LGTM Enterprise 1.23

Changing or resetting a manifest password

This topic is not relevant if you are running LGTM Enterprise on Kubernetes.

The LGTM manifest file contains the authentication details used by the LGTM cluster machines to communicate securely. Consequently the file is encrypted. When you install LGTM Enterprise, you are prompted to enter a password for encrypting/decrypting the file. Defining a password is optional. If control of the credentials stored in the manifest is not a concern, or if the file is protected by some other means, then you do not need to enter a password.

If you choose to define a password, you need this password whenever the manifest is changed, for example, when you upgrade LGTM or deploy changes to the LGTM cluster configuration file. You can change this password or reset it at any time using the lgtm-config-gen.jar tool.

If you lose the manifest password, it cannot be recovered and the communications secrets used by the LGTM cluster machines must be reset.

Changing or setting a manifest password

To set or change the manifest password, run the lgtm-config-gen.jar tool with:

  • change-password action
  • Optionally, you can use the --input flag to define the location of the cluster configuration file for the installation. By default, the path to this file is assumed to be ../../state/lgtm-cluster-config.yml, relative to the lgtm-config-gen.jar file.

For example, from the lgtm-<release> directory:

java -jar lgtm/lgtm-config-gen.jar change-password

If the manifest file is already protected by a password, you are prompted to enter the existing password. You are then asked to enter and confirm a new password.

Resetting the manifest file and password

If you have lost the password for the manifest file, then you need to reset the contents of the manifest file and the password.

  1. On the coordinator server, delete the manifest.xml file (stored in LGTM's state directory).
  2. To generate a new manifest file:
  3. During the upgrade—or the cluster configuration regeneration—you will be prompted to set a new password for the manifest file:
    • To use the default password—press Enter without giving a password. You will not be prompted to give a password for future upgrades and deployments.
    • Otherwise set a password.
  4. Deploy the upgrade—or revised configurations—on each machine in the LGTM cluster. You must deploy the configurations on all hosts in the cluster, otherwise services on those machines will not be able to communicate with each other. See Deploying an updated configuration on Linux hosts or Deploying an updated configuration on Windows hosts.

Related topicsRelated topics