Infrastructure at your Service

Morgan Patou

Documentum – Change password – 8 – FT – Dsearch & xDB

Here we are, already, at the end of my series of blogs about the “Change Password”. This blog will, as already mentioned in a previous one, talk about the Dsearch and xDB passwords. I could have created a lot more blogs in this series but I already presented the most important and most interesting ones so this blog will be the last one – at least for now ;).

 

Please note that below, I will set the same password for the Dsearch admin account and for the xDB. The reason for that is pretty simple: this is what Documentum is doing by default when you install a PrimaryDsearch. Indeed, when you install a Dsearch, the installer will ask you to enter the Dsearch admin account which is the JBoss instance admin account (this blog explained how to change a JBoss Admin password) and it will use this password for the xDB too.

If you want to use a different password, then you can potentially define three passwords here: xDB Admin password, xDB Superuser password and Dsearch JBoss instance password.

 

The xDB (find more info here about what it is) provides a command line interface to manage it (repair, create, list, aso…) which is the “XHCommand” but you aren’t able to change the different passwords through this CLI ;(. Therefore, before even starting with this blog, you will have to start a X Server or something similar, to be able to open the xDB Admin GUI (“XHAdmin”). For this blog, I installed a new VM and I also installed the complete graphical interface on it (my first time in a very long time) in order to have some screenshots that aren’t too ugly…

 

So first of all, let’s login to the Full Text Server and open the xDB Admin GUI:

[xplore@full_text_server_01 ~]$ cd $XPLORE_HOME/dsearch/xhive/admin/
[xplore@full_text_server_01 ~]$ ./XHAdmin

 

Just a small funny note, when you will close the XHAdmin tool, you will see that EMC thanks you for using this tool: “Thank you for using EMC Documentum xDB”. I guess this is your reward for having to open a GUI to change a password, in 2017 ;).

 

At this point, the xDB Admin Client will be opened but not connected. So the first thing to do is to connect to the xDB with the CURRENT Dsearch Admin credentials:

  • Click on the “connect” button
  • Set the “Database name” to: xhivedb
  • Set the “Username” to: Administrator
  • Set the “Password” to: ###CURRENT_DSEARCH_ADMIN_PWD###
  • Click on the “OK” button

Dsearch-xDB_Change_Password_1

 

Then you will be connected to the xDB. Therefore, it is now time to change the Superuser password:

  • Click on the “Federation > Change superuser password” menu
  • Set the “New superuser password” to: ###NEW_DSEARCH_ADMIN_PWD###
  • Set the “Retype password” to: ###NEW_DSEARCH_ADMIN_PWD###
  • Click on the “OK” button
  • A pop-up will be opened with a title “Enter superuser password”. Enter the ###CURRENT_DSEARCH_ADMIN_PWD### in it and click on OK to validate the change.

Dsearch-xDB_Change_Password_2

 

After that, time to change the Admin password itself. Here, you have the use the new Superuser password that has been defined above and then define the new Admin password:

  • Click on the “Database > Reset admin password” menu
  • Set the “Database name” to: xhivedb
  • Set the “Superuser password” to: ###NEW_DSEARCH_ADMIN_PWD###
  • Set the “Administrator password” to: ###NEW_DSEARCH_ADMIN_PWD###
  • Set the “Retype password” to: ###NEW_DSEARCH_ADMIN_PWD###
  • Click on the “OK” button

Dsearch-xDB_Change_Password_3

 

At this point, the xDB Superuser and Admin passwords have been defined so you can close the xDB Admin Client (Database > Exit) and we can go back to the command line. Ok so now let’s stop the xPlore components in order to reflect these changes on the configuration files:

[xplore@full_text_server_01 ~]$ read -s -p "Please enter the NEW Dsearch Admin password: " newpw; echo
Please enter the NEW Dsearch Admin password:
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ cd $XPLORE_HOME/jboss7.1.1/server
[xplore@full_text_server_01 ~]$ for i in `ls stop*.sh`; do ./${i}; done
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ cd $XPLORE_HOME/jboss7.1.1/server/DctmServer_PrimaryDsearch/deployments/dsearch.war/WEB-INF/classes/
[xplore@full_text_server_01 ~]$ cp indexserver-bootstrap.properties indexserver-bootstrap.properties_bck_$(date +"%Y%m%d-%H%M%S")
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ grep "password=" indexserver-bootstrap.properties
superuser-password=AAAAEF1hfFDU0zff6A6Mmd1f6Le8VvxPmLxF11ZdzjVo5KU/
adminuser-password=AAAAEF1hfFDU0zff6A6Mmd1f6Le8VvxPmLxF11ZdzjVo5KU/
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ sed -i "s,password=.*,password=${newpw}," indexserver-bootstrap.properties
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ grep "password=" indexserver-bootstrap.properties
superuser-password=New_Dsearch_Admin_Pwd
adminuser-password=New_Dsearch_Admin_Pwd
[xplore@full_text_server_01 ~]$

