Please see http://status.cloudbees.com for status indicators and high level system status information.
For support, please visit support.cloudbees.com or email support@cloudbees.com

Monday 4 November 2013

MongoHQ password reset has completed

The MongoHQ password reset has completed and the MONGOHQ_URL entry for all resource definitions have been updated.  Applications with resource bindings declared for MongoHQ databases have been automatically restarted.

We recommend checking on any applications that are using MongoHQ databases to verify they are now working as expected.  If you are experiencing MongoHQ connectivity problems after this reset, please review the guidance offered in our previous blog post on the CloudBees status website.  If you are experiencing issues with a paid production application, please open a support ticket with the appropriate severity level set and the word “MongoHQ” in the ticket name.

We apologize for any impact the MongoHQ security breach has had, but we hope the coordination between CloudBees and MongoHQ has minimized the operational problem of updating passwords.

MongoHQ Password Reset is Underway

As communicated to MongoHQ subscribers via email,  MongoHQ is in the process of resetting the 'cloudbees' user password for all MongoHQ instances that have been created by CloudBees customers. CloudBees is working with MongoHQ to co-ordinate this reset process and minimize its impact on customers.  
  • If you have any applications running on CloudBees using resource bindings to connect to a MongoHQ database, we will automatically restart your application after the password is reset. No action is required on your part. These existing applications using the MongoHQ service will continue to work after the restart.
  • If you have any applications or external resources that are directly connecting to MongoHQ using the current ‘cloudbees’ username/password, these credentials will no longer work after the automated password reset. In this case, you should take steps now to ensure that your MongoHQ clients are using credentials that you have created using the MongoHQ admin->users page. Until you make changes to use the new credentials, existing applications making direct connections using the ‘cloudbees’ username/password will not work once the password reset has taken place.
  • If you have taken proactive steps already to remove the ‘cloudbees’ user and to adjust your application application code to initialize your MongoHQ clients with the new credentials that you have provisioned, you will not be impacted by the upcoming reset process for the ‘cloudbees’ user.

In summary, for CloudBees users of MongoHQ

  • If you take no action and are using CloudBees resource bindings to connect applications to MongoHQ, an upcoming reset of the ‘cloudbees’ password, followed by an application restart will take place to properly secure your database.
  • If you connect to MongoHQ directly or you want to take action before the upcoming password reset, you need to reset your passwords and modify your application logic accordingly.
  • If you connect to MongoHQ directly using the ‘cloudbees’ username (unlikely but possible), the upcoming password reset will require you to create a new username/password combination and modify your application logic accordingly.

We will post an update once the MongoHQ password reset process is completed.  If you have any questions, please open a CloudBees support ticket.

Additional resources: