Update - 4th Feb 2022:
In Apigee Hybrid the Cassandra credentials are defined in the overrides.yaml
file or their default values will be taken from the config/values.yaml
file:
cassandra: ... auth: default: password: "iloveapis123" admin: password: "iloveapis123" ddl: password: "iloveapis123" dml: password: "iloveapis123" jmx: username: "jmxuser" password: "iloveapis123" jolokia: username: "jolokiauser" password: "iloveapis123"
Once the installation is complete, apigeectl does not allow changing them. You could find this information on the Changing the default passwords in the overrides file documentation page:
Note: You can only change these defaults at the time of initial setup. Password rotation or change after hybrid setup is not possible.
In Cassandra, user credentials are stored in the database itself. Hence, once Cassandra is installed we need to connect to the Cassandra database and change the passwords of those users. This can be done in following steps:
1. Start a cqlsh client pod:
kubectl run -i --tty --restart=Never --rm --image google/apigee-hybrid-cassandra-client:1.0.0 cqlsh
2. Connect to the cqlsh shell using ddl_user:
cqlsh apigee-cassandra-default-0.apigee-cassandra-default.apigee.svc.cluster.local -u ddl_user --ssl
3. List all users:
ddl_user@cqlsh> SELECT * FROM system_auth.roles;
An example output:
role | can_login | is_superuser | member_of | salted_hash ------------+-----------+--------------+-----------+-------------------------------------------------------------- cassandra | True | True | null | $2a$10$98HgK1FA97DaJO7apBU3uee7VzAQvmYwuCtNwhkDuNMl6vrxnHsE2 jmxuser | True | False | null | $2a$10$SsHV1ezshryrHPUJvwV.auoJhMYToSPyoLNZbZWE4fR8ghNaVaHvq dml_user | True | False | null | $2a$10$HVFy9eg6CaZbAOwGZT5iOeZuMtXzuaVqICDsyTSntiaeiLC1IS0sm admin_user | True | True | null | $2a$10$z/tGMp8QvyQHwHIbyfXLo.pF0hWefRaQ.v8v3SRNrX4377uvOR6P. ddl_user | True | False | null | $2a$10$LabVlsAr7Cm2IawaJbIcweBqyOdqf0Dm6XyjUAmbCPoiIJ9uQux.u
4. Now, update the password of a specific user by executing below SQL, set username and password accoringly:
ALTER USER ddl_user WITH PASSWORD 'new-password';
5. Exit from cqlsh:
quit
6. Verify the new password given above by connecting to the cqlsh again:
cqlsh apigee-cassandra-default-0.apigee-cassandra-default.apigee.svc.cluster.local -u ddl_user --ssl