No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor BCManager 6.5.0 eReplication User Guide 02

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
eReplication Account Management

eReplication Account Management

To protect security of the DR system, you are advised to periodically change the passwords of the eReplication accounts.

Changing the Password of the root Account

In Linux, user root has the rights of an operating system administrator. If eReplication is installed using a template, you are advised to periodically change root' password of the operating system to improve system O&M security.

Prerequisites

  • A cross-platform remote access tool, such as PuTTY, has been obtained.
  • The management IP address of the node on which the password is to be changed has been obtained.
  • The password of user root or DRManager of the operating system on which the password is to be changed has been obtained.

Context

The default password of user root is Huawei@CLOUD8!.

This default password is valid only in template-based installation scenarios.

Procedure

  1. Use PuTTY to log in as user DRManager to the operating system of the node on which the password is to be changed.
  2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

    NOTE:

    After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run exit to exit the system after completing your operations.

  3. Run the su root command to switch to user root.
  4. Run the chattr -i /etc/shadow command to disable security hardening.
  5. Run the passwd command to change the password of user root.

    The following command output is displayed:

    Changing password for root.
    New Password:
    
    NOTE:
    The password must meet the following complexity requirements:
    • Contains at least eight characters.
    • Contains at least the following characters:
      • Uppercase letters
      • Lowercase letters
      • Digits
      • Special characters
    • Cannot be the same as the username or the mirror writing of the username.
    • Cannot be the same as any word in dictionaries.

  6. Enter a new password, and press Enter.

    The following command output is displayed:

    Reenter New Password:

  7. Enter the new password again, and press Enter.

    The password is changed successfully if the following command output is displayed:

    Password changed.

  8. Run the chattr +i /etc/shadow command to enable security hardening.

Changing the Password of the DRManager Account

In Linux, after eReplication is installed, the DRManager is automatically created. This account is used to interconnect with SmartKit to collect information and perform inspection for eReplication servers. You are advised to periodically change the password of user DRManager to improve system operation security.

Prerequisites

  • A cross-platform remote access tool, such as PuTTY, has been obtained.
  • The management IP address of the node on which the password is to be changed has been obtained.
  • The password of user root or DRManager of the operating system on which the password is to be changed has been obtained.

Context

The default password of user DRManager is Huawei@CLOUD8.

Procedure

  • Method 1: Changing the password of user DRManager as user root
    1. Use PuTTY to log in as user root to the operating system of the node on which the password is to be changed.
    2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

      • In the template-based installation mode: Perform 3.
      • In the software package-based installation mode: Perform 4.

      NOTE:

      After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run exit to exit the system after completing your operations.

    3. Run the chattr -i /etc/shadow command to disable security hardening.
    4. Run the passwd DRManager command to change the password of user DRManager.

      The following command output is displayed:

      Changing password for DRManager.
      New Password:
      

    5. Type a new password and press Enter.

      The following command output is displayed:

      Reenter New Password:
      
      NOTE:
      The password must meet the following complexity requirements:
      • Contains at least eight characters.
      • Contains at least the following characters:
        • Uppercase letters
        • Lowercase letters
        • Digits
        • Special characters
      • Cannot be the same as the username or the mirror writing of the username.
      • Cannot be the same as any word in dictionaries.

    6. Type the new password again, and press Enter.

      The password is changed successfully if the following command output is displayed

      Password changed.

  • Method 2: Changing the password of user DRManager as user DRManager
    1. Use PuTTY to log in as user DRManager to the operating system of the node on which the password is to be changed.
    2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

      NOTE:

      After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run exit to exit the system after completing your operations.

      • In the template-based installation mode: Perform 3.
      • In the software package-based installation mode: Perform 4.

    3. Run the chattr -i /etc/shadow command to disable security hardening.
    4. Run the passwd command to change the password of user DRManager.

      The following command output is displayed:

      Changing password for DRManager.
      Old Password:

    5. Type the old password and press Enter.

      The following command output is displayed:

      New Password:
      

    6. Type a new password and press Enter.

      The following command output is displayed:

      Reenter New Password:
      
      NOTE:
      The password must meet the following complexity requirements:
      • Contains at least eight characters.
      • Contains at least the following characters:
        • Uppercase letters
        • Lowercase letters
        • Digits
        • Special characters
      • Cannot be the same as the username or the mirror writing of the username.
      • Cannot be the same as any word in dictionaries.

    7. Type the new password again, and press Enter.

      The password is changed successfully if the following command output is displayed

      Password changed.
      NOTE:

      In the template-based installation mode, run the chattr +i /etc/shadow command to enable security hardening after you change the password.

Changing the Password of the ICUser Account

In Linux, the ICUser user with lower permission is used for starting associated processes. You are advised to periodically change the password of user ICUser of the operating system on the eReplication node to improve system operation security.

