Table of Contents
You might want to change the default passwords used in Rudder's managed daemons for evident security reasons.
You will have to adjust the postgres database and the rudder-web.properties file.
Here is a semi-automated procedure:
- Generate a decently fair password. You can use an arbitrary one too.
PASS=`dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum | cut -b-12`
- Update the Postgres database user
su - postgres -c "psql -q -c \"ALTER USER blah WITH PASSWORD '$PASS'\""
- Insert the password in the rudder-web.properties file
sed -i "s%^rudder.jdbc.password.*$%rudder.jdbc.password=$PASS%" /opt/rudder/etc/rudder-web.properties
You will have to adjust the OpenLDAP and the rudder-web.properties file.
Here is a semi-automated procedure:
- Generate a decently fair password. You can use an arbitrary one too.
PASS=`dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum | cut -b-12`
- Update the password in the slapd configuration
HASHPASS=`/opt/rudder/sbin/slappasswd -s $PASS` sed -i "s%^rootpw.*$%rootpw $HASHPASS%" /opt/rudder/etc/openldap/slapd.conf
- Update the password in the rudder-web.properties file
sed -i "s%^ldap.authpw.*$%ldap.authpw=$PASS%" /opt/rudder/etc/rudder-web.properties
This time, the procedure is a bit more tricky, as you will have to update the Technique library as well as a configuration file.
Here is a semi-automated procedure:
- Generate a decently fair password. You can use an arbitrary one too.
PASS=`dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum | cut -b-12`
- Update the password in the apache htaccess file
![[Tip]](common/images/admon-icons/tip.png){kind=icon} | Tip |
|---|---|
|
On some systems, especially SuSE ones, htpasswd is called as "htpasswd2" |
htpasswd -b /opt/rudder/etc/htpasswd-webdav rudder $PASS
- Update the password in Rudder's system Techniques
cd /var/rudder/configuration-repository/techniques/system/common/1.0/ sed -i "s%^.*davpw.*$% \"davpw\" string => \"$PASS\"\;%" site.st git commit -m "Updated the rudder WebDAV access password" site.st
- Update the Rudder Directives by either reloading them in the web interface (in the "Configuration Management/Techniques" tab) or restarting jetty (NOT recommended)
