Updating External Service Passwords

This article describes how to change the default passwords for the following included external services:

Nagios

To change the Nagios password:

  1. On the Controller host, execute the command docker ps to view the Nagios container.

    This command returns a table with a list of the containers running on the Controller host.

  2. Look in the NAMES column for an entry similar to the following:

    epic-nagios-10.32.1.112

    This is the Nagios container running on the Controller.

  3. Execute the following commands to view the current password:

    # docker exec -it epic-nagios-10.32.1.112 bash
        # cat /etc/nagios/passwd

    The system will return the current administrator password:

    nagiosadmin:nagiosadmin

  4. To update the password, execute the following command:

    # htpasswd -c /etc/nagios/passwd nagiosadmin

  5. You will be prompted to Enter the New password and then to Re-type new password for confirmation.

    The system confirms that the password is being changed.

    Adding password for user nagiosadmin

  6. Execute the following command to verify that the password was changed:

    # cat /etc/nagios/passwd

    The system displays the new administrator password:

    nagiosadmin:$apr1$/5sis9Al$3ncyFom6EUXRnfymJf9Yo

  7. Validate that the system has changed the password by accessing the Nagios interface and then typing <controller_ip>:8443 (e.g. 10.32.1.112:8443).

    The system asks for a username and password.

  8. Enter nagiosadmin as the username, and then enter the new password.
  9. Verify successful login.

HAProxy

To change the HAProxy password, use the following procedure on each Gateway host:

  1. Open the file /opt/bluedata/common-install/scripts/haproxy/haproxy_globals.cfg for editing.

  2. In the listen stats : 8081 section, find the following line:

    stats auth haproxy:haproxy
  3. Change this line to reflect the new password. For example, to change the password from haproxy to haproxy1, edit the line to read haproxy:haproxy1.
  4. Execute the command bds-controller restart on the Gateway host.
  5. After few minutes, access the HAProxy service on the Gateway host by navigating to <gateway_ip>:8081, and then attempt to log in as user haproxy with the new password.

HACluster

If you have forgotten the current HACluster password or you want to change the HACluster password, reset the HACluster password and re-authenticate the cluster nodes:

  1. On the primary Controller, execute the following command:
    passwd hacluster
  2. If the controller host is running RHEL or CentOS, on the Shadow Controller, execute the following command: 
    passwd hacluster
  3. On the primary Controller, re-authenticate the HACluster nodes by executing the following command:
    pcs cluster auth <node1> <node2> --force

    where <node1> and <node2> are the hostnames or IP addresses of the nodes being re-authenticated.