Changing passwords and secrets
You can change the passwords and secrets that were used during the deployment process.
About this task
Note: This
procedure only applies to passwords and secrets that are found in
the Data bags topic. Note the
exceptions in the following restriction list.
Restrictions:
- With IBM Cloud
Manager with OpenStack 4.3
FP2, a new secret is available called orchestration_auth_encryption_key.
This secret is the configuration option value as auth_encryption_key in /etc/heat/heat.conf for OpenStack orchestration.
Be careful when dealing with this secret and follow the instructions
here if you are performing the update cloud deployment tasks described
in Updating a deployed topology:
- The secret is not configurable prior to IBM Cloud Manager with OpenStack 4.3 FP2. If you manually configured this value in /etc/heat/heat.conf, you need to set the secret to the value you manually configured with the procedures below. This should be done before you perform the update procedure described in Updating a deployed topology.
- If you did not customize this option value for OpenStack orchestration in a previous deployment, do not set the value in your update procedure. The update procedure ensures that the previous default value is used after the deployment update. If you set the value to something else, it may cause OpenStack orchestration to not function properly.
- After you deploy the HA controller +n compute topology,
do not change the passwords of these specific data bags.
- db_passwords: Do not change any of the database passwords.
- secrets:
- corosync_secret
- openstack_identity_bootstrap_token
- service_passwords: rabbit_cookie
- user_passwords: hacluster
Use the following instructions to change passwords and secrets.