 

As you can see above, I’m defining the environment variable with the NEW Dsearch Admin Password and then I’m replacing the superuser and adminuser encrypted OLD password inside the file indexserver-bootstrap.properties with the non-encrypted NEW password. It was the same for both before and it is still the same for both after. Don’t worry about putting the non-encrypted NEW password in this properties file, it will be encrypted automatically at the next start of the PrimaryDsearch. So now, let’s start the Dsearch only to verify if the passwords have been encrypted successfully and then we can update the Dsearch JBoss Admin password:

[xplore@full_text_server_01 ~]$ cd $XPLORE_HOME/jboss7.1.1/server
[xplore@full_text_server_01 ~]$ nohup ./startPrimaryDsearch.sh >> nohup-PrimaryDsearch.out 2>&1 &
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ sleep 60
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ grep "password=" ./DctmServer_PrimaryDsearch/deployments/dsearch.war/WEB-INF/classes/indexserver-bootstrap.properties
superuser-password=AAAAFAq2fFwiHf21P98hRch982+1hEDGe824E21eL21e9c57f6A
adminuser-password=AAAAFAq2fFwiHf21P98hRch982+1hEDGe824E21eL21e9c57f6A
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ cd $XPLORE_HOME/jboss7.1.1/server/DctmServer_PrimaryDsearch/configuration
[xplore@full_text_server_01 ~]$ cp dctm-users.properties dctm-users.properties_bck_$(date +"%Y%m%d-%H%M%S")
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ encrypted_newpw=`grep "adminuser-password=" ../deployments/dsearch.war/WEB-INF/classes/indexserver-bootstrap.properties | sed 's,adminuser-password=,,'`
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ echo "# users.properties file to use with UsersRolesLoginModule" > dctm-users.properties
[xplore@full_text_server_01 ~]$ echo "admin=${encrypted_newpw}" >> dctm-users.properties
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ cat dctm-users.properties
# users.properties file to use with UsersRolesLoginModule
admin=AAAAFAq2fFwiHf21P98hRch982+1hEDGe824E21eL21e9c57f6A
[xplore@full_text_server_01 ~]$

 

If you are referring to the JBoss Admin password blog I already published and that I linked above, you could think that there is nothing more to be done but actually there is one more file that needs to be updated when it comes to the Dsearch Admin password and this file is the xplore.properties:

[xplore@full_text_server_01 ~]$ cd $XPLORE_HOME/dsearch/admin/
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ grep -B2 "password=" xplore.properties
# Specify admin password for xPlore primary instance
# It is highly suggested to input the encrypted password, you can get it from indexserver-bootstrap.properties
password=AAAAEF1hfFDU0zff6A6Mmd1f6Le8VvxPmLxF11ZdzjVo5KU/
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ sed -i "s,password=.*,password=${encrypted_newpw}," xplore.properties
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ grep -B2 "password=" xplore.properties
# Specify admin password for xPlore primary instance
# It is highly suggested to input the encrypted password, you can get it from indexserver-bootstrap.properties
password=AAAAFAq2fFwiHf21P98hRch982+1hEDGe824E21eL21e9c57f6A
[xplore@full_text_server_01 ~]$

 

To complete the changes, we can now restart all xPlore components and verify that the PrimaryDsearch has been started properly:

[xplore@full_text_server_01 ~]$ cd $XPLORE_HOME/jboss7.1.1/server
[xplore@full_text_server_01 ~]$ ./stopPrimaryDsearch.sh
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ sleep 30
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ nohup ./startPrimaryDsearch.sh >> nohup-PrimaryDsearch.out 2>&1 &
[xplore@full_text_server_01 ~]$ for i in `ls startIndexag*.sh`; do ia=`echo $i|sed 's,start\(.*\).sh,\1,'`; nohup ./$i >> nohup-$ia.out 2>&1 &; done
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ sleep 30
[xplore@full_text_server_01 ~]$
[xplore@full_text_server_01 ~]$ curl -g --user admin -D - http://localhost:9305/management --header "Content-Type: application/json" -d '{"operation":"read-attribute","name":"server-state","json.pretty":1}'
Enter host password for user 'admin':
HTTP/1.1 200 OK
Transfer-encoding: chunked
Content-type: application/json
Date: Sun, 23 Jul 2017 08:14:56 GMT

{
    "outcome" : "success",
    "result" : "running"
}
[xplore@full_text_server_01 ~]$

 

To be sure, you can also open the Dsearch Admin UI (E.g.: https://hostname:9302/dsearchadmin) and then log in with the NEW Dsearch Admin password. If the login is working, you should be good to go! :)

 

 

Leave a Reply


− 3 = six

Morgan Patou
Morgan Patou

Senior Consultant