How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I change the Cassandra password for zoran_dba and zoranuser in Autonomous Identity 2021.8.x?

Last updated Jan 17, 2023

The purpose of this article is to provide instructions on changing the password of the zoran-dba Cassandra database user in Autonomous Identity.

Note

This article does not apply to Autonomous Identity 2022.11 and later, because it is included in the documentation: Changing the Cassandra zoran_dba and zoran_user passwords.

Overview

Please ensure you test these steps in a pre-production environment before making changes in a production environment.

Prerequisites

You should have access to: 

  • The Linux user that installed Autonomous Identity (usually the autoid user). 
  • The Autonomous Identity machine if the deployment is a single node.
  • The Docker machine (for the Java API Service (JAS)) and the Cassandra machine (for Cassandra access) if it's a multi-node deployment.

Updating the Cassandra password

The password for the Autonomous Identity's Cassandra admin user can be updated by running the following CQL statement after running the dba shell alias or cqlsh (or equivalent Cassandra client after connecting to the Cassandra instance).

  1. Identify the dba alias, which is located in the <autoid user home>/.bashrc file on the target machine. For example, the dba alias value is:alias dba='cqlsh <cassandra__node_ip> -u zoran_dba --ssl'
  2. Connect to the Cassandra instance using one of the following options:
    • The created dba alias:[autoid@autoid-machine ~]$ dba Connected to Zoran Cluster at <cassandra__node_ip>:9042. [cqlsh 5.0.1 | Cassandra 3.11.2 | CQL spec 3.4.4 | Native protocol v4] Use HELP for help. zoran_dba@cqlsh>
    • The equivalent cqlsh command:[autoid@autoid-machine ~]$ cqlsh <instance_ip_address> -u zoran_dba --ssl Connected to Zoran Cluster at <instance_ip_address>:9042. [cqlsh 5.0.1 | Cassandra 3.11.2 | CQL spec 3.4.4 | Native protocol v4] Use HELP for help. zoran_dba@cqlsh>

After running one of the above commands, the user will be logged in as the zoran_dba user. 

  1. Run the CQL statement below to update the password in the Cassandra database:zoran_dba@cqlsh> ALTER USER zoran_dba WITH PASSWORD 'new_password';
  2. Update the password in the corresponding environment variable on the JAS Docker service:
    1. Update the following variable in docker-compose.yml (located in /opt/autoid/res/jas on the target machine):
      - CASSANDRA_DB_PASSWORD=new_password
    2. Remove the running JAS container and re-deploy it:[autoid@autoid-machine ~]$ docker stack rm jas Removing service jas_jasnode [autoid@autoid-machine ~]$ docker stack deploy --with-registry-auth --compose-file /opt/autoid/res/jas/docker-compose.yml jas Creating service jas_jasnode [autoid@autoid-machine ~]$
  3. Update the password in the authentication section of the ~/.cassandra/cqlshrc file; this allows you to continue using the dba alias:[authentication] username = zoranuser password = new_password

See Also

Administrator Tasks

Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.