You might want to change the default passwords used in Rudder's managed daemons for evident security reasons.
You will have to adjust the postgres database and the rudder-web.properties file.
Here is a semi-automated procedure:
- Generate a decently fair password. You can use an arbitrary one too.
PASS=`dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum | cut -b-12`
- Update the Postgres database user
su - postgres -c "psql -q -c \"ALTER USER blah WITH PASSWORD '$PASS'\""
- Insert the password in the rudder-web.properties file
sed -i "s%^rudder.jdbc.password.*$%rudder.jdbc.password=$PASS%" /opt/rudder/etc/rudder-web.properties
You will have to adjust the OpenLDAP and the rudder-web.properties file.
Here is a semi-automated procedure:
- Generate a decently fair password. You can use an arbitrary one too.
PASS=`dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum | cut -b-12`
- Update the password in the slapd configuration
HASHPASS=`/opt/rudder/sbin/slappasswd -s $PASS` sed -i "s%^rootpw.*$%rootpw $HASHPASS%" /opt/rudder/etc/openldap/slapd.conf
- Update the password in the rudder-web.properties file
sed -i "s%^ldap.authpw.*$%ldap.authpw=$PASS%" /opt/rudder/etc/rudder-web.properties
This time, the procedure is a bit more tricky, as you will have to update the Technique library as well as a configuration file.
Here is a semi-automated procedure:
- Generate a decently fair password. You can use an arbitrary one too.
PASS=`dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum | cut -b-12`
- Update the password in the apache htaccess file
Tip | |
---|---|
On some systems, especially SuSE ones, htpasswd is called as "htpasswd2" |
htpasswd -b /opt/rudder/etc/htpasswd-webdav rudder $PASS
- Update the password in Rudder's system Techniques
cd /var/rudder/configuration-repository/techniques/system/common/1.0/ sed -i "s%^.*davpw.*$% \"davpw\" string => \"$PASS\"\;%" site.st git commit -m "Updated the rudder WebDAV access password" site.st
- Update the Rudder Directives by either reloading them in the web interface (in the "Configuration Management/Techniques" tab) or restarting jetty (NOT recommended)