Updating Server Password and Database Connection Details (v5.4)
There are two levels of user passwords created in the system. One is at the operating system level, and one is at the Clarity LIMS level. The following sections provide details on these user passwords and instructions for changing them. Instructions for updating Clarity LIMS with the new database connection details are also provided.
The following steps are only necessary if the passwords for glsftp and/or apiuser have been changed.
The user passwords created at the operating system level are for the glsai, glsjboss, and glsftp users.
• | glsai and glsjboss users—Have no associated configurations, and their passwords can be changed at any time. |
• | glsftp user—After installation of Clarity LIMS, this password can be changed, but it must also be updated in the file/vault secret store, using SecretUtil. |
To change the glsftp password in the secret store after installation, using SecretUtil:
1. | Change the glsftp password on the server. |
2. | Log into the server as the glsjboss user. |
3. | Go to /opt/gls/clarity/tools/secretutil. |
4. | Update the password in the secret store. |
• | For vault-based secret storage, use either the Vault CLI or Vault UI to update the password. |
• | For file-based secret storage, use the Secret Management Util to update the password. |
$ java -jar /opt/gls/clarity/tools/secretutil/secretutil.jar -u=<new-password> app.ftp.password
5. | Stop, and then restart Tomcat. |
service clarity_tomcat stop
service clarity_tomcat start
The user passwords created at the Clarity LIMS level are for the admin, facility, and apiuser users.
The admin and facility have no configuration associated with them, and their passwords can be changed at any time.
The apiuser user password is stored in the configuration and can be changed after installing Clarity LIMS. A change in password must also be performed in the configuration.
To change the apiuser password after installing Clarity LIMS:
1. | Check for any remote Automation Workers. Take note of their locations in your network because these locations are revisited after changing the password. |
2. | Log into the Clarity LIMS server as the glsjboss user and go to the config directory. |
cd /opt/gls/clarity/config
3. | Run the script: |
update_claritylims_endpoints.sh script
4. | When prompted, enter the apiuser password. |
5. | When the script is completed, stop and restart Tomcat. |
service clarity_tomcat stop
service clarity_tomcat start
In some circumstances (such as security breaches/compromises), the database connection details (eg, database password) are updated, which prevents Clarity LIMS from connecting to the database. To correct this circumstance, update Clarity LIMS with the new database connection details using the following steps:
1. | Check for any remote Automation Workers, and take note of their locations in your network. |
2. | Update existing tenant with new details. |
• | For vault-based secret storage, use either the Vault CLI or Vault UI to update the password. |
• | For file-based secret storage, use the Secret Management Util to update the database password as the root user. |
$ java -jar /opt/gls/clarity/tools/secretutil/secretutil.jar -u=<db-password> db.<db-name>.password
3. | Restart all local and remote Automation Workers, and ensure they are operating properly. |