HP HPE VAN SDN Controller 2.7 - Cassandra Keystore and Truststore Locations and Passwords; Security Procedure

231 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Cassandra keystore and truststore locations and passwords

The Cassandra keystore and truststore are referenced by the

com.hp.sdn.teaming.impl.CassandraProcessManager component. To change the

passwords keystore.password and truststore.password of this component:

1. From the controller UI, select Configurations, then select the System tab.

2. Select the com.hp.sdn.teaming.impl.CassandraProcessManager component.

3. Select Modify.

The stores are located in /opt/sdn/cassandra/config/.keystore and

/opt/sdn/cassandra/config/.truststore. Only a trusted authority should sign the

certificates. You must install each of the certificates in the .truststore file of all of the nodes

in the team.

Security procedure

IMPORTANT: Hewlett Packard Enterprise strongly recommends that you change all default

credentials to not expose any access to the controller.

Change the values from the defaults for the following:

• Keystore password

• Truststore password

• Admin Token

• Service Token

• Jarsigning

1. Log into http://<controller_IP>:/8443/sdu/ui as the sdn user.

2. From the controller UI, select Configurations. Then select the System tab.

3. Select the component com.hp.sdn.adm.auth.impl.AuthenticationManager.

4. Select Modify and change the default values for the following keys to the newly chosen

credentials:

• Set the AdminToken key to the newly chosen Keystone (authentication) admin token.

• Set the ServiceToken to the newly chosen internal communication secret.

• Set the KeystorePass to the value that you will be using to secure the SSL Keystore.

• Set the TruststorePass to the value that you will be using to secure the SSL

Truststore.

And specific to Keystone, set the ConnSSLClientAuth key to true.

5. Update the Keystone admin token in the file etc/keystone/keystone.conf.

a. Change the admin token from the default admin_token=ADMIN to

admin_token=<newAdminToken>

Where the <newAdminToken> is the newly chosen AdminToken value you entered

in step 4. If the line is commented out, remove the # sign in front of the line.

b. Restart the Keystone service (sudo service keystone restart).

6. Update the keystore password to match the newly chosen KeystorePass value you entered

in step 4 using the following:

/opt/sdn/openjdk8-jre/bin/keytool -storepasswd -storepass

<OldKeystorePass> -new <newKeystorePass> -keystore

/opt/sdn/admin/keystore

Cassandra keystore and truststore locations and passwords 125

Table of Contents

Related product manuals

Preview: HP HPE MR Gen11

HP HPE MR Gen11

Preview: HP P420

Preview: HP 4400

Preview: HP MSM7XX

Preview: HP MSM720

Preview: HP E-MSM720

Preview: HP MR Gen10 Plus

HP MR Gen10 Plus

Preview: HP 9000 300 Series

HP 9000 300 Series

Preview: HP Smart Array P830

HP Smart Array P830

Preview: HP Smart Array P800

HP Smart Array P800

Preview: HP StorageWorks P2000

HP StorageWorks P2000