KB Article #166267
LEC: Changing the IP address, username and password of the external database
Problem
We need to change the username, password and IP address of the database server which the SecureTransport nodes are using. What are the appropriate actions to do this?
Resolution
Before changing the configurations of the database server, all the ST services must be stopped with the $FILEDRIVEHOME/bin/stop_all
command.
For versions 5.3.6 and above
Start the admin service only with $FILEDRIVEHOME/bin/start_admin
.
Login to the Admin UI and go to Setup → Database Settings. You can change the Host, Port, User name, Password or DB name on that page. If you have set separate databases for Server Log and File Tracking, these can be changed under "Show Advanced Settings" as well.
ST will check if it can connect to the DB using the new values specified. If the connection is not successful the configuration will not be applied.
After all changes are done and the connection test returns "Connection to Oracle Database is successful." you can proceed and apply the change on the remaining cluster nodes one by one.
If the above procedure fails for some reason, proceed with the steps described in the selection of this article for versions ST 5.3.3 and below.
For versions 5.3.3 and below
Take a backup of the $FILEDRIVEHOME/conf/configuration.xml
file.
Edit the file.
The DB connection settings are described in blocks similar to the below:
<Database_*Component databaseName="DB_NAME" databaseType="oracle" host="DB_ADDRESS" password="DB_PASSWORD_HASH" port="DB_PORT" user="DB_USERNAME" ...>
You can change the host, port, DB name and DB username in each component's block in the following parameters: host="DB_ADDRESS"
, user="DB_USERNAME"
, databaseName="DB_NAME"
and port="DB_PORT"
.
Changing the password
The password needs to be hashed before changing it in the $FILEDRIVEHOME/conf/configuration.xml
file. Follow the step below.
For Linux and UNIX
Source the /etc/fd/env.sh
or /opt/Axway/Securetransport/profile.shSecureTransport
(or the *.csh*
version the scripts, depending on what Shell you are using). Examples:
source /etc/fd/env.sh
or
source $FILEDRIVEHOME/profile.shSecureTransport
Go to to $FILEDRIVEHOME/bin/utils
and execute the following command:
aesenc [PASSWORD]
where [PASSWORD]
is the new user's password in plain text. Copy the resulting hash in a new text file.
Go back to the $FILEDRIVEHOME/conf/configuration.xml
file and paste the new hash in each component's block in the password="DB_PASSWORD_HASH"
parameter.
Do not alter the
truststore related line which is looking like the below
<databasetruststore password="PASSWORD_HASH" path="lib/certs/issuers/truststore" syncwithservertruststore="true"></databasetruststore>
For Windows
Open the Cygwin shell. Refer to KB 178648 for information how to launch and use the Cygwin shell.
Source the profile.shSecureTransport
with the following command:
source ./profile.shSecureTransport
Go to to $FILEDRIVEHOME/bin/utils
and execute the following command:
aesenc [PASSWORD]
where [PASSWORD]
is the new user's password in plain text. Copy the resulting hash in a new text file.
Go back to the $FILEDRIVEHOME/conf/configuration.xml
file and paste the new hash in each component's block in the password="DB_PASSWORD_HASH"
parameter.
Do not alter the
truststore related line which is looking like the below
<databasetruststore password="PASSWORD_HASH" path="lib/certs/issuers/truststore" syncwithservertruststore="true"></databasetruststore>
After saving the new settings in $FILEDRIVEHOME/conf/configuration.xml
, check the network connectivity between ST and the database and start the ST services with $FILEDRIVEHOME/bin/start_all
.
Verify that the server operates normally and repeat the above steps on each remaining node of the cluster.