0extension.noarch.rpm
  • On the Tivoli Usage and Accounting Manager image:
    rpm -i --replacefiles TUAM-ISDM-SLES10-1.1-0extension.noarch.rpm

Changing passwords for IBM Tivoli Monitoring

To change passwords for Tivoli Monitoring, run a shell script with appropriate parameters. By running the script, you trigger actions such as stopping, starting, configuring servers and agents, changing passwords in the required locations, and performing verification tasks. For most of the users, running the script performs all the necessary actions. For db2inst1 and sysadmin, you must perform some additional manual steps after running the script.

Tip: To see help messages, run the chpwd-itm.sh -h command. To display the tool version, run the chpwd-itm.sh -v command.

To change the passwords:

  1. Back up the Tivoli Monitoring image.
  2. Log on to ITM_image as root.
  3. Run the script for changing passwords for ITM_image using the appropriate parameters and syntax (as detailed below) for your environment.

To change the password for dasusr1, db2fenc1, db2inst1, sysadmin, or root, run the script with the following parameters, where user is the username for which you want to change the password, and new password is the new password for that user:

chpwd-itm.sh -u user -p new password

For example:

chpwd-itm.sh -u db2fenc1 -p think5me

To change a password for virtuser, first make sure that Tivoli Common Reporting is started. Then run the script with the following parameters, where password is the current password for virtuser, and new password is the new password for virtuser:

chpwd-itm.sh -u virtuser -w password -p new password

For example:

chpwd-itm.sh -u virtuser -w think4me -p think5me

If your policy is to store credentials in configuration files, change passwords in the applicable file using this syntax:

user=user 
password=new password 
virtuserPassword=current virtuser password

After you change the passwords in the configuration file, run the script with the following parameters, where configuration file is the name of the file where the credentials are stored:

chpwd-itm.sh -c configuration file

Important: If you change the db2inst1 password, you must manually change the configuration of the Tivoli Common Reporting data source. Additionally, if you have the warehouse database configured, you must reconfigure the Summarization and Pruning agent and the Warehouse Proxy agent. If you change the sysadmin password, you must additionally update the password on the Tivoli Service Automation Manager image.

Changing the db2inst1 password for Tivoli Common Reporting

After running the script to change the db2inst1 password, you must perform some additional manual steps to configure the Tivoli Common Reporting data source.

  1. Log on to the Tivoli Common Reporting user interface as virtuser.
  2. Select Reporting > Common Reporting.
  3. In the upper-right corner, click Launch > IBM Cognos Administration.
  4. Select the Configuration tab.
  5. Click TDW > More... > View signons > More... > Set properties.
  6. Select the Signon tab and click Edit the signon....
  7. Enter and confirm the new password for db2inst1 and click OK.
  8. Click OK.

Changing the db2inst1 password for warehouse-related agents

If you have the warehouse database configured, after running the script to change the db2inst1 password, you must reconfigure the Summarization and Pruning agent and the Warehouse Proxy agent.

  1. Log on to ITM_image as virtuser.
  2. Type /opt/IBM/ITM/bin/CandleManage.
  3. Change the password for the Summarization and Pruning agent:
    1. Right-click Summarization and Pruning Agent and select Configure.
    2. Go to the Agent Parameters tab.
    3. Select the Sources tab.
    4. In the Warehouse Password field, enter the new password. Note: If any other credentials for accessing the database changed, you must update them. For more information, see "Configuring the Summarization and Pruning agent" in the IBM Service Delivery Manager User's Guide.
    5. To verify that the specified data is correct, click Test database connection.
    6. Click Save.
  4. Change the password for the Warehouse Proxy agent:
    1. Right-click Warehouse Proxy and select Configure.
    2. Go to the Agent Parameters tab.
    3. In the Warehouse Password field, enter the new password. Note: If any other credentials for accessing database changed, you must update them. For more information, see "Configuring the Warehouse Proxy agent" in the IBM Service Delivery Manager User's Guide.
    4. To verify that the specified data is correct, click Test database connection.
    5. Click Save.

Additional agents

If you have any other IBM Tivoli Monitoring agents installed, make sure that you update the passwords for all of them.

Updating the sysadmin password on the TIVSAM_image

After running a script to change the sysadmin password on the ITM_image, you must run one more script on the Tivoli Service Automation Manager image.

  1. Log on to the TIVSAM_image as the root user.
  2. Run the script with the following command, where new password is the new password you specified for sysadmin:
    chpwd-tivsam.sh -u sysadmin -p new password

Changing passwords for NFS_image

To change passwords for NFS_image, use a shell script with appropriate parameters. For the Administrator user, you must perform some additional manual steps after running the script.

