Skip to main content

Pentaho+ documentation is moving!

The new product documentation portal is here. Check it out now at docs.hitachivantara.com

 

Hitachi Vantara Lumada and Pentaho Documentation

Setting up password encryption after upgrading

Parent article

After upgrading your Pentaho Server to the latest version, you can set up password encryption to help meet your organization's security needs. To get started, you must first set up the server to work with password encryption before applying it.

Perform the following actions if you want to set up your system for password encryption:

  1. Modify the Tomcat Context XML file.
  2. Update the Jackrabbit Repository XML file.
  3. Verify your Quartz properties.
  4. Update your Hibernate configuration.

Modify the Tomcat context XML file

Database connection and network information for your Pentaho Repository database are stored in the context.xml file.

Perform the following steps to modify the context.xml file to reflect encryption password changes for your database connection and network information.

Procedure

  1. If you had any previous customizations to the context.xml file before upgrading and you have not already applied these customizations to the 9.4 version of the file, merge your customizations into the context.xml file. See Apply customizations for instructions.

    NotePassword encryption requires the 9.1 or later version of the context.xml file.
  2. Stop the Pentaho Server.

  3. Navigate to the pentaho/server/pentaho-server/tomcat/webapps/pentaho/META-INF directory and open the context.xml file with any file editor.

  4. Locate all occurrences of the following factory setting:

    factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
  5. Replace every occurrence of the factory setting with the following value:

    factory="org.pentaho.di.core.database.util.DecryptingDataSourceFactory"
  6. Locate the type of database you are using as the Pentaho Repository and add the following lines of code to the end of the Resource block to include Jackrabbit, which handles password encryption:

    • Postgres

      <Resource name="jdbc/jackrabbit" auth="Container" type="javax.sql.DataSource" factory="org.pentaho.di.core.database.util.DecryptingDataSourceFactory" maxActive="20" minIdle="0" maxIdle="5" initialSize="0" maxWait="10000" username="jcr_user" password="password" driverClassName="org.postgresql.Driver" url="jdbc:postgresql://localhost:5432/jackrabbit" validationQuery="select 1"/>
    • MySQL

      <Resource name="jdbc/jackrabbit" auth="Container" type="javax.sql.DataSource" factory="org.pentaho.di.core.database.util.DecryptingDataSourceFactory" maxActive="20" minIdle="0" maxIdle="5" initialSize="0" maxWait="10000" username="jcr_user" password="password" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://localhost:3306/jackrabbit" validationQuery="select 1"/>
    • Oracle

      Be sure to also replace XE in the URL setting to reflect the name of your schema:

      <Resource name="jdbc/jackrabbit" auth="Container" type="javax.sql.DataSource" factory="org.pentaho.di.core.database.util.DecryptingDataSourceFactory" maxActive="20" minIdle="0" maxIdle="5" initialSize="0" maxWait="10000" username="jcr_user" password="password" driverClassName="oracle.jdbc.OracleDriver" url="jdbc:oracle:thin:@localhost:1521/XE" validationQuery="select 1 from dual"/>
    • MS SQL Server

      <Resource name="jdbc/jackrabbit" auth="Container" type="javax.sql.DataSource" factory="org.pentaho.di.core.database.util.DecryptingDataSourceFactory" maxActive="20" minIdle="0" maxIdle="5" initialSize="0" maxWait="10000" username="jcr_user" password="password" driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver" url="jdbc:sqlserver://localhost:1433;DatabaseName=jackrabbit" validationQuery="select 1"/>
  7. Save and close the context.xml file.

  8. Restart the server and confirm no errors occurred.

    Depending on the error, you may need to contact your customer support representative for help.

Results

The context.xml is now modified to reflect encryption password changes for your database connection and network information.

Update the Jackrabbit Repository XML file

The Jackrabbit component contains the solution repository, examples, security data, and content data from reports that you create in Pentaho. You must use the latest version of the repository.xml file if you plan to apply password encryption.

Perform the following steps to update the repository.xml file to use password encryption.

Procedure

  1. If you are using a database other than Postgres for your Pentaho Repository, perform the following substeps:

    1. Navigate to the pentaho/server/pentaho-server/pentaho-solutions/system/jackrabbit directory and open the repository.xml file with any file editor.

    2. Comment out any references to databases other than the database you are using for the Pentaho Repository in each of the following sections, and uncomment the sections that apply to your database:

      • Repository
      • DataStore
      • Workspaces
      • PersistenceManager (1st part)
      • Versioning
      • PersistenceManager (2nd part)
      • DatabaseJournal
    3. Save and close the repository.xml file.

  2. If your repository.xml file contained any customizations before upgrading and you have not yet applied these customizations to the 9.4 version of the file, merge your customizations into the repository.xml file. See Address customizations with post-upgrade versions for instructions.

  3. Stop and restart the server to confirm no errors occurred.

    Depending on the error, you may need to contact your customer support representative for help.

Verify your Quartz properties

Event information, such as scheduled reports, is stored in the Quartz JobStore. Quartz must be set up with JNDI for password encryption to work.

Perform the following steps to verify the quartz.properties file has the correct JNDI information:

Procedure

  1. Stop the Pentaho Server.

  2. Navigate to the pentaho/server/pentaho-server/pentaho-solutions/system/quartz directory and open the quartz.properties file with any file editor.

  3. Verify the following line of code appears in the file:

    org.quartz.dataSource.myDS.jndiURL = Quartz

  4. If the line of code associated with JNDI does not appear in the quartz.properties file, perform the following action depending on whether you have any previous customizations to the quartz.properties file:

    • If you have not customized the quartz.properties file, add the line of code to the file.
    • If you have customized the quartz.properties file before upgrading and you have not already applied these customizations to the 9.4 version of the file, merge your customizations into the quartz.properties file. See Apply customizations for instructions.
  5. Close the quartz.properties file.

  6. Restart the server and confirm no errors occurred.

    Depending on the error, you may need to contact your customer support representative for help.

Results

Quartz is now set up with JNDI for password encryption to work.

Update your Hibernate configuration

The Hibernate configuration file specifies driver and connection information, as well as dialects and how to handle connection closes and timeouts. You must have the latest version of this file for password encryption to work.

Perform the following steps to update the Hibernate configuration file for Pentaho 9.4.

Procedure

  1. Stop the Pentaho Server.

  2. Navigate to the pentaho/server/pentaho-server/pentaho-solutions/system/hibernate directory.

  3. Perform the following action depending on whether you have previously customized the hibernate.cfg.xml file for your database type:

    • If you have not customized the hibernate.cfg.xml file, replace the existing version of the file with the hibernate.cfg.xml.merge.post-upgrade file. The hibernate.cfg.xml.merge.post-upgrade file is the 9.4 version of the file.
    • If you have customized the hibernate.cfg.xml file before upgrading and you have not yet applied these customizations to the 9.4 version of the file, merge your customizations into the hibernate.cfg.xml file. See Apply customizations for instructions.
  4. Restart the server and confirm no errors occurred.

    Depending on the error, you may need to contact your customer support representative for help.

Results

Hibernate now has the Pentaho 9.4 version of this file for password encryption to work.

Next steps

After setting up Tomcat, Quartz, and Hibernate to work with password encryption, you can now use encrypted passwords with Pentaho 9.4 products. See Use password encryption with Pentaho for instructions.