Updating RabbitMQ credentials for OpenPages
You can rotate the credentials for the message queue that is used by OpenPages.
Procedure
-
Edit the auth secret generated for the OpenPages instance.
It is created in the same namespace where the instance is provisioned.
oc edit secret openpages-<instance_name>-<instance_id>-rabbitmq-auth-secret
-
Update the keys with the new password.
Key values are base64 encoded.
rabbitmq-password
,rabbitmq-management-password
definitions.json
is a JSON object that is base64 encoded. You decode it, update the user credentials, and encode it again before saving.
Ensure the credentials in the
definitions.json
JSON object match those in therabbitmq-password
andrabbitmq-management-password
fields.The following lines show an example of the auth secret:data: definitions.json: eyd1c2Vycyc6IFt7J25hbWUnOiAnbWFuYWdlbWVudCcsICdwYXNzd29yZCc6ICdiN2JiYTBjMWVmJywgJ3RhZ3MnOiAnbWFuYWdlbWVudCd9LCB7J25hbWUnOiAnYWRtaW4nLCAncGFzc3dvcmQnOiAnYjdiYmEwYzFlZicsICd0YWdzJzogJ2FkbWluaXN0cmF0b3InfV0sICd2aG9zdHMnOiBbeyduYW1lJzogJy8nfV0sICdwZXJtaXNzaW9ucyc6IFt7J3VzZXInOiAnYWRtaW4nLCAndmhvc3QnOiAnLycsICdjb25maWd1cmUnOiAnLionLCAncmVhZCc6ICcuKicsICd3cml0ZSc6ICcuKid9XSwgJ3BhcmFtZXRlcnMnOiBbXSwgJ3BvbGljaWVzJzogW3snbmFtZSc6ICdoYS1hbGwnLCAncGF0dGVybic6ICcuKicsICd2aG9zdCc6ICcvJywgJ2RlZmluaXRpb24nOiB7J2hhLW1vZGUnOiAnYWxsJywgJ2hhLXN5bmMtbW9kZSc6ICdhdXRvbWF0aWMnLCAnaGEtc3luYy1iYXRjaC1zaXplJzogMX19XSwgJ3F1ZXVlcyc6IFtdLCAnZXhjaGFuZ2VzJzogW10sICdiaW5kaW5ncyc6IFtdfQ== rabbitmq-erlang-cookie: ZlFTYlFzSzVUMFNoaG1vVkE3dk0wTnhZdms5eU5wblFWVS8wQUxYMDNVST0= rabbitmq-management-password: YjdiYmEwYzFlZg== rabbitmq-password: YjdiYmEwYzFlZg==
The following line is an example of the decoded
definitions.json
string:{'users': [{'name': 'management', 'password': 'b7bba0c1ef', 'tags': 'management'}, {'name': 'admin', 'password': 'b7bba0c1ef', 'tags': 'administrator'}], 'vhosts': [{'name': '/'}], 'permissions': [{'user': 'admin', 'vhost': '/', 'configure': '.*', 'read': '.*', 'write': '.*'}], 'parameters': [], 'policies': [{'name': 'ha-all', 'pattern': '.*', 'vhost': '/', 'definition': {'ha-mode': 'all', 'ha-sync-mode': 'automatic', 'ha-sync-batch-size': 1}}], 'queues': [], 'exchanges': [], 'bindings': []}
- Restart the RabbitMQ pods.
oc delete po -lrelease=openpages-<instance_name>-<instance_id> -l icpdsupport/app=rabbitmq-server
Tip: If you want a preview of what theoc delete
command will do, you can do a dry run of the command:oc delete po -lrelease=openpages-<instance_name>-<instance_id> -l icpdsupport/app=rabbitmq-server --dry-run='client'
- Add the secret to the internal vault. For more information about adding secrets to the vault, see Adding secrets to the internal vault.