Prerequisites

  • A cross-platform remote access tool, such as PuTTY, has been obtained.
  • The management IP address of the node on which the password is to be changed has been obtained.
  • The password of user root or DRManager of the operating system on which the password is to be changed has been obtained.

Context

The default password of user ICUser is Huawei@CLOUD8.

Procedure

  • Method 1: Changing the password of user ICUser as user root
    1. Use PuTTY to log in as user root to the operating system of the node on which the password is to be changed.
    2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

      • In template-based installation mode, perform 3.
      • In software package-based installation mode, perform 4.

      NOTE:

      After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run exit to exit the system after completing your operations.

    3. Run the chattr -i /etc/shadow command to remove the security hardening.
    4. Run the passwd ICUser command to change the password of user ICUser.

      The following command output is displayed:

      Changing password for root.
      New Password: 
      

    5. Type a new password and press Enter.

      The following command output is displayed:

      Reenter New Password:
      NOTE:
      The password must meet the following complexity requirements:
      • Contains at least eight characters.
      • Contains at least the following characters:
        • Uppercase letters
        • Lowercase letters
        • Digits
        • Special characters
      • Cannot be the same as the username or the mirror writing of the username.
      • Cannot be the same as any word in dictionaries.

    6. Type the new password again, and press Enter.

      The password is changed successfully if the following command output is displayed

      Password changed.

  • Method 2: Logging in to the system as user DRManager, switching to user ICUser, and changing the password
    1. Use PuTTY to log in as user DRManager to the operating system of the node on which the password is to be changed.
    2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

      NOTE:

      After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run exit to exit the system after completing your operations.

      • In the template-based installation mode: Perform 3.
      • In the software package-based installation mode: Perform 4.

    3. Run the chattr -i /etc/shadow command to disable security hardening.
    4. Run the su ICUser command to switch to user ICUser.
    5. Run the passwd command to change the password of user ICUser.

      The following command output is displayed:

      Changing password for ICUser.
      Old Password:

    6. Type the old password and press Enter.

      The following command output is displayed:

      New Password:

    7. Type a new password and press Enter.

      The following command output is displayed:

      Reenter New Password:
      NOTE:
      The password must meet the following complexity requirements:
      • Contains at least eight characters.
      • Contains at least the following characters:
        • Uppercase letters
        • Lowercase letters
        • Digits
        • Special characters
      • Cannot be the same as the username or the mirror writing of the username.
      • Cannot be the same as any word in dictionaries.

    8. Type the new password again, and press Enter.

      The password is changed successfully if the following command output is displayed

      Password changed.
      NOTE:

      In the template-based installation mode, run the chattr +i /etc/shadow command to enable security hardening after you change the password.

Changing the Password of a Database Account

This section describes how to change the password of the database administrator GaussDB account and BCManager DBA account for eReplication to access the database.

Prerequisites

In a Linux operating system, use the interactive login mode to log in to the GaussDB database. For example, run the gsql -d lego -U gaussdb -p 6432, and then enter your password as prompted. Do not record a password into the .bash_history file, thereby preventing password leakage.

  • A cross-platform remote access tool, such as PuTTY, has been obtained.
  • The database account used for accessing eReplication and the old password of the database account have been obtained.
  • The old password of the GaussDB database account has been obtained.
    • In template installation mode, the default old password of GaussDB is BCM@GaussDB123.
    • In software package installation mode, the default old password of GaussDB is Gaussdb_123.
  • The login password of user root or DRManager in Linux or that of the administrator in Windows has been obtained.

Context

If you have changed the password of the database account that is used for accessing eReplication, change that of the database account accordingly in time at the eReplication Server side.

Procedure

  • The following describes how to change the password of a database user in Linux:
    1. Use PuTTY to log in to the eReplication management server.

      • In template-based installation mode: Log in as user DRManager, and run the su root command to switch to user root.
      • In software package-based installation mode: Log in as user root.
      NOTE:

      The default password of user DRManager is Huawei@CLOUD8. In template-based installation mode, the default password of user root is Huawei@CLOUD8!.

    2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

      NOTE:

      After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run exit to exit the system after completing your operations.

    3. Run cd /opt/BCManager/Runtime/bin to enter the path.

      NOTE:

      In Linux, the installation path of the eReplication Server is /opt/BCManager. The path is fixed.

    4. Run the sh shutdownSystem.sh command to stop eReplication Server.
    5. Run the /etc/init.d/gaussdb start or service gaussdb start command to start the GaussDB database.
    6. Log in to the database.

      Enter /usr/local/gaussdb/bin/gsql -d postgres -U xxxx -p 6432 where xxxx indicates the database administrator account and 6432 indicates the database port.

