Changing the system passphrase

This is an optional task. Run the master key regenerator, if you want to change the system passphrase.

When you run this tool, it compares the system passphrase present in the passphraseOld.txt file with the system passphrase that is present in the database. If both the system passphrase match, the tool replaces the passphrase present in the database with the new passphrase that is specified in the passphraseNew.txt file.

Before you run the Docker/podman command, perform the following tasks:
  • Copy the database drivers to dbdrivers folder, .jks files to resources/security/ folder, and provide passphrase in the passphraseOld.txt and passphraseNew.txt files.
  • Configure the properties in Setup.cfg file.

Run the following command:

  • Docker:
    docker run --name="<container name>" --add-host=<host_name>:<IP address> -v <path to mount files>:/opt/IBM/Resources -v /etc/localtime:/opt/IBM/localtime:ro -e application="masterkeyregen" -dt <image name>:<version>
  • Podman: 
    podman run --name="<container name>" --add-host=<host_name>:<IP address> -v <path to mount files>:/opt/IBM/Resources:z -v /etc/localtime:/opt/IBM/localtime:ro -e application="masterkeyregen" -dt <image name>:<version>
where, --add-host is optional.
Note: Enter the appropriate parameter values within the angle (<>) brackets.
Here,
  • <container name> - refers to the container name.
  • <path to mount files>. Provide the absolute path of the directory where the mount files are extracted. For the contents of the mount directory, see Mount Directory structure.
  • --add-host=<host_name>:<IP address> - Can add other hosts into the /etc/hosts file of the container by using one or more --add-host flags.
  • -v /etc/localtime:/opt/IBM/localtime:ro - synchronizes the container's time zone with the host machine's time zone.

In the passphraseOld.txt file, specify the old passphrase that is present in the database. In the passphraseNew.txt file, specify the new passphrase that you want to replace with the old passphrase.

Note:
  • Specify the database details for both master and testmode schema in the Setup.cfg file. Also, copy the passphraseOld.txt, passphraseNew.txt, and DB jars to the Mount folder, /root/MountResource/.
  • After the successful completion of master key regenerator, update the passphrase.txt file with the new master key and restart the corresponding containers such as PEM Portal, PEM Partner Repository, and PEM Partner Provisioner.

Sample run command

  • Docker: 
    docker run --name="Master_Key_Regnerator" --add-host=<host_name>:<IP address> -v /home/MountResource/:/opt/IBM/Resources -v /etc/localtime:/opt/IBM/localtime:ro -e application="masterkeyregen" -dt registry.ng.bluemix.net/gold/pem:3.5.16
  • Podman: 
    podman run --name="Master_Key_Regnerator" --add-host=<host_name>:<IP address> -v /home/MountResource/:/opt/IBM/Resources:z -v /etc/localtime:/opt/IBM/localtime:ro -e application="masterkeyregen" -dt registry.ng.bluemix.net/gold/pem:3.5.16
Note: Here, --add-host is optional.

Configuring the properties in Setup.cfg files

Configure the following properties:
  • accept_license
  • proxy_host
  • proxy_port
  • customer_id
  • db_type
  • ssl_connection
  • db_port
  • db_host
  • db_name
  • db_schema
  • db_user
  • db_password
  • db_driver
  • db_max_pool_size
  • db_min_pool_size
  • db_aged_timeout
  • db_max_idle_time
  • db_sslTrustStoreName
  • db_sslTrustStorePassword
  • testmode_db_port
  • testmode_db_host
  • testmode_db_name
  • testmode_db_schema
  • testmode_db_user
  • testmode_db_password
  • testmode_db_driver
  • testmode_db_max_pool_size
  • testmode_db_min_pool_size
  • testmode_db_aged_timeout
  • testmode_db_max_idle_time
  • testmode_db_sslTrustStoreName
  • testmode_db_sslTrustStorePassword