...
| Info |
|---|
Applicable to on-premise deployments |
Purpose of this article
This article documents each backend component that requires an admin or integration user will have and how to update/change their password change process documented here. Please follow the steps in order to update/change a password accordingly.
| Info |
|---|
You are expected to have access directly to the Kubernetes or Openshift pods and have the ability to delete/create pods and deployments to progress this this. This is also considered a DISRUPTIVE change and will cause outage on certain components during the update process. |
| Table of Contents |
|---|
1. Keycloak
1.1 Updating Postgres Password
...
Login as the Admin user for Keycloak and head to the top right hand corner to “Manage Account”.
Head to the password section on the left hand side pannel.
Simply update the password here.
Once the password is updated make sure you update the keycloak-credentials.yaml secret file KEYCLOAK_PASSWORD to match and reapply it.
Code Block ### Native Kubernetes kubectl apply -f keycloak-credentials.yaml ### OpenShift oc apply -f keycloak-credentials.yaml
Restart the deployment pod only to ensure the password takes effect.
Code Block ### Native Kubernetes kubectl delete pod <keycloak deployment pod> ### OpenShift oc delete pod <keycloak deployment pod>
1.3. Bulk load keycloak users
Use the loader in --create=true to either create users in keycloak (when using keycloak as a standalone user repository). NB to rerun using --create=true you will need to delete the users from keycloak.
Use the loader in --create=false when updating keycloak users that have been loaded from another source such as AD / LDAP integrations.
| Code Block |
|---|
cd /opt/server
python batch_load_keycloak.py --keycloak-mapping=/opt/sample/demo/KEYCLOAKMAPPING.csv --default-password=<default password> --create=true
|
1.3. Changing Client Keys for Service Authentication
...