Updating authentication to the storage cluster

The two possible ways on how to change the passwords of the GUI users on the storage cluster are:

  1. Let the operator automatically change the passwords. For more information, see Automatic password rotation.
  2. Manually update the passwords.

Use the following documentation as a guide for the second option to manually update the authorization on the remote storage cluster. This procedure involves two parts:

  1. Updating user passwords on the storage cluster
  2. Updating user secrets for the storage cluster on Red Hat OpenShift

Updating user passwords on the storage cluster

To change the user passwords on the storage cluster, run the following actions on the storage cluster. For more information about users, see Creating Container Operator and CSI users.

The administrator can change the password by using the following commands:

  1. To change the container native operator GUI user, enter the following command on the storage cluster:

    /usr/lpp/mmfs/gui/cli/chuser cnsa_storage_gui_user -p new_cnsa_storage_gui_password
    
  2. To change the CSI GUI user, enter the following commands on the storage cluster:

    /usr/lpp/mmfs/gui/cli/chuser csi_storage_gui_user -p new_csi_storage_gui_password
    

The chuser command needs to be run on a node where the GUI is installed in the storage cluster.

Updating user secrets for the storage cluster on Red Hat OpenShift

When user passwords on the remote IBM Storage Scale storage cluster changes, the corresponding Kubernetes secrets with the credentials must be updated for the operator to maintain communication. For more information about these secrets, see Creating secrets for storage cluster GUI users.

  1. To update the secret named cnsa-remote-mount-storage-cluster-1 in the ibm-spectrum-scale namespace, enter the following command:

    oc patch secret cnsa-remote-mount-storage-cluster-1 -n ibm-spectrum-scale \
    -p="{\"data\":{\"password\": \"`echo -n 'new_cnsa_storage_gui_password' | base64`\"}}"
    

    Verify that the secret is updated:

    echo -n `oc get secret cnsa-remote-mount-storage-cluster-1 -n ibm-spectrum-scale \
    -ojson | jq -r .data.password` | base64 -d && echo
    
  2. To update the secret named csi-remote-mount-storage-cluster-1 in the ibm-spectrum-scale-csi namespace, enter the following command:

    oc patch secret csi-remote-mount-storage-cluster-1 -n ibm-spectrum-scale-csi \
    -p="{\"data\":{\"password\": \"`echo -n 'new_csi_storage_gui_password' | base64`\"}}"
    

    Verify that the secret is updated:

    echo -n `oc get secret csi-remote-mount-storage-cluster-1 -n ibm-spectrum-scale-csi \
    -ojson | jq -r .data.password` | base64 -d && echo