第 5 章 更改默认帐户凭证以确保在 Multicloud 对象网关中提高安全性
使用命令行界面更改并轮转 Multicloud 对象网关(MCG)帐户凭证,以防止应用程序出现问题,并确保帐户安全性。
先决条件
- 正在运行的 OpenShift Data Foundation 平台。
下载 Multicloud 对象网关(MCG)命令行界面以便更轻松地管理:
# subscription-manager repos --enable=rh-odf-4-for-rhel-8-x86_64-rpms
# yum install mcg
重要指定使用订阅管理器启用存储库的适当架构。
对于 IBM Power,使用以下命令:
# subscription-manager repos --enable=rh-odf-4-for-rhel-8-ppc64le-rpms
对于 IBM Z 基础架构,使用以下命令:
# subscription-manager repos --enable=rh-odf-4-for-rhel-8-s390x-rpms
或者,您也可以从 下载红帽 OpenShift Data Foundation 页面上的 OpenShift Data Foundation RPM 安装 MCG 软件包。
重要根据您的架构选择正确的产品变体。
5.1. 重置 noobaa 帐户密码
流程
要重置 noobaa 帐户密码,请运行以下命令:
$ noobaa account passwd <noobaa_account_name> [options]
$ noobaa account passwd FATA[0000] ❌ Missing expected arguments: <noobaa_account_name> Options: --new-password='': New Password for authentication - the best practice is to omit this flag, in that case the CLI will prompt to prompt and read it securely from the terminal to avoid leaking secrets in t he shell history --old-password='': Old Password for authentication - the best practice is to omit this flag, in that case the CLI will prompt to prompt and read it securely from the terminal to avoid leaking secrets in the shell history --retype-new-password='': Retype new Password for authentication - the best practice is to omit this flag, in that case the CLI will prompt to prompt and read it securely from the terminal to avoid leaking secrets in the shell history Usage: noobaa account passwd <noobaa-account-name> [flags] [options] Use "noobaa options" for a list of global command-line options (applies to all commands).
例如:
$ noobaa account passwd admin@noobaa.io
输出示例:
Enter old-password: [got 24 characters] Enter new-password: [got 7 characters] Enter retype-new-password: [got 7 characters] INFO[0017] ✅ Exists: Secret "noobaa-admin" INFO[0017] ✅ Exists: NooBaa "noobaa" INFO[0017] ✅ Exists: Service "noobaa-mgmt" INFO[0017] ✅ Exists: Secret "noobaa-operator" INFO[0017] ✅ Exists: Secret "noobaa-admin" INFO[0017] ✈️ RPC: account.reset_password() Request: {Email:admin@noobaa.io VerificationPassword:* Password:*} WARN[0017] RPC: GetConnection creating connection to wss://localhost:58460/rpc/ 0xc000402ae0 INFO[0017] RPC: Connecting websocket (0xc000402ae0) &{RPC:0xc000501a40 Address:wss://localhost:58460/rpc/ State:init WS:<nil> PendingRequests:map[] NextRequestID:0 Lock:{state:1 sema:0} ReconnectDelay:0s cancelPings:<nil>} INFO[0017] RPC: Connected websocket (0xc000402ae0) &{RPC:0xc000501a40 Address:wss://localhost:58460/rpc/ State:init WS:<nil> PendingRequests:map[] NextRequestID:0 Lock:{state:1 sema:0} ReconnectDelay:0s cancelPings:<nil>} INFO[0020] ✅ RPC: account.reset_password() Response OK: took 2907.1ms INFO[0020] ✅ Updated: "noobaa-admin" INFO[0020] ✅ Successfully reset the password for the account "admin@noobaa.io"
重要要从终端访问 admin 帐户凭证,请运行
noobaa status
命令:-------------------- - Mgmt Credentials - -------------------- email : admin@noobaa.io password : ***