You can change the Daml index database password on deployed Client nodes to secure the Daml Ledger and Daml index database connection.
Prerequisites
Identify the Client node IP addresses and the existing Daml index database password you want to change.
Procedure
- SSH to the Client node using the VMware Blockchain password.
- Connect to the Daml index database and change the password for the indexdb user.
- Get the Daml index database container ID and note down the port number.
- Retrieve the Daml index database IP address.
sudo docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <daml_index_db container ID>
- Log in to the Daml index database.
sudo psql -h <the-db-ip> -p <port> -U indexdb
- Enter the Daml index database's existing password.
- Change the existing Daml index database password at the prompt.
- Enter the new password.
- Exit the Daml index database.
- Update the Client node configuration files with the new password using a text editor.
Update the Daml Ledger API configuration file- /config/daml-ledger-api/environment-vars.
Update the Daml index database configuration file- /config/daml-index-db/environment-vars.
Update the Telegraf configuration file- /config/telegraf/telegraf.conf.
- Restart the Docker containers with the new password.
sudo docker restart <daml_ledger_api ID> <daml_index_db ID> <telegraf ID>
- Update the VMware Blockchain Orchestrator output file with the new Client node password.
- Open the VMware Blockchain Orchestrator output file.
- Search for the Client node IP address you updated with a new password.
- Add the new password to the corresponding Client node in the suggested pattern to the output file.
Node Id: <node id>,
name: <location, sddc>,
key: Daml_DB_PASSWORD,
value: <new password>