Configuring passwords and secrets
Configure passwords and secrets. You can either manually create the passwords and secrets that are required by Operations Management, or the required passwords and secrets can be generated for you by the installer. Passwords are stored in secrets.
- The following user passwords and secrets are required.
Users requiring password Corresponding secret Data key(s) in secret smadmin helm-release-name-was-secret WAS_PASSWORD impactadmin helm-release-name-impact-secret IMPACT_ADMIN_PASSWORD unityadmin helm-release-name-la-secret UNITY_ADMIN_PASSWORD icpadmin helm-release-name-icpadmin-secret ICP_ADMIN_PASSWORD OMNIbus root helm-release-name-omni-secret OMNIBUS_ROOT_PASSWORD LDAP admin helm-release-name-ldap-secret LDAP_BIND_PASSWORD couchdb helm-release-name-couchdb-secret password username=root secret=couchdb internal user helm-release-name-ibm-hdm-common-ui-session-secret session internal user helm-release-name-systemauth-secret password username=system hdm helm-release-name-cassandra-auth-secret username password redis helm-release-name-ibm-redis-authsecret username password kafka helm-release-name-kafka-admin-secret username password admin helm-release-name-kafka-client-secret username password Create these passwords and secrets manually, or leave the installer to create the passwords and secrets automatically and then retrieve the passwords post-install.
-
Automatic creation of passwords and secrets. The Operations Management installer uses existing passwords and secrets. If any of the required passwords and secrets do not exist, then the installer automatically creates random passwords for the required passwords and then creates the required secrets from these passwords.For automatic creation of passwords and secrets, use the following procedure.
- Ensure that the service account has permissions to create secrets. For more information, see Configuring pod access control.
- Proceed with the installation, using Installing Operations Management.
If you set the LDAP mode to
proxy
, then you MUST manually configure the passwords and secrets forLDAP admin
,impactadmin
, andunityadmin
. For information on how to do this, refer to step 3, Manual creation of Secrets. - Proceed with the installation, using Installing Operations Management, and ensure that the check box Indicates that all password secrets have been created prior to install is cleared.
- After installation has successfully completed, you can extract the passwords from the secrets. See Retrieving passwords from secrets
- Manual creation of passwords and secrets All passwords must be less than 16 characters long and contain only alphanumeric characters. To create all the required passwords and secrets manually, use the following procedure.
- Create passwords for the users requiring passwords in step 1, if these do not already exist.
- Create helm-release-name-icpadmin-secret with the following
command:
Wherekubectl create secret generic helm-release-name-icpadmin-secret --from-literal=ICP_ADMIN_PASSWORD=password --namespace namespace
password
is the password for icpadmin.helm_release_name
is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.namespace
is the name of the namespace into which you want to install Operations Management.
- Create helm-release-name-impactadmin-secret with the following
command:
Wherekubectl create secret generic helm-release-name-impactadmin-secret --from-literal=IMPACT_ADMIN_PASSWORD=password --namespace namespace
password
is the password for impactadmin.helm_release_name
is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.namespace
is the name of the namespace into which you want to install Operations Management.
- Create helm-release-name-la-secret with the following
command:
Wherekubectl create secret generic helm-release-name-la-secret --from-literal=UNITY_ADMIN_PASSWORD=password --namespace namespace
password
is the password for unityadmin.helm_release_name
is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Managementnamespace
is the name of the namespace into which you want to install Operations Management.
- Create helm-release-name-ldap-secret with the following
command:
Wherekubectl create secret generic helm-release-name-ldap-secret --from-literal=LDAP_BIND_PASSWORD=password --namespace namespace
password
is the password of your organization's LDAP server.helm_release_name
is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Managementnamespace
is the name of the namespace into which you want to install Operations Management.
- Create helm-release-name-omni-secret with the following
command:
Wherekubectl create secret generic helm-release-name-omni-secret --from-literal=OMNIBUS_ROOT_PASSWORD=password --namespace namespace
password
is the root password to set for the Netcool®/OMNIbus ObjectServer.helm_release_name
is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.namespace
is the name of the namespace into which you want to install Operations Management.
- Create helm-release-name-was-secret (smadmin user) with the
following
command:
Wherekubectl create secret generic helm-release-name-was-secret --from-literal=WAS_PASSWORD=password --namespace namespace
password
is the password for OMNIbus admin user.helm_release_name
is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.namespace
is the name of the namespace into which you want to install Operations Management.
- Create helm-release-name-couchdb-secret with the following
command:
Wherekubectl create secret generic helm-release-name-couchdb-secret --from-literal=password=password --from-literal=secret=couchdb --from-literal=username=root --namespace namespace
password
is the password for the internal couch.helm_release_name
is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.namespace
is the name of the namespace into which you want to install Operations Management.
- Create secret for communication between pods with the following command:
Wherekubectl create secret generic helm_release_name-systemauth-secret --from-literal=password=password --from-literal=username=system --namespace namespace
password
is the password for communication between pods.helm_release_name
is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.namespace
is the name of the namespace into which you want to install Operations Management.
- Create secret for user interface communication between pods with the following
command:
Wherekubectl create secret generic helm_release_name-ibm-hdm-common-ui-session-secret --from-literal=session=password --namespace namespace
password
is the password for user interface communication between pods.helm_release_name
is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.namespace
is the name of the namespace into which you want to install Operations Management.
- Create helm_release_name-cassandra-auth-secret with the following
command:
Wherekubectl create secret generic helm_release_name-cassandra-auth-secret --from-literal=username=username --from-literal=password=password --namespace namespace
username
default ishdm
. Do not usecassandra
.password
is the password for user interface communication between pods.helm_release_name
is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.namespace
is the name of the namespace into which you want to install Operations Management.
- Create helm_release_name-ibm-redis-authsecret with the following
command:
Wherekubectl create secret generic helm_release_name-ibm-redis-authsecret --from-literal=username=username --from-literal=password=password --namespace namespace
username
default isredis
.password
is the password for user interface communication between pods.helm_release_name
is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.namespace
is the name of the namespace into which you want to install Operations Management.
- Create helm_release_name-kafka-admin-secret with the following
command:
Wherekubectl create secret generic helm_release_name-kafka-admin-secret --from-literal=username=username --from-literal=password=password --namespace namespace
username
default iskafka
.password
is the password for user interface communication between pods.helm_release_name
is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.namespace
is the name of the namespace into which you want to install Operations Management.
- Create helm_release_name-kafka-client-secret with the following
command:
Wherekubectl create secret generic helm_release_name-kafka-client-secret --from-literal=username=username --from-literal=password=password --namespace namespace
username
default isadmin.
password
is the password for user interface communication between pods.helm_release_name
is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.namespace
is the name of the namespace into which you want to install Operations Management.
- Proceed with the installation, using Installing Operations Management, and ensure that the checkbox 'Indicates that all password secrets have been created prior to install' is checked.
If you wish to change a password after installation, see Changing passwords and recreating secrets