Versions Compared

Old Version 1

changes.mady.by.user Gurpreet Luthra

Saved on

compared with

New Version Current

changes.mady.by.user Gokul Kuppan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

At a high level, for each of the services you run, ensure the username & passwords are secure. Check for all services including OpenMRS, Crater, Metabase, Odoo, DCM4chee, OpenELIS, etc, and also the associated databasecredentials.

For this, you would need to ensure a particular service is running, then login into its Admin section, update the credentials in the .env file for services & DB’s, and for some of the services, you need to ensure that they are running. Then, log in to their admin section and change the default credentials. You would also need to ensure Additionally, make sure to update the .env file is updated with the new credentials after bringing down the service, with the new creds, before you bring bringing the services back up.

This whole process should likely take you approx. 30-45 mins. To know which all passwords need to be changed, search for all variables in .env file which end with PASSWORD. See the sample command that can help: cat .env | grep PASSWORD

...

Credentials for Bahmni Lite

Service/DB

Variables

Comments

OpenMRS/Bahmni UI & Atomfeed

OPENMRS_ATOMFEED_USER OPENMRS_ATOMFEED_PASSWORD

Follow detailed steps for OpenMRS/Bahmni

OpenMRS Database(MySQL)

OPENMRS_DB_USERNAME OPENMRS_DB_PASSWORD MYSQL_ROOT_PASSWORD

Update the credentials on .env file before doing first installation.

Carter UI & Atomfeed

UI-

CRATER_ADMIN_EMAIL CRATER_ADMIN_PASSWORD

Atomfeed-

CRATER_USERNAME CRATER_PASSWORD

This creds will be used to login crater UI & Atomfeed. Update the credentials on .env file before doing first installation.

Both UI & Atomfeed creds should be same.

Crater DB

CRATER_DB_USERNAME CRATER_DB_USERNAME

Update the credentials on .env file before doing first installation.

Crater Atomfeed DB

CRATER_ATOMFEED_DB_USERNAME CRATER_ATOMFEED_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Reports DB

REPORTS_DB_USERNAME REPORTS_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Metabase UI

METABASE_ADMIN_EMAIL METABASE_ADMIN_EMAIL

This creds will be used to login Metabase UI, update the credentials on .env file before doing first installation.

Metabase DB

METABASE_DB_USER METABASE_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Mart DB

MART_DB_USERNAME MART_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Credentials for Bahmni Standard

Service/DB

Variables

Comments

OpenMRS/Bahmni UI & Atomfeed

OPENMRS_ATOMFEED_USER OPENMRS_ATOMFEED_PASSWORD

Follow detailed steps for OpenMRS/Bahmni

OpenMRS Database

OPENMRS_DB_USERNAME OPENMRS_DB_PASSWORD MYSQL_ROOT_PASSWORD

Update the credentials on .env file before doing first installation.

OpenElis UI & Atomfeed

OPENELIS_ATOMFEED_USER OPENELIS_ATOMFEED_PASSWORD

Follow detailed steps for OpenELIS

OpenElis DB

OPENELIS_DB_USER OPENELIS_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Odoo UI & Atomfeed

ODOO_ATOMFEED_USER ODOO_ATOMFEED_PASSWORD

Follow detailed steps for Odoo

Odoo DB

ODOO_DB_USER ODOO_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Pacs DB

DCM4CHEE_DB_USERNAME DCM4CHEE_DB_PASSWORD PACS_DB_ROOT_PASSWORD

Update the credentials on .env file before doing first installation.

Pacs Integration DB

ODOO_DB_USER ODOO_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Reports DB

REPORTS_DB_USERNAME REPORTS_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Metabase UI

METABASE_ADMIN_EMAIL METABASE_ADMIN_PASSWORD

This creds will be used to login Metabase UI, update the credentials on .env file before doing first installation.

Metabase DB

METABASE_DB_USER METABASE_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Mart DB

MART_DB_USERNAME MART_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Steps needed for each Service

OpenMRS/Bahmni

...

