How to Reset the Management Plane Admin User Password via API?
Problem
Unable to log in to the Management Plane UI using the password fetched from the output of the airctl get-creds output. Error- "Login failed"
Environment
- Platform9 Edge Cloud - v5.3.
Procedure
Steps to update the password of the user admin@airctl.localnet
from the keystone using api:
- Login to the DU VM, switch to root user and source the
admin_admin.rc
file:
root@airctl-1.pf9.localnet ~(admin)]]# source admin_admin.rc
- Generate new token using openstack and save it to a variable TOKEN
x
[root@airctl-1.pf9.localnet ~(admin)]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2025-02-22T08:57:59+0000 |
| id | gAAAAABnuEAXd-rz9qPMcAPWjcpKXTCJj610muLxjRzeXnLHr3qLu_eDzPo0dYY5oKgx4KdNLAg_QTPoqpx7ocAa40MnUXsgnybz_eNPmTEFu-lFzqLt3AR4k8BrGW4uZCnzauTcGWl_DQXe9G3vcytBZDRPXWXmjKXlh_Js1x40yY7Y1NiwFUw |
| project_id | 27ff3c72da5a40559b879e3fc2b9ed71 |
| user_id | 73ed1caef0d9478d90308a06ae95eebd |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@airctl-1.pf9.localnet ~(admin)]# TOKEN="gAAAAABnuEAXd-rz9qPMcAPWjcpKXTCJj610muLxjRzeXnLHr3qLu_eDzPo0dYY5oKgx4KdNLAg_QTPoqpx7ocAa40MnUXsgnybz_eNPmTEFulFzqLt3AR4k8BrGW4uZCnzauTcGWl_DQXe9G3vcytBZDRPXWXmjKXlh_Js1x40yY7Y1NiwFUw"
- Get the user ID id the user
admin@airctl.localnet
from the Mysql Keystone database:
[centos@airctl-1 ~]$ sudo mysql keystone
mysql> select * from local_user where name='admin@airctl.localnet';
+----+----------------------------------+-----------+-----------------------+-------------------+----------------+
| id | user_id | domain_id | name | failed_auth_count | failed_auth_at |
+----+----------------------------------+-----------+-----------------------+-------------------+----------------+
| 1 | e34183c1320046c0a08b20021bad7b81 | default | admin@airctl.localnet | 0 | NULL |
+----+----------------------------------+-----------+-----------------------+-------------------+----------------+
1 rows in set (0.00 sec)
- Execute the POST call on the keystone API using the below curl call:
In the original password is unknown/not-working - Use PATCH api call
# curl -k -X PATCH -H "X-Auth-Token: $TOKEN" -H "Content-Type: application/json" -d '{ "user": {"password": "'<New-Password>'"} }' "https://airctl-1-3569273-767.pf9.localnet/keystone/v3/users/e34183c1320046c0a08b20021bad7b81"
[root@airctl-1.pf9.localnet ~(admin)] curl -X POST -k -H "X-Auth-Token: $TOKEN" -H "Content-Type: application/json" -d '{ "user": {"password": "'<NEW-PASSWORD>'", "original_password": "'<OLD-PASSWORD>'"} }' "https://airctl-1.pf9.localnet/keystone/v3/users/e34183c1320046c0a08b20021bad7b81/password"
[root@airctl-1 ~]#
- To Persist the changes the password needs to be updated in the MongoDB:
Log in to MongoDB docker container and verify the existing password for airctl-1-pf9-localnet-admin_pass
[centos@test-pf9-du-host-airgap .airctl]$ docker exec -it b046b7cd44f2 bash
root@test-pf9-du-host-airgap:/#
root@test-pf9-du-host-airgap-:/# mongo
MongoDB shell version v3.6.23
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("d6b31d95-cc83-4449-8974-a1a71ae3ad89") }
MongoDB server version: 3.6.23
> use pf9
switched to db pf9
> db.secrets.findOne({ "tag": "airctl-1-pf9-localnet-admin_pass" })
{
"_id" : ObjectId("67b5883f38a97d000190be8a"),
"tag" : "airctl-1-pf9-localnet-admin_pass",
"context" : "customer",
"driver" : "null",
"record" : {
"HYAT!" : "<OLD-PASSWORD>",
"binary" : false
}
}
- Update the new password for the
airctl-1-pf9-localnet-admin_pass
and verify the change:
> db.secrets.updateOne({"tag":"airctl-1-pf9-localnet-admin_pass"}, {$set: {"record": {"HYAT!": "<NEW-PASSWORD>", "binary": false}}})
{ "acknowledged" : true, "matchedCount" : 1, "modifiedCount" : 1 }
>
>
>
> db.secrets.findOne({ "tag": "airctl-1-pf9-localnet-admin_pass" })
{
"_id" : ObjectId("67b5883f38a97d000190be8a"),
"tag" : "airctl-1-pf9-localnet-admin_pass",
"context" : "customer",
"driver" : "null",
"record" : {
"HYAT!" : "<NEW-PASSWORD>",
"binary" : false
}
}
- The save the changes made in MongoDB using below command:
[centos@test-pf9-du-host-airgap-.airctl]$ /opt/pf9/airctl/airctl advanced-du save-mongo --config /opt/pf9/airctl/conf/airctl-config.yaml
mongo save done
- The UI should be accessible with the new password for the user
admin@airctl.localnet
.
Additional Information
If the changes are not getting reflected try to stop and start the DU VM using the airctl command:
[centos@test-pf9-du-host-airgap ~]$ /opt/pf9/airctl/airctl stop --config /opt/pf9/airctl/conf/airctl-config.yaml
stopped management plane
[centos@test-pf9-du-host-airgap ~]$
[centos@test-pf9-du-host-airgap ~]$ /opt/pf9/airctl/airctl start --config /opt/pf9/airctl/conf/airctl-config.yaml
starting management plane
your management plane web UI is accessible at: https://airctl-1.pf9.localnet
find credentials to login by running get-creds
[centos@test-pf9-du-host-airgap ~]$ /opt/pf9/airctl/airctl status --config /opt/pf9/airctl/conf/airctl-config.yaml
management plane is started
Was this page helpful?