Changing passwords and recreating secrets

Changes to any of the passwords used by the cloud native Netcool® Operations Insight® components will require the secrets that use those passwords to be recreated, and the pods that use those secrets to be restarted. Use the following procedure if you need to change any of these passwords.

Procedure

Use this table to help you identify the secret that uses a password, and the pods that use a secret.

Password Corresponding secret Dependent pods
couchdb release_name-couchdb-secret
Note: You must change the default credentials for CouchDB. When you rotate the CouchDB password, the CouchDB replication must be recreated. For more information, seeReplication external link in the CouchDB documentation.

release_name-couchdb

release_name-ibm-hdm-analytics-dev-aggregationcollaterservice

release_name-ibm-hdm-analytics-dev-trainer

hdm release_name-cassandra-auth-secret

release_name-cassandra

redis release_name-ibm-redis-authsecret release_name-ibm-hdm-analytics-dev-collater-aggregationservice

release_name-ibm-hdm-analytics-dev-dedup-aggregationservice

kafka release_name-kafka-admin-secret

release_name-ibm-hdm-analytics-dev-archivingservice

release_name-ibm-hdm-analytics-dev-collater-aggregationservice

release_name-ibm-hdm-analytics-dev-dedup-aggregationservice

release_name-ibm-hdm-analytics-dev-inferenceservice

release_name-ibm-hdm-analytics-dev-ingestionservice

release_name-ibm-hdm-analytics-dev-normalizer-aggregationservice

admin release_name-kafka-client-secret

release_name-ibm-hdm-analytics-dev-archivingservice

release_name-ibm-hdm-analytics-dev-collater-aggregationservice

release_name-ibm-hdm-analytics-dev-dedup-aggregationservice

release_name-ibm-hdm-analytics-dev-inferenceservice

release_name-ibm-hdm-analytics-dev-ingestionservice

release_name-ibm-hdm-analytics-dev-normalizer-aggregationservice

Where <release_name> is the name of your deployment, as specified by the value used for name (Operator Lifecycle Manager UI Form view), or name in the metadata section of the noi.ibm.com_noihybrids_cr.yaml or noi.ibm.com_nois_cr.yaml files (YAML view).

To change a password use the following procedure.

  1. Change the password that you wish to change.
  2. Use the table at the start of this topic to find the secret that corresponds to the password that has been changed, and delete this secret.
    oc delete secret secretname --namespace namespace
    Where
    • secretname is the name of the secret to be recreated.
    • namespace is the name of the namespace in which the secret to be recreated exists.
  3. Recreate the secret with the desired new password. See Configuring authentication for instructions on how to create the required secret.
  4. Use the table at the start of this topic to find which pods depend on the secret that you have recreated and will require restarting.
  5. Restart the required pods using
    oc delete pod podname -n namespace
    Where
    • podname is the name of the pod that requires restarting.
    • namespace is the name of the namespace in which the pod to be restarted exists.