      Type the old password of the database user as prompted.

    7. In the gsql mode, run an SQL command to change the default password.

      • Assume that the initial username is GaussDB, the default old password is Gaussdb_123, and the new password is Tp123*kl8. Run the following command to change the default password:
        ALTER USER GaussDB IDENTIFIED BY 'Tp123*kl8' replace 'Gaussdb_123';
        NOTE:

        Tp123*kl8 indicates the new password of the database user, and Gaussdb_123 indicates the old password of the database user.

      • If the BCManager DBA account for eReplication to access the database is RDDBuser, the default old password is DRmanager_123, and the new password is Tp123*kl8. Run the following command to change the default password:
        ALTER USER RDDBuser IDENTIFIED BY 'Tp123*kl8' replace 'DRmanager_123';
        NOTE:

        Tp123*kl8is the new password of the BCManager DBA account for eReplication to access the database. DRmanager_123 is the old password of the database user.

      The new password must meet the following complexity requirements:
      • Contains 8 to 15 characters.
      • Contains at least one special character from ~!@#$%*-_=+\[{}];:,./?
      • Must contain at least two of the following types of characters:
        • Uppercase letters
        • Lowercase letters
        • Digits
      • Cannot be the same as the username.
      • Differ from the current password.

    8. Perform the following operations based on the type of user whose password is to be modified.

      • If the password for logging in to the GaussDB database is changed, perform the following steps:
        1. Run the cd /opt/BCManager/Runtime/bin command to enter the path.
        2. Run the sh startSystem.sh command to start the eReplication Server.
      • If eReplication's password for accessing the database is changed, perform the following steps:
        1. Synchronize the password change to the user for accessing the database of the eReplication Server side by following instructions in Update the Password of the Account Used by the eReplication to Access Databases.
        2. Run the cd /opt/BCManager/Runtime/bin command to enter the path.
        3. Run the sh startSystem.sh command to start the eReplication Server.

  • The following describes how to change the password of a database user in Windows:
    1. Log in to the OceanStor BCManager Server as an administrator.
    2. Open the CLI and run the cd installation path\bincommand to go to the bin directory.

      NOTE:

      In Windows, the default installation path of the OceanStor BCManager Server is C:\BCManager\Runtime. The installation path is user-definable. You are advised not to install the OceanStor BCManager Server on a system disk.

    3. Run the shutdownSystem.bat command, enter y, and press Enter to stop the eReplication Server.
    4. Log in to the database.

      1. Go to the installation path\gs\app\bin directory.
      2. Run the gsql -d postgres -U xxxx -p 6432 command. Where, xxxx indicates the database user, 6432 indicates the database port.

        Enter the old password of the database user as prompted.

    5. In the gsql mode, run an SQL command to change the default password.

      • Assume that the initial user name is GaussDB, the default old password is Gaussdb_123, and the new password is Tp123*kl8. Run the following command to change the default password:
        ALTER USER GaussDB IDENTIFIED BY 'Tp123*kl8' replace 'Gaussdb_123';
        NOTE:

        Tp123*kl8 indicates the new password of the database user, and Gaussdb_123 indicates the old password of the database user.

      • Change the password of the DRmanager DBA account of the database. Assume that the initial user name is RDDBuser, the default old password is DRmanager_123, and the new password is Tp123*kl8. Run the following command to change the default password:
        ALTER USER RDDBuser IDENTIFIED BY 'Tp123*kl8' replace 'DRmanager_123';
        NOTE:

        Tp123*kl8 indicates the new password of the account for eReplication to access the database, and DRmanager_123 indicates the old password of the database user.

      The new password must meet the following complexity requirements:
      • Must contain 8 to 15 characters.
      • Must contain at least one special character from ~!@#$%*-_=+\[{}];:,./?
      • Must contain at least two of the following types of characters:
        • Uppercase letters
        • Lowercase letters
        • Digits
      • Cannot be the same as the user name.

    6. Perform the following operations based on the type of user whose password is to be modified.

      • If you have modified the password of user GaussDB, run the startSystem.vbe command to restart the OceanStor BCManager Server.
      • If you have changed the user's password of OceanStor BCManager for accessing databases, synchronize the password change to the user for accessing databases on the eReplication Server side. Then run the startSystem.vbe command to start the eReplication Server.

Example

Connecting to a database in gsql mode:
  • In Linux:
    linux:/> /usr/local/gaussdb/bin/gsql -d postgres -U GaussDB -p 6432
    Password for user GaussDB: 
    gsql (9.2.1)
    Type "help" for help.
  • In Windows:
    C:\BCManager\Runtime\gs\app\bin>gsql -d postgres -U GaussDB  -p 6432
    Password for user GaussDB:
    gsql (9.2.5)
    Type "help" for help.
    
