Configuration required for different sysadmin credentials

Edge for Private Cloud v4.19.01

When you first installed Edge, a special kind of user was created called a sysadmin user, and at the same time some additional config files were updated with this user’s details. If you configure your external LDAP to authenticate using a non-email address username and / or you have a different password in your external LDAP for this sysadmin user, then you will need to make the changes described in this section.

There are two locations that need to be updated:

  • The Edge UI logs into the Management Server using credentials that are stored encrypted in a configuration file on the Edge UI. This update is required when either/both username or password for your sysadmin user is different.
  • Edge stores the sysadmin username in another file which is used when running various utility scripts. This update is only required when the username of your sysadmin user is different.

Changing the Edge UI password

The way you change the Edge UI password depends on how your external LDAP server represents usernames:

  • If usernames are email addresses, use the setup.sh utility to update the Edge UI
  • If the usernames are IDs, instead of an email address, use API calls and property files to update the Edge UI

Both procedures are described below.

Changing the Edge UI credential for an email address

  1. Edit the silent config file that you used to install the Edge UI to set the following properties:
    ADMIN_EMAIL=newUser
    APIGEE_ADMINPW=newPW
    SMTPHOST=smtp.gmail.com
    SMTPPORT=465
    SMTPUSER=foo@gmail.com
    SMTPPASSWORD=bar
    SMTPSSL=y
    SMTPMAILFROM="My Company <myco@company.com>"

    Note that you must include the SMTP properties when passing the new password because all properties on the UI are reset.

  2. Use the apigee-setup utility to reset the password on the Edge UI from the config file:
    /opt/apigee/apigee-setup/bin/setup.sh -p ui -f configFile

Changing the Edge UI credentials for a user ID

  1. Encrypt the user ID and password:
    java -cp "/opt/apigee/edge-ui/conf:/opt/apigee/edge-ui/lib/*" utils.EncryptUtil 'userName:PWord'
  2. Open the ui.properties file in an editor. If the file does not exist, create it:
    vi /opt/apigee/customer/application/ui.properties
  3. In ui.properties, set the conf_apigee_apigee.mgmt.credential token to the value returned by the call in Step 1:
    conf_apigee_apigee.mgmt.credential="STRING_RETURNED_IN_STEP_1"
  4. Set the owner of ui.properties to "apigee":
    chown apigee:apigee /opt/apigee/customer/application/ui.properties
  5. Restart the Edge UI:
    /opt/apigee/apigee-service/bin/apigee-service edge-ui restart

Testing the configuration

  1. Open the management UI in a browser at:
    http://management_server_IP:9000/

    For example:

    http://192.168.52.100:9000/
  2. Log in using the new credentials. If the login succeeds, the configuration is correct.

Editing the Edge sysadmin username store for Apigee utility scripts

  1. Edit the silent config file that you used to install the Edge UI to set the following property to change the value of ADMIN_EMAIL to the username you will be using for your sysadmin user in your external LDAP:
    APIGEE_EMAIL=newUser
    IS_EXTERNAL_AUTH="true"

    The IS_EXTERNAL_AUTH property configures Edge to support an account name, rather than an email address, as the username.

  2. Use the apigee-setup utility to reset the username on all Edge component from the config file:
    /opt/apigee/apigee-setup/bin/setup.sh -p edge -f configFile

    You must run this command on all Edge component on all Edge nodes, including: Management Server, Router, Message Processor, Qpid, Postgres.

Testing the configuration

Verify that you can access the central POD. On the Management Server, run the following CURL command:

curl -u sysAdminEmail:password http://localhost:8080/v1/servers?pod=central

You should see output in the form:

[ {
  "internalIP" : "192.168.1.11",
  "isUp" : true,
  "pod" : "central",
  "reachable" : true,
  "region" : "dc-1",
  "tags" : {
    "property" : [ ]
  },
  "type" : [
    "application-datastore",
    "scheduler-datastore",
    "management-server",
    "auth-datastore",
    "apimodel-datastore",
    "user-settings-datastore",
    "audit-datastore"
  ],
  "uUID" : "d4bc87c6-2baf-4575-98aa-88c37b260469"
}, {
  "externalHostName" : "localhost",
  "externalIP" : "192.168.1.11",
  "internalHostName" : "localhost",
  "internalIP" : "192.168.1.11",
  "isUp" : true,
  "pod" : "central",
  "reachable" : true,
  "region" : "dc-1",
  "tags" : {
    "property" : [ {
      "name" : "started.at",
      "value" : "1454691312854"
    }, ... ]
  },
  "type" : [ "qpid-server" ],
  "uUID" : "9681202c-8c6e-4da1-b59b-23e3ef092f34"
} ]