How do I update the Keycloak OpenSearch client secret?
Purpose
|
CAUTION Potential Service Disruption |
Updating the OpenSearch Keycloak secret requires a shutdown and restart of the Keycloak pod, which is service-affecting.
Ensure that you perform the procedure only during a scheduled maintenance window under the guidance of technical support.
Perform this procedure to update the Keycloak OpenSearch client secret on either a standalone NSP deployment or a DR deployment.
Steps
1 |
Open a terminal session to the NSP deployer VM and log in as the root or NSP admin user. |
2 |
On the active deployer VM, update the keycloak-opensearch-client user name (OpenSearch Client ID) to the desired new ID value: # <deployer dir>/nspdeployerctl secret -n nsp-psa-restricted -s keycloak-opensearch-client -v keycloak-opensearch-client=<new_id> update |
3 |
(Optional) If the secret value also needs to be updated, on the active deployer VM, update the keycloak-opensearch-client secret (Opensearch Client Secret) to the desired new secret value: # <deployer dir>/nspdeployerctl secret -n nsp-psa-restricted -s keycloak-opensearch-client -v keycloak-opensearch-client-secret=<new_secret> update |
4 |
Restart the Keycloak pod. |
5 |
If this update is on a DR deployment, backup the updated keycloak-opensearch-client secret to a file and copy it to the standby deployer VM. On the active deployer VM: # <deployer dir>/nspdeployerctl secret -n nsp-psa-restricted -s keycloak-opensearch-client -o keycloak-opensearch-client.aes fetch |
6 |
Copy over the keycloak-opensearch-client.aes file from the active deployer VM to the standby deployer VM. |
7 |
Open a terminal session to the standby deployer VM and log in as the root or NSP admin user. |
8 |
On the standby deployer VM, update the keycloak-opensearch-client secret: # <deployer dir>/nspdeployerctl secret -n nsp-psa-restricted -s keycloak-opensearch-client -f keycloak-opensearch-client.aes update End of steps |