This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee Hybrid Cassendra password reset Apigee Hybrid 1.8.x

Posted on 01-21-2023 01:42 PM
aramkrishna6
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hi,

As per article  lists the manual changes to Apigee Hybrid Cassendra. which will require required credentials to access to say AKS runtime cluster

Have following query

2) Listed step indicates about listed  local service. Do this service name remains same irrespective of

any type of Apigee Hybrid runtime eg (AKS or GKE ) or may  vary ? , if so what those could be..  

 Connect to the cqlsh shell using ddl_user:

cqlsh apigee-cassandra-default-0.apigee-cassandra-default.apigee.svc.cluster.local -u ddl_user --ssl

2) Looks like password is stored in CS database as well as in Kubernetes secret both places? And hence

will require to run the cqlsh against Apigee Cassendra DB and additionally follow listed step Configuring TLS for Cassandra  |  Apigee X  |  Google Cloud for Kubernetes secret ie both ?

Listed article indicates "To update Cassandra passwords in an Apigee hybrid environment, we need to update them in the Cassandra database and in Kubernetes secrets used by Apigee MART, runtime and Synchronizer pods."

@dino  @imesh @rajeshmi 

 

0 1 119
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
paul-wright
Staff
Reply posted on --/--/---- --:-- AM

Hi,

First, please be aware that changing the passwords associated with Cassandra will require a downtime. If you have a multi-region deployment, changing the passwords can become more complicated due to the Cassandra ring.

Regarding your first question on whether the FQDN changes based on platform. I do not believe so, at least not with a standard k8s configuration. A network overlay like Calico may impact the naming. You could check it, but I believe checking it will require running a lookup from within a pod on the cluster. See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
I would give it a try with the provided name.

The second question on where are the passwords stored. Yes, they are stored in 2 locations after Apigee is initially deployed. Cassandra will have a copy and there will be a k8s secret with a copy. The referenced docs are correct. Another way to find out more is to use the --print-yaml feature of apigeectl. You can search the output and find the details for the secret that is created with the passwords: https://cloud.google.com/apigee/docs/hybrid/v1.8/cli-reference.html#print
Do not forget to restart the listed components after changing the secret.

0 Likes
Top Solution Authors
View all