Changing the PostgreSQL Database Password

Overview

When you perform database Backup and Recovery operations or configure Configure CCM Wizard Properties in non-HA mode or HA modes, you may encounter situations where you need to use the database credentials.

The CCM server uses the cliqr account to connect to the database, the password for this account is also read from the configuration file. While the database username and password is cliqr, you can change these credentials.

Be sure to change the PostgresDB password and update the db.properties file to reflect the correct password.

You can manually change the password on MGMTPOSTGRES VMs or RDS and then update the username in the CCM through the database config wizard (see Configure HA Wizard Properties for additional context).

Process

To change the default password for the PostgreSQL database (cliqrdb) from cliqr to a password of your choice, follow this procedure.

If you change the default database password, remember to use the changed password in place of the default cliqr password provided in the documentation.

  1. Log into the database server using the default credentials:

    • Username: cliqr

    • Password: cliqr

  2. Change the PostgreSQL database password using the following commands:

    psql -U cliqr
     
    psql -U cliqr -d cliqrdb
     
    alter user "cliqr" WITH PASSWORD '<new_password>';
  3. Log out and login again using the new password.

  4. Remember to use the new PostgreSQL database password when you see the cliqr password in documentation.

Manually Enabling Strong Passwords for Existing Instance

PostgreSQL password checks are available to help prevent users from entering a weak password. For existing installations, you can manually enable strong passwords.

When setting the PostgreSQL password, be aware of the following requirements:

  • You cannot set your username cannot be set as the password or even use it as part of the password. For example, postgres123 for a PostgreSQL user or cliqr123 for a cliqr user are not valid.

  • You must include lower case and upper case characters and numbers.

  • The password must be >= 8 characters.

  • You can optionally use special characters.


To manually enable strong passwords for existing instances and reset the password, follow this procedure.

  1. Update the following configuration in the PostgreSQL CONF file (/var/lib/pgsql/9.6/data/postgresql.conf).

    shared_preload_libraries = ‘$libdir/passwordcheck’
  2. Restart the database Service using the following command.

    service postgresql-9.6 restart
  3. Change the password for the PostgreSQL user and cliqr user by running any one of the following scripts.

    /usr/local/cliqr/bin/db_config_wizard.sh                                
    
    # or
                    
    /usr/local/cliqr/bin/db_config_cli.sh

    You have now restricted weak password usage when setting the database user password and updated the current password as well.

                





  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved