How to Reset the Management Plane Admin User Password via API?
Problem
Unable to log in to the Management Plane UI using the password fetched from the output of the airctl get-creds output. Error- "Login failed"
Environment
- Platform9 Edge Cloud - v5.3.
Procedure
Steps to update the password of the user admin@airctl.localnet from the keystone using api:
- Login to the DU VM, switch to root user and source the
admin_admin.rcfile:
root@airctl-1.pf9.localnet ~(admin)]]# source admin_admin.rc- Generate new token using openstack and save it to a variable TOKEN
x
[root@airctl-1.pf9.localnet ~(admin)]# openstack token issue+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+| Field | Value |+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+| expires | 2025-02-22T08:57:59+0000 || id | gAAAAABnuEAXd-rz9qPMcAPWjcpKXTCJj610muLxjRzeXnLHr3qLu_eDzPo0dYY5oKgx4KdNLAg_QTPoqpx7ocAa40MnUXsgnybz_eNPmTEFu-lFzqLt3AR4k8BrGW4uZCnzauTcGWl_DQXe9G3vcytBZDRPXWXmjKXlh_Js1x40yY7Y1NiwFUw || project_id | 27ff3c72da5a40559b879e3fc2b9ed71 || user_id | 73ed1caef0d9478d90308a06ae95eebd |+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+[root@airctl-1.pf9.localnet ~(admin)]# TOKEN="gAAAAABnuEAXd-rz9qPMcAPWjcpKXTCJj610muLxjRzeXnLHr3qLu_eDzPo0dYY5oKgx4KdNLAg_QTPoqpx7ocAa40MnUXsgnybz_eNPmTEFulFzqLt3AR4k8BrGW4uZCnzauTcGWl_DQXe9G3vcytBZDRPXWXmjKXlh_Js1x40yY7Y1NiwFUw"- Get the user ID id the user
admin@airctl.localnetfrom the Mysql Keystone database:
[centos@airctl-1 ~]$ sudo mysql keystone mysql> select * from local_user where name='admin@airctl.localnet';+----+----------------------------------+-----------+-----------------------+-------------------+----------------+| id | user_id | domain_id | name | failed_auth_count | failed_auth_at |+----+----------------------------------+-----------+-----------------------+-------------------+----------------+| 1 | e34183c1320046c0a08b20021bad7b81 | default | admin@airctl.localnet | 0 | NULL | +----+----------------------------------+-----------+-----------------------+-------------------+----------------+1 rows in set (0.00 sec)- Execute the POST call on the keystone API using the below curl call:
In the original password is unknown/not-working - Use PATCH api call
# curl -k -X PATCH -H "X-Auth-Token: $TOKEN" -H "Content-Type: application/json" -d '{ "user": {"password": "'<New-Password>'"} }' "https://airctl-1-3569273-767.pf9.localnet/keystone/v3/users/e34183c1320046c0a08b20021bad7b81"
[root@airctl-1.pf9.localnet ~(admin)] curl -X POST -k -H "X-Auth-Token: $TOKEN" -H "Content-Type: application/json" -d '{ "user": {"password": "'<NEW-PASSWORD>'", "original_password": "'<OLD-PASSWORD>'"} }' "https://airctl-1.pf9.localnet/keystone/v3/users/e34183c1320046c0a08b20021bad7b81/password"[root@airctl-1 ~]#- To Persist the changes the password needs to be updated in the MongoDB:
Log in to MongoDB docker container and verify the existing password for airctl-1-pf9-localnet-admin_pass
[centos@test-pf9-du-host-airgap .airctl]$ docker exec -it b046b7cd44f2 bashroot@test-pf9-du-host-airgap:/#root@test-pf9-du-host-airgap-:/# mongoMongoDB shell version v3.6.23connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodbImplicit session: session { "id" : UUID("d6b31d95-cc83-4449-8974-a1a71ae3ad89") }MongoDB server version: 3.6.23> use pf9switched to db pf9> db.secrets.findOne({ "tag": "airctl-1-pf9-localnet-admin_pass" }){ "_id" : ObjectId("67b5883f38a97d000190be8a"), "tag" : "airctl-1-pf9-localnet-admin_pass", "context" : "customer", "driver" : "null", "record" : { "HYAT!" : "<OLD-PASSWORD>", "binary" : false }}- Update the new password for the
airctl-1-pf9-localnet-admin_passand verify the change:
> db.secrets.updateOne({"tag":"airctl-1-pf9-localnet-admin_pass"}, {$set: {"record": {"HYAT!": "<NEW-PASSWORD>", "binary": false}}}){ "acknowledged" : true, "matchedCount" : 1, "modifiedCount" : 1 }>>>> db.secrets.findOne({ "tag": "airctl-1-pf9-localnet-admin_pass" }){ "_id" : ObjectId("67b5883f38a97d000190be8a"), "tag" : "airctl-1-pf9-localnet-admin_pass", "context" : "customer", "driver" : "null", "record" : { "HYAT!" : "<NEW-PASSWORD>", "binary" : false }}- The save the changes made in MongoDB using below command:
[centos@test-pf9-du-host-airgap-.airctl]$ /opt/pf9/airctl/airctl advanced-du save-mongo --config /opt/pf9/airctl/conf/airctl-config.yamlmongo save done- The UI should be accessible with the new password for the user
admin@airctl.localnet.
Additional Information
If the changes are not getting reflected try to stop and start the DU VM using the airctl command:
[centos@test-pf9-du-host-airgap ~]$ /opt/pf9/airctl/airctl stop --config /opt/pf9/airctl/conf/airctl-config.yamlstopped management plane[centos@test-pf9-du-host-airgap ~]$[centos@test-pf9-du-host-airgap ~]$ /opt/pf9/airctl/airctl start --config /opt/pf9/airctl/conf/airctl-config.yamlstarting management plane your management plane web UI is accessible at: https://airctl-1.pf9.localnetfind credentials to login by running get-creds[centos@test-pf9-du-host-airgap ~]$ /opt/pf9/airctl/airctl status --config /opt/pf9/airctl/conf/airctl-config.yamlmanagement plane is startedWas this page helpful?