Configuring passwords and secrets

Configure passwords and secrets. You can either manually create the passwords and secrets that are required by Operations Management, or the required passwords and secrets can be generated for you by the installer. Passwords are stored in secrets.

  1. The following user passwords and secrets are required.
    Users requiring password Corresponding secret Data key(s) in secret
    smadmin helm-release-name-was-secret WAS_PASSWORD
    impactadmin helm-release-name-impact-secret IMPACT_ADMIN_PASSWORD
    unityadmin helm-release-name-la-secret UNITY_ADMIN_PASSWORD
    icpadmin helm-release-name-icpadmin-secret ICP_ADMIN_PASSWORD
    OMNIbus root helm-release-name-omni-secret OMNIBUS_ROOT_PASSWORD
    LDAP admin helm-release-name-ldap-secret LDAP_BIND_PASSWORD
    couchdb helm-release-name-couchdb-secret password username=root secret=couchdb
    internal user helm-release-name-ibm-hdm-common-ui-session-secret session
    internal user helm-release-name-systemauth-secret password username=system
    hdm helm-release-name-cassandra-auth-secret username password
    redis helm-release-name-ibm-redis-authsecret username password
    kafka helm-release-name-kafka-admin-secret username password
    admin helm-release-name-kafka-client-secret username password

    Create these passwords and secrets manually, or leave the installer to create the passwords and secrets automatically and then retrieve the passwords post-install.

  2. Automatic creation of passwords and secrets.
    The Operations Management installer uses existing passwords and secrets. If any of the required passwords and secrets do not exist, then the installer automatically creates random passwords for the required passwords and then creates the required secrets from these passwords.
    For automatic creation of passwords and secrets, use the following procedure.
    1. Ensure that the service account has permissions to create secrets. For more information, see Configuring pod access control.
    2. Proceed with the installation, using Installing Operations Management. If you set the LDAP mode to proxy, then you MUST manually configure the passwords and secrets for LDAP admin, impactadmin, and unityadmin. For information on how to do this, refer to step 3, Manual creation of Secrets.
    3. Proceed with the installation, using Installing Operations Management, and ensure that the check box Indicates that all password secrets have been created prior to install is cleared.
    4. After installation has successfully completed, you can extract the passwords from the secrets. See Retrieving passwords from secrets
  3. Manual creation of passwords and secrets
    All passwords must be less than 16 characters long and contain only alphanumeric characters. To create all the required passwords and secrets manually, use the following procedure.
    1. Create passwords for the users requiring passwords in step 1, if these do not already exist.
    2. Create helm-release-name-icpadmin-secret with the following command: 
      kubectl create secret generic helm-release-name-icpadmin-secret --from-literal=ICP_ADMIN_PASSWORD=password --namespace namespace
      Where
      • password is the password for icpadmin.
      • helm_release_name is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.
      • namespace is the name of the namespace into which you want to install Operations Management.
    3. Create helm-release-name-impactadmin-secret with the following command: 
      kubectl create secret generic helm-release-name-impactadmin-secret --from-literal=IMPACT_ADMIN_PASSWORD=password --namespace namespace
      Where
      • password is the password for impactadmin.
      • helm_release_name is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.
      • namespace is the name of the namespace into which you want to install Operations Management.
    4. Create helm-release-name-la-secret with the following command: 
      kubectl create secret generic helm-release-name-la-secret --from-literal=UNITY_ADMIN_PASSWORD=password --namespace namespace
      Where
      • password is the password for unityadmin.
      • helm_release_name is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management
      • namespace is the name of the namespace into which you want to install Operations Management.
    5. Create helm-release-name-ldap-secret with the following command: 
      kubectl create secret generic helm-release-name-ldap-secret --from-literal=LDAP_BIND_PASSWORD=password --namespace namespace
      Where
      • password is the password of your organization's LDAP server.
      • helm_release_name is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management
      • namespace is the name of the namespace into which you want to install Operations Management.
    6. Create helm-release-name-omni-secret with the following command: 
      kubectl create secret generic helm-release-name-omni-secret --from-literal=OMNIBUS_ROOT_PASSWORD=password --namespace namespace
      Where
      • password is the root password to set for the Netcool®/OMNIbus ObjectServer.
      • helm_release_name is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.
      • namespace is the name of the namespace into which you want to install Operations Management.
    7. Create helm-release-name-was-secret (smadmin user) with the following command: 
      kubectl create secret generic helm-release-name-was-secret --from-literal=WAS_PASSWORD=password --namespace namespace
      Where
      • password is the password for OMNIbus admin user.
      • helm_release_name is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.
      • namespace is the name of the namespace into which you want to install Operations Management.
    8. Create helm-release-name-couchdb-secret with the following command: 
      kubectl create secret generic helm-release-name-couchdb-secret --from-literal=password=password --from-literal=secret=couchdb --from-literal=username=root --namespace namespace
      Where
      • password is the password for the internal couch.
      • helm_release_name is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.
      • namespace is the name of the namespace into which you want to install Operations Management.
    9. Create secret for communication between pods with the following command: 
      kubectl create secret generic helm_release_name-systemauth-secret --from-literal=password=password --from-literal=username=system --namespace namespace
      Where
      • password is the password for communication between pods.
      • helm_release_name is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.
      • namespace is the name of the namespace into which you want to install Operations Management.
    10. Create secret for user interface communication between pods with the following command: 
      kubectl create secret generic helm_release_name-ibm-hdm-common-ui-session-secret --from-literal=session=password --namespace namespace
      Where
      • password is the password for user interface communication between pods.
      • helm_release_name is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.
      • namespace is the name of the namespace into which you want to install Operations Management.
    11. Create helm_release_name-cassandra-auth-secret with the following command: 
      kubectl create secret generic helm_release_name-cassandra-auth-secret --from-literal=username=username --from-literal=password=password --namespace namespace
      Where
      • username default is hdm. Do not use cassandra.
      • password is the password for user interface communication between pods.
      • helm_release_name is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.
      • namespace is the name of the namespace into which you want to install Operations Management.
    12. Create helm_release_name-ibm-redis-authsecret with the following command: 
      kubectl create secret generic helm_release_name-ibm-redis-authsecret --from-literal=username=username --from-literal=password=password --namespace namespace
      Where
      • username default is redis.
      • password is the password for user interface communication between pods.
      • helm_release_name is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.
      • namespace is the name of the namespace into which you want to install Operations Management.
    13. Create helm_release_name-kafka-admin-secret with the following command: 
      kubectl create secret generic helm_release_name-kafka-admin-secret --from-literal=username=username --from-literal=password=password --namespace namespace
      Where
      • username default is kafka.
      • password is the password for user interface communication between pods.
      • helm_release_name is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.
      • namespace is the name of the namespace into which you want to install Operations Management.
    14. Create helm_release_name-kafka-client-secret with the following command: 
      kubectl create secret generic helm_release_name-kafka-client-secret --from-literal=username=username --from-literal=password=password --namespace namespace
      Where
      • username default is admin.
      • password is the password for user interface communication between pods.
      • helm_release_name is the name that you are planning to use for your Operations Management Helm release name in Installing Operations Management.
      • namespace is the name of the namespace into which you want to install Operations Management.
    15. Proceed with the installation, using Installing Operations Management, and ensure that the checkbox 'Indicates that all password secrets have been created prior to install' is checked.

    If you wish to change a password after installation, see Changing passwords and recreating secrets