If any of the passwords that are used by
IBM
Netcool Operations Insight® change,
the secrets that use those passwords must be re-created. The pods that use those secrets must be
restarted. Use the following procedure if you need to change any of these passwords.
Procedure
Use this table to help you identify the secrets that use a password, and the pods that
use a secret.
Password |
Corresponding secret |
Dependent pods |
smadmin |
release_name-was-secret |
release_name-webgui-0
release_name-ea-noi-layer-eanoiactionservice
release_name-ea-noi-layer-eanoigateway
release_name-ibm-hdm-common-ui-uiserver
|
impactadmin |
release_name-impact-secret |
release_name-impactgui-0
release_name-nciserver-0
release_name-nciserver-1
release_name-webgui-0
|
icpadmin |
release_name-icpadmin-secret |
None |
IBM®
Tivoli®
Netcool®/OMNIbus
root |
release_name-omni-secret |
release_name-webgui-0
release_name-ea-noi-layer-eanoiactionservice
release_name-ea-noi-layer-eanoigateway
release_name-ibm-hdm-analytics-dev-aggregationnormalizerservice
release_name-ncobackup
release_name-ncoprimary
release_name-nciserver-0
release_name-nciserver-1
|
LDAP administrator |
release_name-ldap-secret |
release_name-openldap-0
release_name-impactgui-0
release_name-nciserver-0
release_name-nciserver-1
release_name-ncobackup
release_name-ncoprimary
release_name-scala
release_name-webgui-0
|
couchdb |
release_name-couchdb-secret Note: Change the default credentials for CouchDB. When you rotate the
CouchDB password, the CouchDB replication must be re-created. For more information, see Replication in the CouchDB documentation.
|
release_name-couchdb
release_name-ibm-hdm-analytics-dev-aggregationcollaterservice
release_name-ibm-hdm-analytics-dev-trainer
|
Internal password for inter-pod communication |
release_name-ibm-hdm-common-ui-session-secret |
release_name-ibm-hdm-common-ui-uiserver
|
Internal password |
release_name-systemauth-secret |
release_name-couchdb
release_name-ibm-hdm-analytics-dev-aggregationcollaterservice
release_name-ibm-hdm-analytics-dev-trainer
|
hdm |
release_name-cassandra-auth-secret Note: When
you change the password for Cassandra, restart more than just the cassandra pod and change the
password inside the Cassandra database.
|
release_name-cassandra
release_name-ibm-ea-asm-mime-eaasmmime
release_name-ibm-ea-mime-classification-eaasmmimecls
release_name-ibm-hdm-analytics-dev-archivingservice
release_name-ibm-hdm-analytics-dev-eventsqueryservice
release_name-ibm-hdm-analytics-dev-policyregistryservice
release_name-ibm-hdm-analytics-dev-trainer
release_name-ibm-hdm-analytics-dev-trainer
release_name-ibm-noi-alert-details-service
release_name-metric-api-service-metricapiservice
release_name-metric-spark-service-metricsparkservice
release_name-topology-layout
release_name-topology-merge
release_name-topology-status
release_name-topology-topology
|
redis |
release_name-ibm-redis-authsecret |
release_name-ibm-hdm-analytics-dev-collater-aggregationservice release_name-ibm-hdm-analytics-dev-dedup-aggregationservice
|
admin |
release_name-kafka-client-secret |
release_name-ibm-hdm-analytics-dev-archivingservice
release_name-ibm-hdm-analytics-dev-collater-aggregationservice
release_name-ibm-hdm-analytics-dev-dedup-aggregationservice
release_name-ibm-hdm-analytics-dev-inferenceservice
release_name-ibm-hdm-analytics-dev-ingestionservice
release_name-ibm-hdm-analytics-dev-normalizer-aggregationservice
|
Where
release_name is
the name for your
Netcool
Operations Insight deployment in
name (OLM UI installation), or
metadata.name in
noi.ibm.com_noihybrids_cr.yaml (CLI installation).
To change a password, use
the following procedure.
- Change the password that you want to change.
- Use the table to find the secret that corresponds to the password that was changed. Then,
delete this secret.
oc delete secret secretname --namespace namespace
Where
- secretname is the name of the secret to be re-created.
- namespace is the name of the namespace in which the secret to be re-created
exists.
- Re-create the secret with the new password.
- Use the table to find which pods depend on the secret that you re-created, and require
restarting.
- Restart the necessary pods by running the following command.
Where podname is the name of the pod that requires
restarting.
- To view the list of pods that use the
asm-credentials
secret, run the
following command.
for pod in `oc get pod -n $NAMESPACE -o name `; do
if oc get $pod -o yaml -n $NAMESPACE | grep -q asm-credentials; then
echo $pod
fi
done
- Restart the pods that use the
asm-credentials
secret by running the
following command.
for pod in `oc get pod -n $NAMESPACE -o name `; do
if oc get $pod -o yaml -n $NAMESPACE | grep -q asm-credentials; then
oc delete $pod -n $NAMESPACE
fi
done
- For the
release_name-cassandra-auth-secret
secret, in addition to changing the password in the secret and restarting the pods, you must change
the password inside the Cassandra database.
oc rsh <rel name>-cassandra-0
/opt/ibm/cassandra/bin/cqlsh -u hdm -p <old password>
alter user 'hdm' with password 'new password';