Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Administration Methods
- Unified Resource Manager (URM) JMX Methods
- How to Manage UCMDB Licenses Using the JMX Console
- How to Enable Remote Access to the JMX Console
- How to Download a Zip File of Log Files and Thread Dumps
- How to Retrieve UCMDB Server Logs for a Specific Time Frame
- How to Access Support Using the JMX Console
- How to Set Master Keys
- How to Use the User Activity Log
- How to Configure UCMDB Log Levels
- How to Check the Database Connection
- How to View the KPI Dashboard
- How to Enable Validation of Host Header of a Request
- How to Show/Hide the "Cannot invoke trigger" Error Message on UI
- How to View and Track Hotfixes Applied on UCMDB Server
- How to Enable Asynchronous CI History
- How to Enable CI Properties Validation On SDK APIs
- How to Encrypt/Decrypt IP Ranges Information on the Probes
- How to Prevent Custom CI Attributes Values from Being Updated by Default Values During Reconciliation
- How to Configure Maximum Number of Condition Phrases for a Single Node
- How to Enable and Define LDAP Authentication Method
- How to Change the Priority of a User Repository
- How to Restrict User Access to a Limited Subset of the UCMDB Server JMX Methods
- How to Enable Login to Universal CMDB with SAML Authentication
- High Availability Mode JMX Methods
- UCMDB Browser module JMX Methods
- Package Manager JMX Methods
- History DB Services JMX Methods
How to Set Master Keys
You can use the JMX console to change the master key that is used to encrypt all UCMDB keys.
Change the master key for a cluster
This method assumes that your UCMDB environment is deployed in a high-availability setup.
Caution
-
This method involves a restart of the entire cluster, so plan accordingly. It is recommended to change the master key of the cluster when there is little or no load on the servers. For example, you should avoid using this method during data-in operations.
- Do not change any settings in the time period between changing the master key and restarting the server. Not following this instruction may result in a failure to start the server.
- Machines that are not up or that will be added later to the cluster will need to be configured manually. Until they are configured, at most they can run as reader machines; trying to run them as writer machines will fail.
-
Back up the C:\UCMDB\UCMDBServer\conf\cmdb.conf file and the values for the following settings:
- ha.cluster.authentication.keystore.password
- ha.cluster.authentication.shared.secret
- ha.cluster.message.encryption.keystore.password
- ssl.server.keystore.password
- ssl.server.truststore.password
- Make sure all the servers in the cluster are up and running.
-
On the writer machine, launch the Web browser and enter the following address to log in to the JMX console: https://localhost:8443/jmx-console.
Note If a load balancer is present, you must bypass it and not log on to the writer machine through a load balancer.
-
Do one of the following:
- Search for changeMasterKeyForCluster.
- Click UCMDB:service=Security Services > changeMasterKeyForCluster.
-
Enter and confirm the master key, and click Invoke. The master key will be changed first on the writer machine and then on all reader machines.
Note
The master key must contain exactly 32 characters and include at least one of each of the following four types of characters:
- Uppercase alphabetic characters
- Lowercase alphabetic characters
- Numeric characters
- Special characters:
:/._+-[]
-
Restart all the machines in the cluster. You can use the JMX method High Availability Services > restartCluster to do this.
Note Restart the cluster immediately after changing the master key. If you do not, future database connections may fail.
Change the master key for a new machine in a cluster
If at least one of the following settings was changed, use Method A; otherwise, use Method B:
- ha.cluster.authentication.keystore.password
- ha.cluster.authentication.shared.secret
- ha.cluster.message.encryption.keystore.password
- ssl.server.keystore.password
- ssl.server.truststore.password
Method A
This method assumes that you already have properly configured a master key for the writer machine that is up and running in the cluster. If not, follow the instructions in Change the master key for a cluster.
- Copy the C:\UCMDB\UCMDBServer\bin\wrapper.conf file from the writer machine to the same location on the new (reader) machine.
- Restart the server.
Method B
- Back up the C:\UCMDB\UCMDBServer\conf\cmdb.conf file.
-
On the writer machine, launch the Web browser and enter the following address to log in to the JMX console: https://localhost:8443/jmx-console.
-
Do one of the following:
- Search for changeMasterKey.
- Click UCMDB:service=Security Services > changeMasterKey.
-
Enter and confirm the master key, and click Invoke.
Note The master key must contain exactly 32 characters and include at least one of each of the following four types of characters:
- Uppercase alphabetic characters
- Lowercase alphabetic characters
- Numeric characters
- Special characters:
:/._+-[]
-
Restart the machine.
Note Restart the cluster immediately after changing the master key. If you do not, future database connections may fail.
Revert the master key for a cluster to its default value
This procedure resets the master key for an entire cluster.
- Make sure all the servers in the cluster are up and running.
-
On the writer machine, launch the Web browser and enter the following address to log in to the JMX console: https://localhost:8443/jmx-console.
Note If a load balancer is present, you must bypass it and not log on to the writer machine through a load balancer.
-
Do one of the following:
- Search for restoreMasterKeyForCluster.
- Click UCMDB:service=Security Services > restoreMasterKeyForCluster.
- Click Invoke. The master key will be changed first on the writer machine and then on all reader machines.
-
Restart all the machines in the cluster. You can use the JMX method High Availability Services > restartCluster to do this.
Note Restart the cluster immediately after changing the master key. If you do not, future database connections may fail.
Revert the master key for a machine that was down when master key was reverted for whole cluster
- Back up the C:\UCMDB\UCMDBServer\conf\cmdb.conf file.
-
On the writer machine, launch the Web browser and enter the following address to log in to the JMX console: https://localhost:8443/jmx-console.
-
Do one of the following:
- Search for restoreMasterKey.
- Click UCMDB:service=Security Services > restoreMasterKey.
- Click Invoke.
-
Restart the machine.
Note Restart the cluster immediately after changing the master key. If you do not, future database connections may fail.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to cms-doc@microfocus.com.
Help Topic ID:
Product:
Topic Title:
Feedback: