How do I change the postgres database user password for RHEV 3.1/3.2?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Virtualization (RHEV) 3.1
  • Red Hat Enterprise Virtualization (RHEV) 3.2

Issue

  • After installation, I need to change the postgres password for my RHEV 3.1/3.2 environment. How do I do this?

Resolution

  1. Log in as root to the RHEV Manager server's console.
  2. Ensure that the PGPASSFILE environment variable is set in root's .bashrc file upon login or run the following command to set it for the current session only:

    # export PGPASSFILE=/etc/ovirt-engine/.pgpass
    
  3. Use the command line utility psql to run the following commands:

    • To change the "engine" user (the postgres admin) password:

      # psql -U postgres -d template1 --no-password -c "ALTER USER engine WITH PASSWORD E'new password with special characters escaped'"  
      
    • To change the "postgres" user (non-admin postgres user) password:

      # psql -U postgres -d template1 --no-password -c "ALTER USER postgres WITH PASSWORD E'new password with special characters escaped'"
      

    For example, to change the passwords to JhtETF!6h:

    # psql -U postgres -d template1 --no-password -c "ALTER USER engine WITH PASSWORD E'JhtETF\\!6h'"
    ALTER ROLE
    
    # psql -U postgres -d template1 --no-password -c "ALTER USER postgres WITH PASSWORD E'JhtETF\\!6h'"
    ALTER ROLE
    
  4. Now, stop the RHEV Manager service:

    # service ovirt-engine stop
    
  5. Change the passwords stored in the database passwords file: /etc/ovirt-engine/.pgpass. Note that this file can only be accessed as root.

    • The format is localhost:5432:<db>:<user>:<password> but to keep it simple, just update any place you see the old password with the new password.
  6. Now the password needs to be encrypted for RHEV Manager to use.

For RHEV 3.1, type:

    # cd /usr/share/jbossas
    # java -cp modules/org/picketbox/main/picketbox.jar:bin/client/jboss-client.jar org.picketbox.datasource.security.SecureIdentityLoginModule <new_password>

For RHEV 3.2, type:

    # cd /usr/share/jbossas
    # java -cp modules/system/layers/base/org/picketbox/main/picketbox.jar:bin/client/jboss-client.jar org.picketbox.datasource.security.SecureIdentityLoginModule <new_password>

Note: The java command will output an encrypted password

  1. Edit the file /etc/sysconfig/ovirt-engine and replace the value of ENGINE_DB_PASSWORD with the output of the previous step.

    ENGINE_DB_PASSWORD=1f0899138d20f26adf8592078de921bc
    
  2. Optional: If the ovirt-engine-dwhd service (RHEVM Reports) is installed and running, the values in the /etc/ovirt-engine/ovirt-engine-dwh/Default.properties file will need to be changed as well:

    ovirtEngineHistoryDbPassword=password
    ovirtEngineDbPassword=password
    
  3. The final step is to start the RHEV Manager service again:

    # service ovirt-engine start
    

What is the difference between the "engine" user and the "postgres" user?

  • The "engine" user is used by the RHEV Manager application to access the engine database
  • The "postgres" user is the superuser for the postgresql instance. In a RHEV environment, this user is typically not used but it can be handy to set this password to be the same as the "engine" user.

Equivalent article for 3.0:

How do I change the postgres database user password for RHEV 3.0?

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments