# How to Reset the Management Plane Admin User Password via API? ## Problem Unable to log in to the Management Plane UI using the password fetched from the output of the *airctl get-creds* output. Error- "Login failed" ## Environment * Platform9 Edge Cloud - v5.3. ## Procedure Steps to update the password of the user `admin@airctl.localnet` from the keystone using api: 1. Login to the DU VM, switch to root user and source the `admin_admin.rc` file: {% tabs %} {% tab title="Inside DU VM" %} ```javascript root@airctl-1.pf9.localnet ~(admin)]]# source admin_admin.rc ``` {% endtab %} {% endtabs %} 2. Generate new token using openstack and save it to a variable TOKEN {% tabs %} {% tab title="Inside DU VM" %} ```javascript [root@airctl-1.pf9.localnet ~(admin)]# openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2025-02-22T08:57:59+0000 | | id | gAAAAABnuEAXd-rz9qPMcAPWjcpKXTCJj610muLxjRzeXnLHr3qLu_eDzPo0dYY5oKgx4KdNLAg_QTPoqpx7ocAa40MnUXsgnybz_eNPmTEFu-lFzqLt3AR4k8BrGW4uZCnzauTcGWl_DQXe9G3vcytBZDRPXWXmjKXlh_Js1x40yY7Y1NiwFUw | | project_id | 27ff3c72da5a40559b879e3fc2b9ed71 | | user_id | 73ed1caef0d9478d90308a06ae95eebd | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ [root@airctl-1.pf9.localnet ~(admin)]# TOKEN="gAAAAABnuEAXd-rz9qPMcAPWjcpKXTCJj610muLxjRzeXnLHr3qLu_eDzPo0dYY5oKgx4KdNLAg_QTPoqpx7ocAa40MnUXsgnybz_eNPmTEFulFzqLt3AR4k8BrGW4uZCnzauTcGWl_DQXe9G3vcytBZDRPXWXmjKXlh_Js1x40yY7Y1NiwFUw" ``` {% endtab %} {% endtabs %} 3. Get the user ID id the user `admin@airctl.localnet` from the Mysql Keystone database: {% tabs %} {% tab title="DU VM" %} ```javascript [centos@airctl-1 ~]$ sudo mysql keystone mysql> select * from local_user where name='admin@airctl.localnet'; +----+----------------------------------+-----------+-----------------------+-------------------+----------------+ | id | user_id | domain_id | name | failed_auth_count | failed_auth_at | +----+----------------------------------+-----------+-----------------------+-------------------+----------------+ | 1 | e34183c1320046c0a08b20021bad7b81 | default | admin@airctl.localnet | 0 | NULL | +----+----------------------------------+-----------+-----------------------+-------------------+----------------+ 1 rows in set (0.00 sec) ``` {% endtab %} {% endtabs %} 4. Execute the POST call on the keystone API using the below curl call: {% hint style="info" %} **Info** In the original password is unknown/not-working - Use PATCH api call `# curl -k -X PATCH -H "X-Auth-Token: $TOKEN" -H "Content-Type: application/json" -d '{ "user": {"password": "''"} }' "https://airctl-1-3569273-767.pf9.localnet/keystone/v3/users/e34183c1320046c0a08b20021bad7b81"` {% endhint %} {% tabs %} {% tab title="Inside DU VM" %} ```javascript [root@airctl-1.pf9.localnet ~(admin)] curl -X POST -k -H "X-Auth-Token: $TOKEN" -H "Content-Type: application/json" -d '{ "user": {"password": "''", "original_password": "''"} }' "https://airctl-1.pf9.localnet/keystone/v3/users/e34183c1320046c0a08b20021bad7b81/password" [root@airctl-1 ~]# ``` {% endtab %} {% endtabs %} 5. To Persist the changes the password needs to be updated in the MongoDB: Log in to MongoDB docker container and verify the existing password for `airctl-1-pf9-localnet-admin_pass` {% tabs %} {% tab title="In the DU Host" %} ```javascript [centos@test-pf9-du-host-airgap .airctl]$ docker exec -it b046b7cd44f2 bash root@test-pf9-du-host-airgap:/# root@test-pf9-du-host-airgap-:/# mongo MongoDB shell version v3.6.23 connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb Implicit session: session { "id" : UUID("d6b31d95-cc83-4449-8974-a1a71ae3ad89") } MongoDB server version: 3.6.23 > use pf9 switched to db pf9 > db.secrets.findOne({ "tag": "airctl-1-pf9-localnet-admin_pass" }) { "_id" : ObjectId("67b5883f38a97d000190be8a"), "tag" : "airctl-1-pf9-localnet-admin_pass", "context" : "customer", "driver" : "null", "record" : { "HYAT!" : "", "binary" : false } } ``` {% endtab %} {% endtabs %} 6. Update the new password for the`airctl-1-pf9-localnet-admin_pass` and verify the change: {% tabs %} {% tab title="MongoDB Shell" %} ```javascript > db.secrets.updateOne({"tag":"airctl-1-pf9-localnet-admin_pass"}, {$set: {"record": {"HYAT!": "", "binary": false}}}) { "acknowledged" : true, "matchedCount" : 1, "modifiedCount" : 1 } > > > > db.secrets.findOne({ "tag": "airctl-1-pf9-localnet-admin_pass" }) { "_id" : ObjectId("67b5883f38a97d000190be8a"), "tag" : "airctl-1-pf9-localnet-admin_pass", "context" : "customer", "driver" : "null", "record" : { "HYAT!" : "", "binary" : false } } ``` {% endtab %} {% endtabs %} 7. The save the changes made in MongoDB using below command: {% tabs %} {% tab title="In the DU Host" %} ```javascript [centos@test-pf9-du-host-airgap-.airctl]$ /opt/pf9/airctl/airctl advanced-du save-mongo --config /opt/pf9/airctl/conf/airctl-config.yaml mongo save done ``` {% endtab %} {% endtabs %} 8. The UI should be accessible with the new password for the user `admin@airctl.localnet` . ## Additional Information If the changes are not getting reflected try to stop and start the DU VM using the airctl command: {% tabs %} {% tab title="In the DU Host" %} ```javascript [centos@test-pf9-du-host-airgap ~]$ /opt/pf9/airctl/airctl stop --config /opt/pf9/airctl/conf/airctl-config.yaml stopped management plane [centos@test-pf9-du-host-airgap ~]$ [centos@test-pf9-du-host-airgap ~]$ /opt/pf9/airctl/airctl start --config /opt/pf9/airctl/conf/airctl-config.yaml starting management plane ... your management plane web UI is accessible at: https://airctl-1.pf9.localnet find credentials to login by running get-creds [centos@test-pf9-du-host-airgap ~]$ /opt/pf9/airctl/airctl status --config /opt/pf9/airctl/conf/airctl-config.yaml management plane is started ``` {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://platform9.com/kb/smcp/frequently-asked-questions/how-to-reset-the-management-plane-admin-user-password-via-api.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.