    POSTGRES=#
In the gsql mode, run the following SQL command to change the default password:
POSTGRES=# ALTER USER GaussDB IDENTIFIED BY 'Tp123*kl8' replace 'Gaussdb_123';
ALTER ROLE

Update the Password of the Account Used by the eReplication to Access Databases

When the password of account (BCManager DBA account) for accessing the database is changed in the database, you need to update the password in the eReplication system according to the steps described in this document. This operation changes the password of the account for eReplication to access the database to improve the system O&M security.

Prerequisites

  • A cross-platform remote access tool, such as PuTTY, has been obtained.
  • The management IP address of the node on which the password is to be changed has been obtained.
  • The login password of user root or DRManager in Linux or that of the administrator in Windows has been obtained.
  • The password of the account used by eReplication for accessing databases and the old password have been obtained.
    • In template installation mode, eReplicationto access the database default account is RDDBuser and default password isBCM@GaussDB123.
    • In software package installation mode, The user name and password can be customized.

Context

The account used by eReplication to access databases defaults to RDDBuser whose default password is BCM@GaussDB123.

In Linux, a password can be changed on the CLI.
NOTE:
Run the startx command. If the following information is not displayed, the system supports the X Window System.
Command not found

Procedure

  • In Linux, change the password of the account used by eReplication to access databases as follows (for software package-based installation):

    • GUI mode
      1. Use PuTTY to log in to the eReplication management server as user root.
      2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.
        NOTE:

        After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run exit to exit the system after completing your operations.

      3. Run cd /opt/BCManager/Runtime/bin to enter the script save path.
        NOTE:

        In Linux, the installation path of the eReplication Server is /opt/BCManager. The path is fixed.

      4. Run the sh shutdownSystem.sh command to stop the eReplication Server.
        eReplication is stopped successfully if the following command output is displayed:
        The OceanStor
        BCManager service is shut down successfully.
      5. Run the /etc/init.d/gaussdb start or service gaussdb start command to start the GaussDB database.
      6. Run the sh changedb.sh command to change the password. of the account used to access databases.
      7. Enter the old database password and click Next.

        The new database information page is displayed.

      8. Change information about IP addresses and ports of databases on the eReplication Server side to be inconsistent with that on the database side.
      9. Enter the new database password.
        NOTE:
        The password complexity requirements are as follows:
        • Contains 8 to 15 characters.
        • Contains at least one special character from ~!@#$%^&*()-_=+\[{}];:,./?
        • Must contain at least two of the following types of characters:
          • Uppercase letters
          • Lowercase letters
          • Digits
        NOTE:

        Complexity check of the password to access databases is enabled by default. For O&M security, you are advised to keep this default setting.

        For the password to locally access the database, you can perform the following steps to disable the complexity check:
        1. Run the cd /opt/gs/app/data command to go to the configuration file directory.
        2. Run the vi postgresql.conf command, and edit the hosts file.
        3. Change the value of password_policy to 0.
        4. Press Esc, and run the :wq! command to save the change and exit.
      10. Click Test.

        When the system indicates that the connection is successful, the database can be accessed using the new password.

      11. Click OK. Then click Next.
      12. In the message box indicating that the password is successfully changed, click OK.

        You have changed the database password.

      13. Run the sh startSystem.sh command to start the eReplication Server.
    • CLI mode
      1. Use PuTTY to log in to the eReplication management server as user root.
      2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.
        NOTE:

        After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run exit to exit the system after completing your operations.

      3. Run cd /opt/BCManager/Runtime/bin to enter the script save path.
        NOTE:

        In Linux, the installation path of the eReplication Server is /opt/BCManager. The path is fixed.

      4. Run the sh shutdownSystem.sh command and enter y to stop the eReplication Server.
      5. Run the /etc/init.d/gaussdb start or service gaussdb start command to start the GaussDB database.
      6. Run the sh clichangedb.sh command, enter the old password of the database, and press Enter.
      7. Change information about IP addresses and ports of databases on the eReplication Server side to be inconsistent with that on the database side.
      8. Enter the new password and press Enter.
        NOTE:
        The password complexity requirements are as follows:
        • Contains 8 to 15 characters.
        • Contains at least one special character from ~!@#$%^&*()-_=+\[{}];:,./?
        • Must contain at least two of the following types of characters:
          • Uppercase letters
          • Lowercase letters
          • Digits
        NOTE:

        Complexity check of the password to access databases is enabled by default. For O&M security, you are advised to keep this default setting.

        For the password to locally access the database, you can perform the following steps to disable the complexity check:
        1. Run the cd /opt/gs/app/data command to go to the configuration file directory.
        2. Run the vi postgresql.conf command, and edit the hosts file.
        3. Change the value of password_policy to 0.
        4. Press Esc, and run the :wq! command to save the change and exit.
      9. Enter y and press Enter.
      10. Run the sh startSystem.sh command to start the eReplication Server.

