When you recover API Connect V10.0.x, you must manually update the
values for the Management OIDC credentials (client_ID
and
client_secret
) in the Common Services User Registry.
Before you begin
This task is required for all of the 10.0.x releases up to, and including, version 10.0.2 (skip
this task for version 10.0.3 and later). The procedure requires you to log in to the Cloud Manager
on the new API Connect deployment. Use the Cloud Manager administrator username and password that
you saved while preparing for disaster recovery.
About this task
When you deploy API Connect, the OIDC client_ID
and
client_secret
resources are automatically generated and added to the Common
Services User Registry. These resources enable single sign-on with the IBM Cloud Pak platform. When
you reinstall API Connect as part of disaster recovery, the original versions of those resources are
retained but cannot be used. You must update the Common Services User Registry and replace the
original values with the values from the new deployment.
Procedure
-
Retrieve the
client_ID
and client_secret
from the stored
secret in API Connect.
-
Run the following command to retrieve the
client_ID
:
oc -n <APIC_namespace> get secret <instance_name>-oidc-client -o jsonpath="{.data.CLIENT_ID}" | base64 -D
-
Run the following command to retrieve the
client_secret
:
oc -n <APIC_namespace> get secret <instance_name>-oidc-client -o jsonpath="{.data.CLIENT_SECRET}" | base64 -D
-
Update the Common Services User Registry with the new values.
Using the Cloud Manager UI:
-
In API Connect, open the Cloud Manager interface.
-
Select the Cloud Manager User Registry.
You will use the Cloud Manager User Registry to modify settings for the Common Service User
Registry.
-
Log in to the Cloud Manager User Registry using the administrator username and password that
you saved while preparing for disaster recovery.
-
In Cloud Manager, click and edit Common Services User Registry.
-
In the Client information section, paste the
client_ID
value from step 1 into
the Client ID field.
-
Paste the
client_secret
value from step 1 into the Client
secret field.
-
Save your changes.
-
Run the following command to determine the
<mgmt_endpoint_URL>
that you will use for accessing the
management server:
oc -n <APIC_namespace> get mgmt <instance_name> -o jsonpath="{.status.zenRoute}" && echo ""
-
Log in to the management server:
- Run the following command to start the login
process:
apic login --server <mgmt_endpoint_URL>
- Provide your login credentials:
-
Run the following command to download the Common Service User Registry as a YAML file:
apic user-registries:get common-services --server <mgmt_endpoint_URL> -o admin --fields name,configuration
-
Edit the file and update the
client_ID
and client_secret
settings with the values you obtained in step 1.
-
Save and close the file.
-
Run the following command to upload the modified file to Cloud Manager:
apic user-registries:update common-services --server <mgmt_endpoint_URL> -o admin common-services.yaml