Changing passwords and re-creating secrets

Edit online

Changes to any of the passwords that are used by the cloud native components will require the secrets that use those passwords to be re-created, and the pods that use those secrets to be restarted. Use the following procedure if you need to change any of these passwords.

Procedure

Use this table to help you identify the secrets that use a password, and the pods that use a secret.

Password Corresponding secret Dependent pods
couchdb release_name-couchdb-secret
Note: Change the default credentials for CouchDB. When you rotate the CouchDB password, the CouchDB replication must be re-created. For more information, seeReplication external link in the CouchDB documentation.

release_name-couchdb

release_name-ibm-hdm-analytics-dev-aggregationcollaterservice

release_name-ibm-hdm-analytics-dev-trainer
hdm release_name-cassandra-auth-secret

release_name-cassandra
redis release_name-ibm-redis-authsecret release_name-ibm-hdm-analytics-dev-collater-aggregationservice

release_name-ibm-hdm-analytics-dev-dedup-aggregationservice
admin release_name-kafka-client-secret

release_name-ibm-hdm-analytics-dev-archivingservice

release_name-ibm-hdm-analytics-dev-collater-aggregationservice

release_name-ibm-hdm-analytics-dev-dedup-aggregationservice

release_name-ibm-hdm-analytics-dev-inferenceservice

release_name-ibm-hdm-analytics-dev-ingestionservice

release_name-ibm-hdm-analytics-dev-normalizer-aggregationservice
Where <release_name> is the name of your deployment, as specified by the value used for name (Operator Lifecycle Manager UI Form view), or name in the metadata section of the noi.ibm.com_noihybrids_cr.yaml or noi.ibm.com_nois_cr.yaml files (YAML view).

To change a password, use the following procedure.

  1. Change the password that you want to change.
  2. Use table 1 to find the secret that corresponds to the password that has been changed. Delete this secret. 
    oc delete secret secretname --namespace namespace
    Where
    • secretname is the name of the secret to be re-created.
    • namespace is the name of the namespace in which the secret to be re-created exists.
  3. Re-create the secret with the desired new password. See Configuring authentication for instructions on how to create the necessary secret.
  4. Use table 1 to find which pods depend on the secret that you re-created, and which require restarting.
  5. Restart the necessary pods by running the following command. 
    oc delete pod podname -n namespace
    Where
    • podname is the name of the pod that requires restarting.
    • namespace is the name of the namespace in which the pod to be restarted exists.
  6. To view the list of pods that use the asm-credentials secret, run the following command. 
    for pod in `oc get pod -n $NAMESPACE -o name `; do 
   if oc get $pod -o yaml -n $NAMESPACE | grep -q asm-credentials; then 
      echo $pod 
   fi
done
  7. Restart the pods that use the asm-credentials secret by running the following command. 
    for pod in `oc get pod -n $NAMESPACE -o name `; do 
   if oc get $pod -o yaml -n $NAMESPACE | grep -q asm-credentials; then 
      oc delete $pod -n $NAMESPACE 
   fi
done