Doc - Securing Starter Deployments #172
Conversation
| ============================ | ||
|
|
||
| The password that is set for the _root_ user during the installation of the ArangoDB | ||
| package has no effect in case of deployments done with the tool _ArangoDB Stater_, |
| as this tool creates new database directories and configuration files that are | ||
| separate from those created by the stand-alone installation. | ||
|
|
||
| Assuming you have enabled authentication in your _Starter_ deployment, by default |
There was a problem hiding this comment.
... using --auth.jwt-secret=<thesecret-file> ...
|
|
||
| where "mypwd" is the new password you want to set. | ||
|
|
||
| If your _Starter_ deployment has authentication turned off, it is suggested to |
There was a problem hiding this comment.
We should add a note saying that you cannot change authentication from on/off after you created the deployment once.
There was a problem hiding this comment.
Thanks for the feedback. If the user shutdown their cluster, and manually change all the configuration files (for a 3 nodes cluster 9 files in total), and in all the config filed change authentication = true (from false) and add jwt-secret = the-secret-here and then restart the cluster (even using the old starter commands that do not include --auth.jwt-secret= it should now work with authentication on, right? I think we have tested this procedure before. I am a bit unsure right now if the .txt command files have to be changed as well, or not. Otherwise we can still suggest to create a new fresh cluster, with auth enabled (and in case restore your data there). WDYT?
There was a problem hiding this comment.
This should work. However I prefer to keep this as a "don't do it like this" and implement changing the config files properly.
|
@sleto-it I've made a couple of modifications. Please see if you agree. |
|
discussed with @sleto-it merge now and go over it once more in the grant docs overhaul. |
No description provided.