Reset Passwords and Secrets of Enterprise Edition Web Client Docker Containers

About this task

The passwords or secrets used during the installation of Enterprise Edition Web Client are converted into Docker secrets. These Docker secrets are used by the containers for communicating with remote systems such as the Plant Applications database, Apache CouchDB, RabbitMQ, and UAA.

After Enterprise Edition Web Client installation, over a period of time, if the passwords / secrets used during the installation time become are changed or reset at the source, you can update the Docker containers with the new passwords or secrets.

Procedure

  1. You must define your configuration in the silentinstaller.yml file. Update the following parameter in the silentinstaller.yml file:
    Note: You must provide all the following parameter values even if there is no change in the existing passwords.
    Parameter Description
    SSL_KEY_PEM_PATH: "" Enter the path where the valid CA key file is located.

    For example, SSL_KEY_PEM_PATH: "/home/administrator/myca_certs/new_key.pem"
    PLANT_APPS_DB_SERVER: "" Enter the Plant Applications database server hostname that you want to connect with the Plant Applications Web Client.
    PLANT_APPS_DB_INSTANCE: "" Enter the name of the instance of the SQL server. You can leave this parameter empty if not using an instance.
    For example, PLANT_APPS_DB_INSTANCE: "sa"
    Note: Do not add a backslash (\) when entering the instance name.
    PLANT_APPS_DB_NAME: "" Enter the Plant Applications Database name.

    For example, PLANT_APPS_DB_NAME: "SOADB"
    PLANT_APPS_DB_USERNAME: "" Enter the username that has permissions to access the database you entered.
    PLANT_APPS_DB_PASSWORD: "" Enter the password for the username you entered.
    COUCHDB_SERVER: "" Enter the Plant Applications CouchDB host name or IP adress.
    COUCHDB_DBNAME: "node@localhost" Do not change this parameter value.
    COUCHDB_USERNAME: "" Enter the CouchDB username.
    COUCHDB_PASSWORD: "" Enter the CouchDB password.
    PLANT_APPS_MB_SERVER: "" Enter the host name or IP address that hosts your Plant Applications Message Bridge.
    PLANT_APPS_MB_USERNAME: "" Enter the username that you set for Plant Applications Message Bridge.
    PLANT_APPS_MB_PASSWORD: "" Enter the password for the username you entered.
    UAA_SERVICE_ORIGIN: "" Enter the UAA Server hostname.
    UAA_SERVICE_ADMIN_CLIENT_ID: "" Enter the admin Client ID to access the UAA server instance.
    UAA_SERVICE_ADMIN_CLIENT_SECRET: "" Enter the Client Secret for the username you entered.
  2. Access the utility.sh file in the plantapps-enterprise-webclient-<buildno> folder.
  3. Provide execution permissions to utility.sh file by running the following command: sudo chmod +x your/pathto/installer/plantapps-enterprise-webclient-<buildno>/utility.sh
  4. Run the utility.sh file by running one of the following commands:
    • If you are running this utility directly on the Enterprise Edition Web Client node: <installer path>/plantapps-enterprise-webclient-<buildno>/sudo ./utility.sh -l -pkey -reset
      Note:If you have deployed any custom stacks that use Plant Applications related secrets, you should remove them before running the utility.sh command. When the command is executed, you can add the custom stacks back. This step is necessary to ensure that the utility.sh command executes without any conflicts and all Plant Applications related secrets are properly configured.

      To remove a Docker stack, you can run the command: "docker stack rm <stack_name>". For example, if your stack name is "my_custom_stack", you can run the command: "docker stack rm my_custom_stack" to remove the stack.

      To deploy a Docker stack, you can run the command: "docker stack deploy -c <compose_file> <stack_name>". For example, if your compose file is named "customservice.yml" and your stack name is "my_custom_stack", you can run the command: "docker stack deploy -c customservice.yml my_custom_stack" to deploy the stack.

      After running the utility.sh command, you can verify that the certificates have been updated by running the command: "docker secret ls | grep cert>". This command displays the list of secrets related to certificates, and you can check the timestamp of each secret to confirm that they are updated.

    • If you are running this utility remotely on the Enterprise Edition Web Client node: <installer path>/plantapps-enterprise-webclient-<buildno>/sudo ./utility.sh -r -pkey -reset
    Docker secrets are created based on the values you entered, and the Docker stacks are redeployed so that the containers use the new passwords.