Red Hat SummitOpenShift Container Storage is now OpenShift Data Foundation starting with version 4.9.
第5章 マルチクラウドオブジェクトゲートウェイのセキュリティーを強化するために、デフォルトのアカウント資格情報を変更する
コマンドラインインターフェイスを使用して Multicloud Object Gateway (MCG) アカウントの資格情報を変更およびローテーションし、アプリケーションの問題を防ぎ、アカウントのセキュリティーを強化します。
前提条件
- 実行中の OpenShift Data Foundation Platform。
管理を容易にするマルチクラウドオブジェクトゲートウェイ (MCG) コマンドラインインターフェイスをダウンロードします。
Copy to Clipboard Copied! Toggle word wrap Toggle overflow subscription-manager repos --enable=rh-odf-4-for-rhel-8-x86_64-rpms
# subscription-manager repos --enable=rh-odf-4-for-rhel-8-x86_64-rpmsCopy to Clipboard Copied! Toggle word wrap Toggle overflow yum install mcg
# yum install mcg重要サブスクリプションマネージャーを使用してリポジトリーを有効にするための適切なアーキテクチャーを指定します。
IBM Power の場合は、次のコマンドを使用します。
Copy to Clipboard Copied! Toggle word wrap Toggle overflow subscription-manager repos --enable=rh-odf-4-for-rhel-8-ppc64le-rpms
# subscription-manager repos --enable=rh-odf-4-for-rhel-8-ppc64le-rpmsIBM Z インフラストラクチャーの場合は、以下のコマンドを使用します。
Copy to Clipboard Copied! Toggle word wrap Toggle overflow subscription-manager repos --enable=rh-odf-4-for-rhel-8-s390x-rpms
# subscription-manager repos --enable=rh-odf-4-for-rhel-8-s390x-rpms
または、MCG パッケージを、Download RedHat OpenShift Data Foundation ページにある OpenShift Data Foundation RPM からインストールできます。
重要お使いのアーキテクチャーに応じて、正しい製品バリアントを選択します。
5.1. noobaa アカウントパスワードのリセット
手順
noobaa アカウントのパスワードをリセットするには、次のコマンドを実行します。
Copy to Clipboard Copied! Toggle word wrap Toggle overflow noobaa account passwd <noobaa_account_name> [options]
$ noobaa account passwd <noobaa_account_name> [options]Copy to Clipboard Copied! Toggle word wrap Toggle overflow noobaa account passwd
$ noobaa account passwd FATA[0000] ❌ Missing expected arguments: <noobaa_account_name> Options: --new-password='': New Password for authentication - the best practice is to omit this flag, in that case the CLI will prompt to prompt and read it securely from the terminal to avoid leaking secrets in t he shell history --old-password='': Old Password for authentication - the best practice is to omit this flag, in that case the CLI will prompt to prompt and read it securely from the terminal to avoid leaking secrets in the shell history --retype-new-password='': Retype new Password for authentication - the best practice is to omit this flag, in that case the CLI will prompt to prompt and read it securely from the terminal to avoid leaking secrets in the shell history Usage: noobaa account passwd <noobaa-account-name> [flags] [options] Use "noobaa options" for a list of global command-line options (applies to all commands).以下に例を示します。
Copy to Clipboard Copied! Toggle word wrap Toggle overflow noobaa account passwd admin@noobaa.io
$ noobaa account passwd admin@noobaa.io出力例:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Enter old-password: [got 24 characters] Enter new-password: [got 7 characters] Enter retype-new-password: [got 7 characters] INFO[0017] ✅ Exists: Secret "noobaa-admin" INFO[0017] ✅ Exists: NooBaa "noobaa" INFO[0017] ✅ Exists: Service "noobaa-mgmt" INFO[0017] ✅ Exists: Secret "noobaa-operator" INFO[0017] ✅ Exists: Secret "noobaa-admin" INFO[0017] ✈️ RPC: account.reset_password() Request: {Email:admin@noobaa.io VerificationPassword:* Password:*} WARN[0017] RPC: GetConnection creating connection to wss://localhost:58460/rpc/ 0xc000402ae0 INFO[0017] RPC: Connecting websocket (0xc000402ae0) &{RPC:0xc000501a40 Address:wss://localhost:58460/rpc/ State:init WS:<nil> PendingRequests:map[] NextRequestID:0 Lock:{state:1 sema:0} ReconnectDelay:0s cancelPings:<nil>} INFO[0017] RPC: Connected websocket (0xc000402ae0) &{RPC:0xc000501a40 Address:wss://localhost:58460/rpc/ State:init WS:<nil> PendingRequests:map[] NextRequestID:0 Lock:{state:1 sema:0} ReconnectDelay:0s cancelPings:<nil>} INFO[0020] ✅ RPC: account.reset_password() Response OK: took 2907.1ms INFO[0020] ✅ Updated: "noobaa-admin" INFO[0020] ✅ Successfully reset the password for the account "admin@noobaa.io"Enter old-password: [got 24 characters] Enter new-password: [got 7 characters] Enter retype-new-password: [got 7 characters] INFO[0017] ✅ Exists: Secret "noobaa-admin" INFO[0017] ✅ Exists: NooBaa "noobaa" INFO[0017] ✅ Exists: Service "noobaa-mgmt" INFO[0017] ✅ Exists: Secret "noobaa-operator" INFO[0017] ✅ Exists: Secret "noobaa-admin" INFO[0017] ✈️ RPC: account.reset_password() Request: {Email:admin@noobaa.io VerificationPassword:* Password:*} WARN[0017] RPC: GetConnection creating connection to wss://localhost:58460/rpc/ 0xc000402ae0 INFO[0017] RPC: Connecting websocket (0xc000402ae0) &{RPC:0xc000501a40 Address:wss://localhost:58460/rpc/ State:init WS:<nil> PendingRequests:map[] NextRequestID:0 Lock:{state:1 sema:0} ReconnectDelay:0s cancelPings:<nil>} INFO[0017] RPC: Connected websocket (0xc000402ae0) &{RPC:0xc000501a40 Address:wss://localhost:58460/rpc/ State:init WS:<nil> PendingRequests:map[] NextRequestID:0 Lock:{state:1 sema:0} ReconnectDelay:0s cancelPings:<nil>} INFO[0020] ✅ RPC: account.reset_password() Response OK: took 2907.1ms INFO[0020] ✅ Updated: "noobaa-admin" INFO[0020] ✅ Successfully reset the password for the account "admin@noobaa.io"重要管理者アカウントの資格情報にアクセスするには、端末から
noobaa statusコマンドを実行します。Copy to Clipboard Copied! Toggle word wrap Toggle overflow -------------------- - Mgmt Credentials - -------------------- email : admin@noobaa.io password : ***
-------------------- - Mgmt Credentials - -------------------- email : admin@noobaa.io password : ***
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}