Password migration of Managed services

Before you begin

• If you are planning to change the mariadb password, back up the mariadb as well.

• Download passwordMigration.sh from GitHub repository.

About the task

If you want to move to a different encryption password or change your bundled MongoDB password or mariadb password, use the passwordMigration tool. To change the encryption password, you reencrypt encrypted data in the database with the new encryption password.

Procedure

Run the following script:

./passwordMigration.sh [ -e ] [ -d ] [ -m ] [ -s ] [ -n ] [ -r ] [ -c ]

Flags to run the password migration: Usage:

• -e = new encryption password for Managed services. The flag changes the encryption password. Back up your MongoDB before using this).
• -d = new MongoDB password for Managed services. The flag changes the bundled MongoDB password. Back up your MongoDB before using this flag. It applies only for bundled MongoDB.
• -m = new mariadb password. This flag changes the bundled mariadb password. Back up your mariadb before using this flag. It applies only for bundled mariadb.
• -s = name of Managed services secret. The default is cam-secure-values-secret.
• -n = namespace for Managed services. The default is services.
• -r = Helm release name for Cloud Automation Manager
• -c = migration loop count to override the default timeout. The count is 300 by default.

Other flags can be left as default unless you changed values, such as cam secret name or namespace Managed services is installed into.

Here is an example usage to change encryption password, bundled MongoDB password, and bundled mariadb password:

./changePassword.sh -e newencpass -d newmongopass -m newmariapass 2>&1 | tee changePassword.log

When they run the password migration script, it stops Managed services. If Managed services is already running, it restarts Managed services after the script is successful. If password migration fails, you must restore your database(s).