  • In Linux, change the password of the account used by eReplication to access databases as follows (for template-based installation):
    1. Use PuTTY to log in to the OceanStor BCManager management server as user DRManager.

      NOTE:

      The default password of user DRManager is Huawei@CLOUD8.

    2. Run the su root command to switch to user root.
    3. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

      NOTE:

      After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run exit to exit the system after completing your operations.

    4. Run cd /opt/BCManager/Runtime/bin to enter the script save path.

      NOTE:

      In Linux, the installation path of the eReplication Server is /opt/BCManager. The path is fixed.

    5. Run the sh shutdownSystem.sh command, enter y, and press Enter to stop the eReplication Server.
    6. Run the /etc/init.d/gaussdb start or service gaussdb start command to start the GaussDB database.
    7. Run cd /opt/BCManager/Runtime/bin to enter the script save path.

      NOTE:

      In Linux, the installation path of the eReplication Server is /opt/BCManager. The path is fixed.

    8. Run the sh clichangedb.sh command to synchronize the database's password after the configuration. See Changing the Password of the Account Used by the eReplication Server to Access Databases.
    9. Run the sh startSystem.sh command to start the eReplication Server.
  • In Windows, you can change the password of the account used by eReplication to access databases as follows:
    1. Log in to the eReplication management server as an administrator.
    2. Go to the installation path\bin directory.

      NOTE:

      In Windows, the default installation path of the eReplication Server is C:\BCManager\Runtime. The installation path is user-definable. You are advised not to install the eReplication Server on a system disk.

    3. Double-click the shutdownSystem.bat file to stop the eReplication Server.
    4. Double-click the changedb.bat file, enter the old password of the account, and click Next.
    5. Change information about IP addresses and ports of databases on the eReplication Server side to be inconsistent with that on the database side.
    6. Enter the new password of the account, and click Test.

      NOTE:
      The password complexity requirements are as follows:
      • Contains 8 to 15 characters.
      • Contains at least one special character from ~!@#$%^&*()-_=+\[{}];:,./?
      • Must contain at least two of the following types of characters:
        • Uppercase letters
        • Lowercase letters
        • Digits
      NOTE:

      Complexity check of the password to access databases is enabled by default. For O&M security, you are advised to keep this default setting.

      For the password to locally access the database, you can perform the following steps to disable the complexity check:
      1. Go to the Installation directory\gs\app\data directory.
      2. Open file postgresql.conf and change the value of password_policy to 0.
      3. Save the modification and exit.

      When the system indicates that the connection is successful, the database can be accessed using the new password.

    7. Click OK. Then click Next.
    8. In the message box indicating that the password is successfully changed, click OK.

      You have changed the database password.

    9. Double-click the startSystem.vbe file to start the eReplication Server.

Changing the Password of the Account Used to Log In To the GUI

This operation changes the password of a GUI account of eReplication to improve system operation security.

Prerequisites

  • The IP address of eReplication has been obtained.
  • The old password of user admin of eReplication has been obtained.

Context

The default password of user admin is Admin@123.

Procedure

  1. In the address box of Internet Explorer, type https:// management IP address of the VM or physical server that is installed on eReplication:9443 and press Enter.

    Log in to the GUI as user admin.

  2. On the shortcut bar in the upper right corner of the page, click the drop-down arrow next to the login user. In the displayed shortcut menu, choose Modify Password.

    A dialog box is displayed.

  3. Enter the old password and new password, and confirm the new password.

    The password complexity requirements of the password are as follows: You can change the password complexity requirements by configuring system security policies.
    • Contains 8 to 64 characters.
    • Must contain special characters. Contains special characters include !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and spaces.
    • Must contain upper-case letters, lower-case letters, and digits.
    • Cannot be the same as the username or the mirror writing of the username.

  4. Click OK.

Changing the Password of the Account Used for Communication Between Two Sets of eReplication

This operation changes the password of the account used for communication between two sets of eReplication to improve system operation security. This account is a machine-machine account and cannot be used to log in to the eReplication system. The password can be reset only by the super administrator of eReplication.

Prerequisites

The password of user admin has been obtained.

Context

The default password of user SyncAdmin is Admin1@BCM.

Procedure

  1. In the address box of Internet Explorer, type https://management IP address of the VM or physical server that is installed on eReplication:9443 and press Enter.
  2. Log in to the system as user admin.
  3. On the menu bar, select Settings.
  4. In the navigation tree, choose System Administrator > Administrator.
  5. In the line where user SyncAdmin resides, click Reset Password in the operation button area.

    The Reset Password dialog box is displayed.

