Kaspersky SD-WAN
2.2
English

Contents

Manually generating passwords

To manually generate the passwords:

  1. Create the /passwords directory on the administrator device. Specify the path to the created directory in the external section of the configuration file using the vault_password_dirname setting.
  2. Create a keystore.yml file and in that file, specify the passwords using the following settings:
    • ZABBIX_DB_SECRET is the root password of the Zabbix monitoring system database.
    • MONGO_ADMIN_SECRET is the administrator password of the MongoDB database.
    • MONGO_USER_SECRET is the user password of the MongoDB database. This password is used by the orchestrator.
    • CTL_CERT_SECRET is the password of the controller SSL certificate.
    • ORC_CERT_SECRET is the password of the orchestrator SSL certificate.
    • ORC_ENC_SECRET is the password for encrypting confidential data in the MongoDB database. Minimum length: 32 characters.
    • VNFM_CERT_SECRET is the password of the VNFM SSL certificate.

    For all passwords except ORC_ENC_SECRET, we recommend specifying at least 16 characters.

  3. Create the vault_password.txt file and in that file, specify the master password.
  4. Encrypt the keystore.yml file:
    • If you want to encrypt the keystore.yml file in attended mode:

      ansible-vault encrypt --ask-vault-pass keystore.yml

    • If you want to encrypt the keystore.yml file in unattended mode:

      ansible-vault encrypt --vault-password-file vault_password.txt keystore.yml

The passwords are generated and encrypted.

See also

About the attended, unattended, and partially attended action modes
Page top
[Topic 273556]