Tip: To see help messages, run the chpwd-nfs.sh -h command. To display the tool version, run the chpwd-nfs.sh -v command.

  1. Back up the NFS server image
  2. Log on to NFS_image as root.
  3. Run the script for changing passwords for NFS_image using the appropriate parameters and syntax (as detailed below) for your environment.

If you do not store credentials in configuration files, run the script with the following parameters, where user is virtuser, root, or Administrator, and new password is the new password for that user:

chpwd-nfs.sh -u user -p new password

For example:

chpwd-nfs.sh -u virtuser -p think5me

If your policy is to store credentials in configuration files, change passwords in the applicable file using this syntax:

user=user
password=new password

After you change passwords in the configuration file, run the script with the following parameters, where configuration file is the name of the file where the credentials are stored:

chpwd-nfs.sh -c configuration file

Important: If you change the Administrator password, you must additionally update the Samba password on the Tivoli Service Automation Manager image.

Updating the Samba user password on the Tivoli Service Automation Manager image

After running a script to change the Administrator password on the NFS_image, you must run one more script on the Tivoli Service Automation Manager image.

  1. Log on to TIVSAM_image as root.
  2. Run the script with the following command, where new password is the new password you specified for Administrator:
    chpwd-tivsam.sh -u Administrator -p new password

Changing passwords for Tivoli Usage and Accounting Manager

To change passwords for TUAM_image, run a shell script with appropriate parameters. By running the script, you trigger actions such as stopping, starting, configuring servers and agents, changing passwords in the required locations, and performing verification tasks.

Tip: To see help messages, run the chpwd-tuam.sh -h command. To display the tool version, run the chpwd-tuam.sh -v command.

  1. Back up the Tivoli Usage and Accounting Manager image.
  2. Log on to TUAM_image as root.
  3. Run the script for changing passwords for TUAM_image using the appropriate parameters and syntax (as detailed below) for your environment.

To change a password for dasusr1, db2fenc1, db2inst1, and root, run the script with the following parameters, where user is the user name for which you want to change the password, and new password is the new password for this user:

chpwd-tuam.sh -u user -p new password

For example:

chpwd-tuam.sh -u db2fenc1 -p think5me

To change a password for virtuser, ensure that Tivoli Common Reporting is started, then run the script with the following parameters, where password is the current password for virtuser, and new password is the new password for virtuser:

chpwd-tuam.sh -u virtuser -w password -p new password

For example:

chpwd-tuam.sh -u virtuser -w think4me -p think5me

If your policy is to store credentials in configuration files, change passwords in the applicable file using this syntax:

user=user
password=new password
virtuserPassword=current virtuser password

After you change passwords in the configuration file, run the script with the following parameters, where configuration file is the name of the file where the credentials are stored:

chpwd-tuam.sh -c configuration file

Changing passwords for Tivoli Service Automation Manager

Tip: To see help messages, run the chpwd-tivsam.sh -h command. To display the tool version, run the chpwd-tivsam.sh -v command.

To change most of the passwords for Tivoli Service Automation Manager, run a shell script with appropriate parameters. By running an applicable script, you trigger actions such as stopping, starting, configuring servers and agents, changing passwords in the required locations, and performing verification tasks. For the cloud administrator (PMRDPCAUSR) only, you must follow a manual procedure within the Tivoli Service Automation Manager self-service user interface.

Changing passwords for the Tivoli Service Automation Manager default users

  1. Back up the Tivoli Service Automation Manager image
  2. Log on to TIVSAM_image as root.
  3. Run the script for changing passwords for TIVSAM_image using the appropriate parameters and syntax (as detailed below) for your environment.

To change the password for ctginst1, dasusr1, db2fenc1, virtuser, tioadmin, root, sysadmin, or Administrator, run the script with the following parameters, where user is the user name for which you want to change the password, and new password is the new password for that user:

chpwd-tivsam.sh -u user -p new password

For example:

chpwd-tivsam.sh -u db2fenc1 -p think5me

To change the password for wasadmin, idsccmdb, maxadmin, or maximo, run the script with the following parameters, where user is the user name for which you want to change the password, wasadmin password is the current password used by wasadmin user, cn=root password is the current password used by LDAP root administrator, and new password is the new password to be used by the user for whom the password is changed:

chpwd-tivsam.sh -u user -w wasadmin password -l cn=root password -p new password

For example:

chpwd-tivsam.sh -u idsccmdb -w pass123 -l pass4you -p think5me

If your policy is to store your credentials in configuration files, change passwords in the applicable file using this syntax:

user=user
password=new password
wasPassword=current wasadmin password 
ldapPassword=current ldap cn=root password

After you change passwords in the configuration file, run the script with the following parameters, where configuration file is the name of the file where the credentials are stored:

chpwd-tivsam.sh -c configuration file

Changing the cloud administrator (PMRDPCAUSR) password

Change the password for the cloud administrator within the self-service user interface, which all users of the cloud computing center can access at https://NFS_image/SimpleSRM.