For OpenMRS / Bahmni EMR UI, change

...

credentials by:

  1. Login into OpenMRS Admin UI (https://<ip>/openmrs/) with admin rights (superman user)

  2. Go to

    Adminstration

    Administration → Manage User

  3. Change the creds for admin users: superman and admin

  4. Save/Exit/Logout and login again to check the creds work as expected.

  5. Update .env file with new creds for

    all variables related to OPENMRS, where the old password was specified. Check atomfeed related creds also in .env file. Change them too.

    OpenELIS: variables OPENMRS_ATOMFEED_USER and OPENMRS_ATOMFEED_PASSWORD

OpenELIS

...

For OpenELIS (Lab), follow these steps after login with admin user admin: Lab Security and Access Control (OpenELIS) and then update the .env file with new creds for variables

...

Crater:

OPENELIS_ATOMFEED_USER and OPENELIS_ATOMFEED_PASSWORD

Crater

Note

Follow these steps only if you need to update the credentials after the initial installation. If you have already updated the secure credentials in the .env file during the fresh installation, you can skip these steps.

  1. Login into the crater as admin (superman@bahmni.org).

  2. Go to Settings → Account Setting

  3. Change the password to a new one

  4. Save/Exit/Logout and login again to check the creds work as expected.

  5. Update the .env file with new creds for variables CRATER

    , where the old password was specified.

  6. Check atomfeed related creds also in .env file. Change them too.

    7. Odoo:_ADMIN_EMAIL, CRATER_ADMIN_PASSWORD,

    CRATER_USERNAME and CRATER_PASSWORD

Odoo

  1. Login to Odoo with user admin and change the password.

  2. Save/Exit/Logout and login again to check the creds work as expected.

  3. Check atomfeed related creds also in .env file. Change them too.

  4. Metabase Analytics:Update the .env file with new creds for variables ODOO_ATOMFEED_USER and ODOO_ATOMFEED_PASSWORD

Metabase Analytics

Note

Follow these steps only if you need to update the credentials after the initial installation. If you have already updated the secure credentials in the .env file during the fresh installation, you can skip these steps.

  1. Login to metabase with admin@mybahmni.org

  2. Go to Settings → Admin Settings → People (https://<ip>/metabase/admin/people)

  3. Click on the “…” (3 dots) on the right side of Admin user, and reset the password.

  4. Save/Exit/Logout and login again to check the creds work as expected.

  5. Update .env file with new creds for METABASE_ADMIN_EMAIL and METABASE_ADMIN_PASSWORD.

  6. Also, ensure you have

    setup

    set up the correct permissions for other users: Securing Metabase & Bahmni Mart Analytics Tool

DCM4chee

...

  1. Login to Dcm4chee service with admin user: admin

  2. Change password.

  3. Save/Exit/Logout and login again to check the creds work as expected.

  4. Check atomfeed related creds also in .env file. Change them too.

    5. Databases: We don't have to update anything on .env file.

Databases

Note

Follow these steps only if you need to update the credentials after the initial installation. If you have already updated the secure credentials in the .env file during the fresh installation, you can skip these steps.

  1. Note, the app services like openmrs, or crater, or odoo should be

    shutdown

    shut down, before changing DB service credentials, to ensure none of the services are connected to DB.

  2. For databases you will need to ssh/exec into each container (docker compose exec <db-servicename>, and then using mysql or pgsql command, connect and then rename. To connect to a database see: Connecting to various databases.

  3. To reset password for MySQL see: https://dev.mysql.com/doc/refman/8.0/en/resetting-permissions.html and for Postgres see: https://www.geeksforgeeks.org/postgresql-reset-password-for-postgres/ (step 4 onwards).

  4. Once done, then update the .env file with new DB credentials and restart the service.

Tip

Great job keeping Bahmni secure for all users and patients!! Thanks!