How do I change the postgres database user password for RHEV 3.1/3.2?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Virtualization (RHEV) 3.1
  • Red Hat Enterprise Virtualization (RHEV) 3.2

Issue

  • After installation, I need to change the postgres password for my RHEV 3.1/3.2 environment. How do I do this?

Resolution

  1. Log in as root to the RHEV Manager server's console.
  2. Ensure that the PGPASSFILE environment variable is set in root's .bashrc file upon login or run the following command to set it for the current session only:

    # export PGPASSFILE=/etc/ovirt-engine/.pgpass
    
  3. Use the command line utility psql to run the following commands:

    • To change the "engine" user (the postgres admin) password:

      # psql -U postgres -d template1 --no-password -c "ALTER USER engine WITH PASSWORD E'new password with special characters escaped'"  
      
    • To change the "postgres" user (non-admin postgres user) password:

      # psql -U postgres -d template1 --no-password -c "ALTER USER postgres WITH PASSWORD E'new password with special characters escaped'"
      

    For example, to change the passwords to JhtETF!6h:

    # psql -U postgres -d template1 --no-password -c "ALTER USER engine WITH PASSWORD E'JhtETF\\!6h'"
    ALTER ROLE
    
    # psql -U postgres -d template1 --no-password -c "ALTER USER postgres WITH PASSWORD E'JhtETF\\!6h'"
    ALTER ROLE
    
  4. Now, stop the RHEV Manager service:

    # service ovirt-engine stop
    
  5. Change the passwords stored in the database passwords file: /etc/ovirt-engine/.pgpass. Note that this file can only be accessed as root.

    • The format is localhost:5432:<db>:<user>:<password> but to keep it simple, just update any place you see the old password with the new password.
  6. Now the password needs to be encrypted for RHEV Manager to use.

For RHEV 3.1, type:

    # cd /usr/share/jbossas
    # java -cp modules/org/picketbox/main/picketbox.jar:bin/client/jboss-client.jar org.picketbox.datasource.security.SecureIdentityLoginModule <new_password>

For RHEV 3.2, type:

    # cd /usr/share/jbossas
    # java -cp modules/system/layers/base/org/picketbox/main/picketbox.jar:bin/client/jboss-client.jar org.picketbox.datasource.security.SecureIdentityLoginModule <new_password>

Note: The java command will output an encrypted password

  1. Edit the file /etc/sysconfig/ovirt-engine and replace the value of ENGINE_DB_PASSWORD with the output of the previous step.

    ENGINE_DB_PASSWORD=1f0899138d20f26adf8592078de921bc
    
  2. Optional: If the ovirt-engine-dwhd service (RHEVM Reports) is installed and running, the values in the /etc/ovirt-engine/ovirt-engine-dwh/Default.properties file will need to be changed as well:

    ovirtEngineHistoryDbPassword=password
    ovirtEngineDbPassword=password
    
  3. The final step is to start the RHEV Manager service again:

    # service ovirt-engine start
    

What is the difference between the "engine" user and the "postgres" user?

  • The "engine" user is used by the RHEV Manager application to access the engine database
  • The "postgres" user is the superuser for the postgresql instance. In a RHEV environment, this user is typically not used but it can be handy to set this password to be the same as the "engine" user.

Equivalent article for 3.0:

How do I change the postgres database user password for RHEV 3.0?

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

3 Comments

Is this the same process for 3.4 please?

Hi Lorraine,

Can you please specify why do you need to access rhev database?
Starting 3.3 and 3.4 we restricted the access to the database, since changing entries in it, may lead to complete setup corruption.

For any change in the database, and only if recommended by support team, we should use the support plugin script available part of rhevm installation and not log in in to the database manually. There is no use case for the end user to do so, that's why we are not going to update this article, at least not for today and unless a specific use case is stated.
Please open a support ticket, if you need assistance on this subject.

Thanks,
Marina.

HI Marina i also have a problem, i have not set up postgress password during installtion, now i cannot add the host (provider) in the manageiq, keeps throwing an error user postgres logon failed, can you please assist?