  6. Change the password of user SyncAdmin.
  7. Click OK.

Follow-up Procedure

After resetting the password of user SyncAdmin, synchronize the change to the HA alarm authentication information. If the remote management server is added on the local management server, change the password of the service authentication information about the remote management server.

NOTE:

In scenarios where the communication account of the remote management server is admin, if the password of admin is changed, you need to change the password of the service authentication information about the remote management server.

Changing the Password of the Account Used to Log In To the Agent

This operation allows system administrators to change the password that configured in the eReplication Agent installation to improve system operation security.

Prerequisites

  • A cross-platform remote access tool, such as PuTTY, has been obtained.
  • The management IP address of the node on which the password is to be changed has been obtained.
  • The login password of user root in Linux or that of the administrator in Windows has been obtained.

Context

The eReplication Agent supports operating systems such as Windows, Linux, AIX, HP-UX, and Solaris. This section uses Windows and Linux as examples to describe how to change the password that is configured during the installation of eReplication Agent.

You must stop the eReplication Agent before changing the password configured during the eReplication Agent installation. eReplication You can no longer manage service hosts (such as database servers) after the eReplication Agent is stopped. Stop the eReplication Agent only for fault diagnosis.

NOTE:
The password complexity requirements are as follows:
  • Contains 8 to 16 characters.
  • Must contain special characters, including `~!@#$%^ &*()-_=+\|[{}];:'",<.>/?
  • Contains at least two of the following types of characters:
    • Uppercase letters
    • Lowercase letters
    • Digits
  • Cannot be the same as the username or mirror writing of the username.
  • Cannot be the same as the old passwords.
  • Cannot contain spaces.

Procedure

  • The following steps describe how to change the password configured during the eReplication Agent installation in Windows:
    1. Log in to the host where eReplication Agent resides as an administrator.
    2. Open the CLI and go to the installation path\bin directory.
    3. Run the agent_stop.bat command to stop the eReplication Agent.
    4. Run the agentcli.exe chgpwd command. Type the old password of the Agent and press Enter. Type the new password and confirm password, and press Enter.

      The password is changed successfully if the following command output is displayed

      Password of admin is modified successfully.
      NOTE:

      admin is the username configured during the eReplication Agent installation.

    5. Run the agent_start.bat command to restart the eReplication Agent to make the configuration take effect.
  • The following steps describe how to change the password configured during the eReplication Agent installation in Linux:
    1. Use PuTTY to log in to the host where the eReplication Agent resides as user root.
    2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

      NOTE:

      After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run exit to exit the system after completing your operations.

    3. Run the su - rdadmin command to switch to user rdadmin.
    4. Run the cd /home/rdadmin/Agent/bin command to go to the script save path.

      NOTE:

      The installation path of the eReplication Agent is /home/rdadmin/Agent. The path is fixed.

    5. Run the sh agent_stop.sh command to stop the eReplication Agent.
    6. Run the /home/rdadmin/Agent/bin/agentcli chgpwd command. Type the old password of the Agent and press Enter. Type the new password and confirm password, and press Enter.

      The password is changed successfully if the following command output is displayed

      Password of admin is modified successfully.
      NOTE:

      admin is the username configured during the eReplication Agent installation.

    7. Run the sh agent_start.sh command to restart the eReplication Agent to make the configuration take effect.

Follow-up Procedure

After you have changed the password that configured in the eReplication Agent installation, log in to the eReplication to change the Agent authentication information on the host, and update the host information.

Changing the Password of the rdadmin Account of the Agent

On a non-Windows operating system, user rdadmin with fewer permissions is used for maintenance operations. You are advised to periodically change user rdadmin's password and disable this user to remote login of the operating system on the eReplication Agent to improve system O&M security.

Prerequisites

  • A cross-platform remote access tool, such as PuTTY, has been obtained.
  • The management IP address of the node on which the password is to be changed has been obtained.
  • The password of user root or rdadmin for logging in to the non-Windows operating system has been obtained.

Context

This section uses Red Hat Linux as an example to describe how to change user rdadmin's password that configured in the installation of the eReplication Agent.

Procedure

  • Method 1: Log in to the system as user root, switch to user rdadmin, and change the password of user rdadmin.
    1. Use PuTTY to log in to the host where the eReplication Agent resides as user root.
    2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

      NOTE:

      After you run this command, the system continues to run when no operation is performed, resulting in a risk. For security purposes, you are advised to run the exit command to exit the system after completing your operations.

    3. Run the su - rdadmin command to switch to user rdadmin.
    4. Run the passwd command to change the password of user rdadmin.

      The command output is displayed as follows:

      Changing password for rdadmin.
      New Password:
      
      NOTE:
      The password must meet the following complexity requirements:
      • Contains at least eight characters.
      • Contains at least the following characters:
        • Uppercase letters
        • Lowercase letters
        • Digits
        • Special characters
      • Cannot be the same as the username or the mirror writing of the username.
      • Cannot be the same as any word in dictionaries.

