Changing the MySQL Password of a Running Cluster

The following section describes how to change the MySQL password of a running cluster in Kubernetes.

If you have a running TIBCO Cloud™ API Management - Local Edition cluster in a Kubernetes environment, the cluster was created using the MySQL password specified in the tml_cluster_properties.json file.

To change the MySQL password:

Procedure

  1. Change the passwords in the tml_cluster_properties.json file in your deployment folder.
    For example, if you deployed from the /jdoe/tml-530/docker-deploy/gcp/k8s/manifest-single-zone/ folder, modify the tml_cluster_properties.json file in that folder.
    In this example, to make the new password changeme12, modify the following: 
    {
        "mysql_root_pwd": "changeme12",
        "mysql_masheryonprem_pwd": "changeme12",
        "mysql_mashonpremrepl_pwd": "changeme12",
        "mysql_mashclient_pwd": "changeme12",
        "mysql_masherybackup_pwd": "changeme12",
        "mom_server": "https://api-mom.mashery.com",
        "mom_key": "",
        "mom_secret": ""
}
  2. Delete the cluster-property Kubernetes secret: 
    kubectl delete secret cluster-property
  3. Create the Kubernetes secret again using the tml_cluster_properties.json file containing the new password: 
    kubectl create secret generic cluster-property --from-file=./tml_cluster_properties.json
  4. Log in to the MySQL container: 
    kubectl exec -it mysql-set-0-0 /bin/bash
  5. Connect to the MySQL server with a MySQL client using the old password, then set the new password. 
    mysql -u root -p
    Execute the following commands on the MySQL prompt: 
    use masherysolar;
FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY 'changeme12';
ALTER USER 'masheryonprem'@'localhost' IDENTIFIED BY 'changeme12';
ALTER USER 'masheryonprem'@'%' IDENTIFIED BY 'changeme12';
ALTER USER 'mashonpremrepl'@'%' IDENTIFIED BY 'changeme12';
ALTER USER 'mashclient'@'%' IDENTIFIED BY 'changeme12';
ALTER USER 'masherybackup'@'%' IDENTIFIED BY 'changeme12';
  6. Exit the MySQL container.
  7. Delete the MySQL pod. 
    kubectl delete pod mysql-set-0-0
  8. Once mysql-set-0-0 is created again, wait for it to become ACTIVE. Then delete all the cache pods; for example, if you have three cache pods, delete all as follows: 
    kubectl delete pod cache-set-0-0 cache-set-0-1 cache-set-0-2
  9. Once cache pods are created again, delete all the tm pods; for example, if you have three tm pods, delete all as follows: 
    kubectl delete pod tm-deploy-0-764874c9d8-2gl5x tm-deploy-0-4c9d764878-2gl5x tm-deploy-0-747648c9d8-2gl5
  10. Once the tm pods are created again, delete the cm pod as follows: 
    kubectl delete pod cm-deploy-0-7b9976697c-zblbk
  11. Once all the pods are running, you can login to the cm pod and verify that the status is ACTIVE. Likewise, any existing service endpoint that was created before you applied the password changes should work as before.