第 5 章 更改默认帐户凭证以确保在 Multicloud 对象网关中提高安全性


使用命令行界面更改并轮转 Multicloud 对象网关(MCG)帐户凭证,以防止应用程序出现问题,并确保帐户安全性。

先决条件

  • 正在运行的 OpenShift Data Foundation 平台。
  • 下载 Multicloud 对象网关(MCG)命令行界面以便更轻松地管理:

    # subscription-manager repos --enable=rh-odf-4-for-rhel-8-x86_64-rpms
    # yum install mcg
    重要

    指定使用订阅管理器启用存储库的适当架构。

    • 对于 IBM Power,使用以下命令:

      # subscription-manager repos --enable=rh-odf-4-for-rhel-8-ppc64le-rpms
    • 对于 IBM Z 基础架构,使用以下命令:

      # subscription-manager repos --enable=rh-odf-4-for-rhel-8-s390x-rpms
  • 或者,您也可以从 下载红帽 OpenShift Data Foundation 页面上的 OpenShift Data Foundation RPM 安装 MCG 软件包。

    重要

    根据您的架构选择正确的产品变体。

5.1. 重置 noobaa 帐户密码

流程

  • 要重置 noobaa 帐户密码,请运行以下命令:

    $ noobaa account passwd <noobaa_account_name> [options]
    $ noobaa account passwd
    FATA[0000] ❌ Missing expected arguments: <noobaa_account_name>
    
    Options:
        --new-password='': New Password for authentication - the best practice is to omit this flag, in that
        case the CLI will prompt to prompt and read it securely from the terminal to avoid leaking secrets in t
         he shell history
        --old-password='': Old Password for authentication - the best practice is to omit this flag, in that
        case the CLI will prompt to prompt and read it securely from the terminal to avoid leaking secrets in
        the shell history
        --retype-new-password='': Retype new Password for authentication - the best practice is to omit this flag, in that case the CLI will prompt to prompt and read it securely from the terminal to avoid
        leaking secrets in the shell history
    
    
    Usage:
        noobaa account passwd <noobaa-account-name> [flags] [options]
    
    Use "noobaa options" for a list of global command-line options (applies to all commands).

    例如:

    $ noobaa account passwd admin@noobaa.io

    输出示例:

    Enter old-password: [got 24 characters]
    Enter new-password: [got 7 characters]
    Enter retype-new-password: [got 7 characters]
    INFO[0017] ✅ Exists: Secret "noobaa-admin"
    INFO[0017] ✅ Exists: NooBaa "noobaa"
    INFO[0017] ✅ Exists: Service "noobaa-mgmt"
    INFO[0017] ✅ Exists: Secret "noobaa-operator"
    INFO[0017] ✅ Exists: Secret "noobaa-admin"
    INFO[0017] ✈️  RPC: account.reset_password() Request: {Email:admin@noobaa.io VerificationPassword:* Password:*}
    WARN[0017] RPC: GetConnection creating connection to wss://localhost:58460/rpc/ 0xc000402ae0
    INFO[0017] RPC: Connecting websocket (0xc000402ae0) &{RPC:0xc000501a40 Address:wss://localhost:58460/rpc/ State:init WS:<nil> PendingRequests:map[] NextRequestID:0
    Lock:{state:1 sema:0} ReconnectDelay:0s cancelPings:<nil>}
    INFO[0017] RPC: Connected websocket (0xc000402ae0) &{RPC:0xc000501a40 Address:wss://localhost:58460/rpc/ State:init WS:<nil> PendingRequests:map[] NextRequestID:0
    Lock:{state:1 sema:0} ReconnectDelay:0s cancelPings:<nil>}
    INFO[0020] ✅ RPC: account.reset_password() Response OK: took 2907.1ms
    INFO[0020] ✅ Updated:  "noobaa-admin"
    INFO[0020] ✅ Successfully reset the password for the account "admin@noobaa.io"
    重要

    要从终端访问 admin 帐户凭证,请运行 noobaa status 命令:

    --------------------
    - Mgmt Credentials -
    --------------------
    
    email    : admin@noobaa.io
    password : ***
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.