Changing the Cloud Pak administrator access credentials
You can update the administrator username and password.
Note: cpadmin
is the default admin user name.
Before you begin
-
Install the OpenShift client.
-
Ensure that you must have
administrator
access to update the administrator username and password.
Supported languages
You can change the default administrator username cpadmin
to a custom username. The username can be in the following languages:
Language | Language code |
---|---|
Brazilian Portuguese | pt_br |
English | en |
French | fr |
German | de |
Italian | it |
Japanese | ja |
Korean | ko |
Chinese Simplified | zh_CN |
Chinese Traditional | zh_TW |
Spanish | es |
Changing the administrator username
Complete the following steps to rename a default admin user in Platform UI:
-
Review the current admin and password.
oc -n <your-foundational-services-namespace> get secret platform-auth-idp-credentials -o yaml | grep admin |xargs -l bash -c 'echo -n "$0 " ; echo "$1" | base64 -d && echo'
The sample output:
admin_password: IRXkjnsZg8nUUK8S2BBVFJeIOW0wVrhD admin_username: cpadmin
-
Get the access token. For more information, see Preparing to run API commands.
-
Run the following CURL command to update default admin username:
curl -X PUT 'https://cp-console.apps.mycluster.mydomain.fyre.ibm.com/idmgmt/identity/api/v1/users/defaultAdmin' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header "Authorization: Bearer $ACCESS_TOKEN" \ -d "{\"username\": \"${new_admin_username}\"}" \ --insecure
-
Restart the
platform-identity-provider
andplatform-auth-service
pods by deleting them.-
Get the
platform-identity-provider
pod name andplatform-auth-service
pod name .oc get pods -n <your-foundational-services-namespace> | grep platform-identity-provider
oc get pods -n <your-foundational-services-namespace> | grep platform-auth-service
-
Delete the
platform-identity-provider
pod andplatform-auth-service
pod.oc delete pod <platform-identity-management-pod-name> -n <your-foundational-services-namespace>
oc delete pod <platform-auth-service-pod-name> -n <your-foundational-services-namespace>
-
-
After the pods restart, login to
cp-console
to test whether the default username has changed.oc get routes -n <your-foundational-services-namespace> |grep -i cp-console
Changing the administrator password
The administrator password is stored in a Kubernetes Secret.
Complete the following steps to change the administrator password in Platform UI:
-
Review the current admin and password.
oc -n <your-foundational-services-namespace> get secret platform-auth-idp-credentials -o yaml | grep admin |xargs -l bash -c 'echo -n "$0 " ; echo "$1" | base64 -d && echo'
The sample output:
admin_password: IRXkjnsZg8nUUK8S2BBVFJeIOW0wVrhD admin_username: admin
-
Update the
admin_password
field in theplatform-auth-idp-credentials
secret with the new password.-
In the namespace where foundational services is installed, edit the
platform-auth-idp-credentials
secret:oc edit secret platform-auth-idp-credentials -n "${SERVICES_NAMESPACE}"
Where, {SERVICES_NAMESPACE} is the namespace name where foundational services is installed.
- Search for
admin_password
value inplatform-auth-idp-credentials
secret and replace it with the new password. The new password must bebase64-encoded
password.
- Search for
-
-
Restart the
platform-auth-service
,platform-identity-provider
,platform-identity-management
, andusermgmt
pods by deleting them.-
Delete the
platform-auth-service
pod.-
Get the
platform-auth-service
pod name.oc get pods -n <your-foundational-services-namespace> | grep platform-auth-service
-
Delete the
platform-auth-service
pod.oc delete pod <platform-auth-service-pod-name> -n <your-foundational-services-namespace>
-
-
Delete the
platform-identity-provider
pod.-
Get the
platform-identity-provider
pod name.oc get pods -n <your-foundational-services-namespace> | grep platform-identity-provider
-
Delete the
platform-identity-provider
pod.oc delete pod <platform-identity-provider-pod-name> -n <your-foundational-services-namespace>
-
-
Delete the
platform-identity-management
pod.-
Get the
platform-identity-management
pod name.oc get pods -n <your-foundational-services-namespace> | grep platform-identity-management
-
Delete the
platform-identity-management
pod.oc delete pod <platform-identity-management-pod-name> -n <your-foundational-services-namespace>
-
-
Delete the
usermgmt
pod.-
Get the
usermgmt
pod name.oc get pods -n <your-foundational-services-namespace> | grep usermgmt-<pod name>
-
Delete the
usermgmt
pod.oc delete pod <usermgmt-pod-name> -n <your-foundational-services-namespace>
-
-
After the pod restart, login to cp-console
to test whether the password has changed.
oc get routes -n <your-foundational-services-namespace> |grep -i cp-console
The password must follow the defined password rules.
Password rules
Password rules are optional, regular expressions (regex) that are used to set and validate managed password values within a namespace. The update-secret
command checks password rules before changing the values in the secret. It validates
if rules exist on the namespace that the secret is in, and that the secret data element name change contains pass
or pwd
in any case combination.
Note: You can use the following regex expressions from the command line. Ensure that you wrap the expressions in single quotation marks:
Rule | Regex |
---|---|
Min length 10 | ^.{10,} |
Max length 10 | ^.{0,10}$ |
Length range | ^.{10,20}$ |
Require lower | .*[a-z].* |
Require upper | .*[A-Z].* |
Require num | .*[0-9].* |
Require spec | .*[!@#\$%\^&\*].* |