    5. Enter the new password of rdadmin and press Enter.

      The command output is displayed as follows:

      Reenter New Password:

    6. Enter the new password again and press Enter.

      The password is changed successfully if the following command output is displayed:

      Password changed.

    7. Run the su -root command to switch to user root.
    8. Disable the rdadmin user to remote login.

      • Linux/HP-UX/Solaris

        Run the passwd -l rdadmin command to disable this user to remote login.

      • AIX
        1. Run the vi /etc/security/user command to open the user file.
        2. Press i to go to the edit mode and edit the user file.
        3. Set the value of rlogin of the rdadmin user to false to disable this user to remote login.
        4. Press Esc and run the :wq! command to save the settings and exit.

  • Method 2: Change the password of user rdadmin as user root.
    1. Use PuTTY to log in to the host where the eReplication Agent resides as user root.
    2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

      NOTE:

      After you run this command, the system continues to run when no operation is performed, resulting in a risk. For security purposes, you are advised to run the exit command to exit the system after completing your operations.

    3. Run the passwd rdadmin command to change the password of user rdadmin.

      The command output is displayed as follows:

      Changing password for rdadmin.
      New Password:

    4. Re-enter the original password of user rdadmin and press Enter.

      The command output is displayed as follows:

      Reenter New Password:
      
      NOTE:
      The password must meet the following complexity requirements:
      • Contains at least eight characters.
      • Contains at least the following characters:
        • Uppercase letters
        • Lowercase letters
        • Digits
        • Special characters
      • Cannot be the same as the username or the mirror writing of the username.
      • Cannot be the same as any word in dictionaries.

    5. Enter the new password of rdadmin and press Enter.

      The command output is displayed as follows:

      Reenter New Password:

    6. Enter the new password again and press Enter.

      The password is changed successfully if the following command output is displayed:

      Password changed.

    7. Disable the rdadmin user to remote login.

      • Linux/HP-UX/Solaris

        Run the passwd -l rdadmin command to disable this user to remote login.

      • AIX
        1. Run the vi /etc/security/user command to open the user file.
        2. Press i to go to the edit mode and edit the user file.
        3. Set the value of rlogin of the rdadmin user to false to disable this user to remote login.
        4. Press Esc and run the :wq! command to save the settings and exit.

Changing the Password of the Alarm Reporting (SNMP v3) Account of the Agent

This operation changes the password of the alarm reporting (SNMP v3) account of the Agent for improving the security of system operation and maintenance.

Prerequisites

  • A cross-platform remote access tool, such as PuTTY, has been obtained.
  • The management IP address of the node on which the password is to be changed has been obtained.
  • The login password of user root in Linux or that of the administrator in Windows has been obtained.

Context

The eReplication Agent supports operating systems such as Windows, Linux, AIX, HP-UX, and Solaris. This section uses Windows and Linux as examples to describe how to change the password of the alarm reporting (SNMP v3) account of eReplication Agent.

If the authentication password and data encryption password for SNMP v3 of the Agent is the same, security risks exist. To ensure system security of eReplication, you are advised to set the authentication password and data encryption password to be different ones.

The default authentication password is BCM@DataProtect6 and the default data encryption password is BCM@DataProtect8.

NOTE:
The password complexity requirements are as follows:
  • Contains 8 to 16 characters.
  • Must contain special characters, including `~!@#$%^ &*()-_=+\|[{}];:'",<.>/?
  • Contains at least two of the following types of characters:
    • Uppercase letters
    • Lowercase letters
    • Digits
  • Cannot be the same as the username or mirror writing of the username.
  • Cannot be the same as the old passwords.
  • Cannot contain spaces.

Procedure

  • The following steps describe how to change the password of the alarm reporting (SNMP v3) account of the Agent in Windows:
    1. Log in to the host where eReplication Agent resides as an administrator.
    2. Open the CLI and go to the installation path\bin directory.
    3. Run the agentcli.exe chgsnmp command. Type the login password of the Agent and press Enter.

      Enter password of admin:
      Please choose operation:
      1: Change authentication password
      2: Change private password
      3: Change authentication protocol
      4: Change private protocol
      5: Change security name
      6: Change security Level
      7: Change security model
      8: Change context engine ID
      9: Change context name
      Other: Quit
      Please choose:
      NOTE:

      admin is the username configured during the eReplication Agent installation.

