IBM Security Verify

 View Only
Expand all | Collapse all

HVDB password update and LMI

  • 1.  HVDB password update and LMI

    IBM Champion
    Posted Sat November 06, 2021 10:34 AM

    Hi Community

     

    Just rebuilt entirely an ISVA Appliance with the Liberty Runtime on it and re-applied all configuration and security artefacts with playbooks. That included re-applying the HVDB external DB password.

    It had been a while, so it was a good "fire drill" exercise (-:

    At the end of the exercise, OAuth grants were visible from our dashboard in Grafana and OAuth users we not reporting any issue.

    However, in the LMI, we could not list any Grants or Devices (LMI->AAC-Manage->Devices and AAC-Manage->Grants). We would obtain the usual "Failed to load data!" message that indicates something is wrong with the HVDB connectivity.

    It is only after that we restarted the Appliance entirely that the LMI Device and Grants status started to cooperate as it does normally. I guess restarting the LMI could have produced the same outcome, but this would need to be tested.

    Would anyone think that the current behavior is as-designed, and if we submit a Case/RFI, this could get resolved ? Just testing the water temperature here. I just imagine a case where one needs for any reason to update the HVDB password in a rush, restarting the Appliance entirely is an extra step one could do without.



    ------------------------------
    Sylvain Gilbert
    ------------------------------


  • 2.  RE: HVDB password update and LMI

    Posted Sun November 07, 2021 03:23 PM
    Sylvain,
     
    Further investigation would be required.  In my environment, if I change the configured password for the database, the LMI is automatically restarted after the password in the cluster configuration is updated.  So, everything appears to be working correctly.  I'm just not sure what is different in your environment.  Did the LMI restart after the cluster configuration was updated with a new password in your environment?  If using the REST API directly it is the responsibility of the client to actually perform the LMI restart.
     
    Thoughts?
     
     
    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access

    IBM Master Inventor