What's on this page

Security

Configuring Security in Lifecycle Manager

The recommended installation of Lifecycle Manager is with security enabled. This will give the following benefits:

Disabling Security

The easiest way to disable security during installation is by including the No Security flavour

No Security Flavour

Directory: no-security This flavour disables LM security and is intended for development/testing purposes. To be more precise, this flavour disables:

This flavour may be used in combination with other flavours included in the LM package.

Installation

To install LM with this flavour, ensure the following values file from the lm-helm-charts package is provided during the Helm install process which is described later in this guide: `./flavours/no-security/no-security-values.yaml

Changing default passwords

It is recommended all system passwords are modified from their default values during installation for added security. This can be achieved as follows:

OpenLDAP Administrator Password

In order to modify the default password for administering OpenLDAP, modify this Helm value in your custom values file.

global:
  ldap:
    managerPassword: lmadmin

LM API Administration User

In order to administer Client Credentials in LM, the system is setup with some default Client Credential. These can be modified or added to by declaring values in the custom Helm values file as follows (change only the clientId and clientSecret, leaving grantTypes and roles as shown below):

configurator: 
  security:
    lm:
      clientCredentials:
        - clientId: LmClient
          clientSecret: pass123
          grantTypes: client_credentials
          roles: SLMAdmin

Internal Clients

LM installs with some clients configured to allow secure communication internally. These clients are mandatory, but their default passwords can be changed as follows:

configurator: 
  security:
    lm:
      nimrod:
        clientSecret: pass123
      doki:
        clientSecret: pass123

Keystore Password

Some of the services within LM host SSL certificates used for secure internal communications. To configure the password used for this certificate keystore, modify this value:

configurator: 
  security:
    lm:
      keyStorePassword: keypass

Next Steps

Continue the configuration of Storage