  1. Log on to the self-service user interface with the following credentials:
    • User ID: PMRDPCAUSR
    • Password: maxadmin
  2. Select Request a New Service > Virtual Server Management > Manage Users and Teams > Modify User.
  3. From the drop-down list, select the PMRDPCAUSR user and click OK.
  4. Specify the new password in the Password and Confirm Password fields and click OK.
  5. Log out of the Tivoli Service Automation Manager user interface, then log on again as PMRDPCAUSR and enter the new password.

Appendix: Configuring warehouse-related agents

Warehouse-related agents run only if the warehouse database is configured. Verify and specify values and parameters for Performance Analytics for IBM Tivoli Enterprise Portal (TEP), Summarization and Pruning agent, and Warehouse Proxy agent so that the settings are proper for your environment.

Configuring Performance Analytics for TEP

IBM Tivoli Performance Analytics for Tivoli Enterprise Portal helps you manage the performance and availability of your operating system and applications. Configure this agent so that it better meets your needs.

  1. Log on to ITM_image as virtuser.
  2. Type /opt/IBM/ITM/bin/CandleManage.
  3. Right-click Performance Analytics for TEP and select Configure.
  4. In the Agent Configuration panel, edit the credentials for accessing the database.
  5. Click OK.
  6. Restart the agent as virtuser.

Configuring the Summarization and Pruning agent

The Summarization and Pruning agent defines how long the data must be collected (pruning) and how often the historical data is aggregated (summarization) in the warehouse database. It is a Java application that uses multiple independent threads. Specify parameters and log settings so that you can fully use this agent's capabilities.

Read more about the Summarization and Pruning agent.

  1. Log on to ITM_image as virtuser.
  2. Type /opt/IBM/ITM/bin/CandleManage.
  3. Right-click Summarization and Pruning Agent and select Configure.
  4. Click the Agent Parameters tab.
  5. In the Sources tab, edit the credentials for accessing the database. Note: Verify that TEP Server Host and TEP Server Port point to the system on which Tivoli Enterprise Portal Server is running.
  6. In the Scheduling tab, specify the timeframes for running the agent.
  7. In the Additional parameters tab, specify summarization parameters.
  8. In the Work Days tab, specify shift hours and vacation days for running the agent.
  9. In the Log Parameters tab, specify the times for keeping log data.
  10. Click Save.
  11. Restart the agent as virtuser.

Configuring the Warehouse Proxy agent

The Warehouse Proxy Agent is a special server process that writes long-term historical data to the Tivoli Data Warehouse. This long-term data is based on historical data that monitoring agents and servers send periodically. To better use this agent's monitoring capabilities, configure it according to your needs.

  1. Log on to ITM_image as virtuser.
  2. Type /opt/IBM/ITM/bin/CandleManage.
  3. Right-click the Warehouse Proxy agent and select Configure.
  4. Select the Agent Parameters tab.
  5. Edit the credentials for accessing the database.
  6. To verify that the specified data is correct, click Test database connection.
  7. Click Save.
  8. Restart the agent as virtuser.

Conclusion

Prior to the availability of the password tool, changing IBM Service Delivery Manager passwords was a complex procedure (see Resources). Now, rather than performing separate steps to start, stop, and configure servers and agents, change passwords in various locations, and perform verification tasks, these steps are unified for you in a shell script available for each image.


Download

DescriptionNameSize
Password tool RPM files and shell scriptsSLES10.zip68KB

Resources

Learn

Get products and technologies

Discuss

  • Get involved in the developerWorks community. Connect with other developerWorks users while exploring the developer-driven blogs, forums, groups, and wikis.

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into Cloud computing on developerWorks


  • Bluemix Developers Community

    Get samples, articles, product docs, and community resources to help build, deploy, and manage your cloud apps.

  • developerWorks Labs

    Experiment with new directions in software development.

  • DevOps Services

    Software development in the cloud. Register today to create a project.

  • Try SoftLayer Cloud

    Deploy public cloud instances in as few as 5 minutes. Try the SoftLayer public cloud instance for one month.

static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Cloud computing, Tivoli
ArticleID=840556
ArticleTitle=Manage passwords for virtual images
publish-date=10152012