    4. Type the serial number of the authentication password or data encryption password that you want to change and press Enter.
    5. Type the old password and press Enter.
    6. Type the new password and press Enter.
    7. Type the new password again, and press Enter.
  • The following steps describe how to change the password of the alarm reporting (SNMP v3) account of the Agent in Linux:
    1. Use PuTTY to log in to the host where the eReplication Agent resides as user root.
    2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

      NOTE:

      After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run exit to exit the system after completing your operations.

    3. Run the su - rdadmin command to switch to user rdadmin.
    4. Run the /home/rdadmin/Agent/bin/agentcli chgsnmp command. Type the login password of the Agent and press Enter.

      NOTE:

      The installation path of the eReplication Agent is /home/rdadmin/Agent . The path is fixed.

      Enter password of admin:
      Please choose operation:
      1: Change authentication password
      2: Change private password
      3: Change authentication protocol
      4: Change private protocol
      5: Change security name
      6: Change security Level
      7: Change security model
      8: Change context engine ID
      9: Change context name
      Other: Quit
      Please choose:
      NOTE:

      admin is the username configured during the eReplication Agent installation.

    5. Type the serial number of the authentication password or data encryption password that you want to change and press Enter.
    6. Type the old password and press Enter.
    7. Type the new password and press Enter.
    8. Type the new password again, and press Enter.

Follow-up Procedure

After the password of the alarm reporting (SNMP v3) account of the eReplication Agent is changed, log in to eReplication. Change the SNMP v3 information and update the host information.

Changing the Password of the grub Account

GRand UnifiedBootloader (GRUB) loads and manages operating systems (including Windows and Linux). GRUB2 is an updated version of GRUB. After system startup, the startup parameters of the system can be modified on GRUB2. You need to encrypt GRUB2 so that only users who enter the correct password can modify the startup parameters.

Prerequisites

  • A cross-platform remote access tool, such as PuTTY, has been obtained.
  • The management IP address of the node on which the password is to be changed has been obtained.
  • The passwords of users root and DRManager of the eReplication node on which the password is to be changed have been obtained.

Context

In the template-based deployment, the default password of grub is Huawei#12.

Procedure

  1. Use PuTTY to log in as user DRManager to the operating system of the eReplication node on which the password is to be changed.
  2. Run the su - root command and enter the password of user root as prompted to switch to user root.
  3. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

    NOTE:

    After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run exit to exit the system after completing your operations.

  4. Run the grub2-mkpasswd-pbkdf2 command to set the encryption password.

    [root@localhost ~]# grub2-mkpasswd-pbkdf2
    Enter password: 
    Reenter password: 
    PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.D0649C25C42DA547B79AD683974DE105D0F0899C1EFA4AD34BE49E87C5A41C89F9C1E29A88BBDC05584706C89F3FEB5A284A8A85738058A15F21A862A0464E34.CC0D536DF0418B75C34351B635BF209E05B02503B2440C7FE290843287925E0221860080318EC5A8C8D796B29A2C73C6623B6EAAE04FF8840EE6FCEDA3C29C46
    NOTE:
    The encryption algorithm used by GRUB2 is SHA-512.

    Enter the same password in Enter password and Reenter password.

    grub.pbkdf2.sha512.10000.D0649C25C42DA547B79AD683974DE105D0F0899C1EFA4AD34BE49E87C5A41C89F9C1E29A88BBDC05584706C89F3FEB5A284A8A85738058A15F21A862A0464E34.CC0D536DF0418B75C34351B635BF209E05B02503B2440C7FE290843287925E0221860080318EC5A8C8D796B29A2C73C6623B6EAAE04FF8840EE6FCEDA3C29C46 is a display of Huawei#12 after being encrypted by grub2-mkpasswd-pbkdf2. The display differs each time.

  5. At the end of file /etc/grub.d/00_header, add the following field:

    cat <<EOF
    set superusers="root"
    password_pbkdf2 root grub.pbkdf2.sha512.10000.D0649C25C42DA547B79AD683974DE105D0F0899C1EFA4AD34BE49E87C5A41C89F9C1E29A88BBDC05584706C89F3FEB5A284A8A85738058A15F21A862A0464E34.CC0D536DF0418B75C34351B635BF209E05B02503B2440C7FE290843287925E0221860080318EC5A8C8D796B29A2C73C6623B6EAAE04FF8840EE6FCEDA3C29C46
    EOF
    NOTE:
    Set the superusers field to the super administrator of GRUB2.

    The first parameter after the password_pbkdf2 field is the user name of GRUB2 and the second is the ciphertext password of the user.

    If this field already exists, use the new ciphertext password obtained in the previous step to replace the old one.

  6. Run the grub2-mkconfig -o /boot/grub2/grub.cfg to make the modification effective.

    NOTE:
    /boot/grub2/grub.cfg is the configuration file of GRUB2.

Translation
Download
Updated: 2019-05-21

Document ID: EDOC1100075861

Views: 12246

Downloads: 66

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next