How do I change an NFM-P main database password in a redundant system?

Purpose

Perform this procedure to change the password of a user associated with the main database or the auxiliary database in a redundant NFM-P system.

CAUTION 

CAUTION

Service Disruption

The procedure requires a restart of each main server, which is service-affecting.

Perform the procedure only during a scheduled maintenance period.

Note: Before you perform the procedure, you must ensure that each main server, auxiliary server, and database is running and operational.

You can use the procedure to change only one user password at a time. To change multiple user passwords, you must perform the procedure multiple times.

When you change a password on one station, the NFM-P automatically updates the password on all other NFM-P stations.

Note: The NFM-P synchronizes the samauxdb password of an auxiliary database with the SYS password of the main database . When you change the SYS password, the samauxdb password is set to the same value.

Note: The NFM-P synchronizes the samuser password of an auxiliary database with the samuser password of the main database . When you change the samuser password of the main database, the samuser password of the auxiliary database is set to the same value.

Note: The samuser password expires after 180 days.

Steps
 

Log in to the primary main server station as the nsp user.


Open a console window.


CAUTION 

CAUTION

Service Disruption

Contact technical support before you attempt to modify the nms-server.xml file.

Modifying the nms-server.xml file can have serious consequences that can include service disruption.

If you are changing the Oracle SYS user or Oracle database user password, disable the automatic database failover function.

  1. Navigate to the /opt/nsp/nfmp/server/nms/config directory.

  2. Open the nms-server.xml file using a plain-text editor such as vi.

  3. Locate the following parameter entry:

    dbAutoFailOver=value

  4. Record the parameter value.

  5. Edit the entry to read:

    dbAutoFailOver="no"

  6. Save and close the nms-server.xml file.

  7. Navigate to the /opt/nsp/nfmp/server/nms/bin directory.

  8. Enter the following:

    bash$ ./nmsserver.bash read_config ↵

    The configuration change is applied, and automatic database failovers are disabled.

Note: Leave the console window open; it is required later in the procedure.


Navigate to the /opt/nsp/nfmp/server/nms/bin directory.


Enter the following:

bash$ ./nmsserver.bash passwd ↵

The script prompts you for the current Oracle SYS user password.


Enter the password. The script validates the password, and then displays a list of user names like the following

SAM Database Users:

 - sys

 - database_user (installation default is samuser)

Other Database Users:

- sqltxplain

- appqossys

- outln

- dip

- system

- exit


Enter a user name. The script prompts you for a password.


Enter the new password, which must:

  • Be between 4 and 30 characters long

  • Contain at least three of the following:

    • lower-case alphabetic character

    • upper-case alphabetic character

    • numeric character

    • special character, which is one of the following:

      # $ _

  • Not contain four or more of the same character type in sequence

  • Not be the same as the user name or the reverse user name

  • Not contain a space character

  • Differ by at least four characters from the current password

If the password is valid, the script prompts you to retype the password.


Enter the new password again. The following prompt is displayed:

WARNING: Changing passwords may cause instability to the NFM-P server as well as the Oracle proxy on the database server.

Do you want to proceed (yes/no)?:


10 

Enter yes ↵. The script displays status messages and then exits. If the status indicates a password change failure, contact technical support.


11 

Record the password in a secure location.


12 

If you are changing a password other than the SYS or Oracle database user password, go to Step 19.


13 

Stop each main database; stop the standby first, and then the primary.

  1. Log in to the database station as the root user.

  2. Open a console window.

  3. Enter the following:

    systemctl stop nfmp-oracle-proxy.service ↵

  4. Enter the following:

    systemctl stop nfmp-main-db.service ↵

Note: For convenience, leave the console window open; it is required later in the procedure.


14 

Stop the standby main server.

  1. Log in to the standby main server station as the nsp user.

  2. Open a console window.

  3. Navigate to the /opt/nsp/nfmp/server/nms/bin directory.

  4. Enter the following:

    bash$ ./nmsserver.bash stop ↵

  5. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully stopped if the status is the following:

    Application Server is stopped

    If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.

Note: For convenience, leave the console window open; it is required later in the procedure.


15 

Start each main database; start the primary first, and then the standby.

  1. Return to the open console window on the database station.

  2. Enter the following:

    systemctl start nfmp-main-db.service ↵

  3. Enter the following:

    systemctl start nfmp-oracle-proxy.service ↵

  4. Close the console window.


16 

Restart the primary main server.

  1. Return to the open console window on the primary main server station.

  2. Enter the following:

    bash$ ./nmsserver.bash force_restart ↵

    The primary main server restarts.

  3. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully initialized if the status is the following:

    Application Server process is running.  See nms_status for more detail.

    If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.

Note: For convenience, leave the console window open; it may be required later in the procedure.


17 

Start the standby main server.

  1. Return to the open console window on the standby main server station.

  2. Enter the following:

    bash$ ./nmsserver.bash start ↵

  3. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully initialized if the status is the following:

    Application Server process is running.  See nms_status for more detail.

    If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.

  4. Close the console window.

  5. Log out of the standby main server station.


18 

If the NFM-P is in a shared-mode NSP system, perform the following steps on the NSP cluster in each data center.

Note: You must perform the steps on the cluster in the standby data center first.

  1. Log on as the root user on the NSP cluster host.

  2. Open a console window.

  3. Enter the following:

    cd /opt ↵

  4. Enter the following:

    sftp root@deployer_IP

    where deployer_IP is the NSP deployer host IP address

    The prompt changes to sftp>.

  5. Enter the following:

    sftp> cd /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/tools/database ↵

  6. Enter the following:

    sftp> get sync-auxdb-password.bash ↵

  7. Enter the following:

    sftp> quit ↵

  8. Enter the following:

    chmod 777 sync-auxdb-password.bash ↵

  9. Enter the following:

    ./sync-auxdb-password.bash ↵

    Output like the following is displayed:

    timestamp: Synchronizing password for Auxiliary DB Output...

    timestamp: deployment.apps/tlm-vertica-output scaled

    timestamp: secret/tlm-vertica-output patched

    timestamp: deployment.apps/tlm-vertica-output scaled

    timestamp: Synchronization completed.


19 
CAUTION 

CAUTION

Service Disruption

Modifying the nms-server.xml file can have serious consequences that can include service disruption.

Contact technical support before you attempt to modify the file.

If the dbAutoFailOver value recorded in Step 3 is yes, re-enable the automatic database failover function.

  1. Navigate to the /opt/nsp/nfmp/server/nms/config directory on the primary main server station.

  2. Open the nms-server.xml file using a plain-text editor such as vi.

  3. Locate the following parameter entry:

    dbAutoFailOver="no"

  4. Edit the entry to read:

    dbAutoFailOver="yes"

  5. Save and close the nms-server.xml file.

  6. Navigate to the /opt/nsp/nfmp/server/nms/bin directory.

  7. Enter the following:

    bash$ ./nmsserver.bash read_config ↵

    The configuration change is applied, and automatic database failovers are enabled.


20 

Close the open console windows.


21 

Log out of the primary main server station.

End of steps