Sometimes we have to manage credentials for lots of things and its obvious that we can forget one of them. Here I am going to explain that how we can reset "rootadmin" password for running mongodb replica set.
I am not going in details about installation, configuration or functionality detail. Instead, I'll directly jump to actual technical hacking stuff. Along with with we'll also learn some sed tricks that can be handy on many occasions.
Things responsible for Authentication/Permissions with in mongodb replica set-
security:keyFile - This is the path to file that stores the shared secret that all MongoDB instances use to authenticate to each other in a sharded cluster or replica set.
keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
authorization: "enabled"
authorization - This will Enable or disable Role-Based Access Control (RBAC) to govern each user’s access to database resources and operations. By default, this will be Disabled
So, in working env when we forget rootadmin password. By the way "rootadmin" is the user who has all admin level access to perform anything on |admin| and other DBs.
$ mongo -u rootadmin -p secret mongo-server:27017/admin
MongoDB shell version: 3.2.15
connecting to: mongo-server:27017/admin
2017-10-20T13:44:29.431+0200 E QUERY [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1441:20
@(auth):6:1
@(auth):1:2
exception: login failed
So, first of all, stop all nodes in MongoDB replica set. Comment out the three line which will be there in your configuration files. Here I am running three instances on the same node so using |sed| trick to comment and uncomment the multiple config files.
Before making changes -
$ grep -ri -A 1 -B 1 key node?/conf/mongod.conf
node1/conf/mongod.conf-security:
node1/conf/mongod.conf: keyFile: "/data/mongo3.2/node1/mongo_3.2-keyfile"node1/conf/mongod.conf- authorization: "enabled"
--
node2/conf/mongod.conf-security:
node2/conf/mongod.conf: keyFile: "/data/mongo3.2/node2/mongo_3.2-keyfile"
node2/conf/mongod.conf- authorization: "enabled"
--
node3/conf/mongod.conf-security:
node3/conf/mongod.conf: keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
node3/conf/mongod.conf- authorization: "enabled"
Comment out the security config parameter(Here I am commenting line number 20-22)-
$ sudo sed -i '20,22 s/^/#/' node?/conf/mongod.conf
Check again after making changes(See the diference # ) -
$ grep -ri -A 1 -B 1 key node?/conf/mongod.conf
node1/conf/mongod.conf-#security:
node1/conf/mongod.conf:# keyFile: "/data/mongo3.2/node1/mongo_3.2-keyfile"
node1/conf/mongod.conf-# authorization: "enabled"
--
node2/conf/mongod.conf-#security:
node2/conf/mongod.conf:# keyFile: "/data/mongo3.2/node2/mongo_3.2-keyfile"
node2/conf/mongod.conf-# authorization: "enabled"
--
node3/conf/mongod.conf-#security:
node3/conf/mongod.conf:# keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
node3/conf/mongod.conf-# authorization: "enabled"
node1/conf/mongod.conf-#security:
node1/conf/mongod.conf:# keyFile: "/data/mongo3.2/node1/mongo_3.2-keyfile"
node1/conf/mongod.conf-# authorization: "enabled"
--
node2/conf/mongod.conf-#security:
node2/conf/mongod.conf:# keyFile: "/data/mongo3.2/node2/mongo_3.2-keyfile"
node2/conf/mongod.conf-# authorization: "enabled"
--
node3/conf/mongod.conf-#security:
node3/conf/mongod.conf:# keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
node3/conf/mongod.conf-# authorization: "enabled"
Start all the nodes, and login without the password.
$ mongo mongo-server:27017/admin
MongoDB shell version: 3.2.15
connecting to: mongo-server:27017/admin
Server has startup warnings:
2017-10-20T13:40:19.999+0200 I CONTROL [initandlisten]
MongoDB Enterprise rs0:PRIMARY> show dbs
admin 0.078GB
local 6.075GB
MongoDB Enterprise rs0:PRIMARY> db
admin
MongoDB Enterprise rs0:PRIMARY> db.changeUserPassword("rootadmin","new-password")
MongoDB Enterprise rs0:PRIMARY>
bye
MongoDB shell version: 3.2.15
connecting to: mongo-server:27017/admin
Server has startup warnings:
2017-10-20T13:40:19.999+0200 I CONTROL [initandlisten]
MongoDB Enterprise rs0:PRIMARY> show dbs
admin 0.078GB
local 6.075GB
MongoDB Enterprise rs0:PRIMARY> db
admin
MongoDB Enterprise rs0:PRIMARY> db.changeUserPassword("rootadmin","new-password")
MongoDB Enterprise rs0:PRIMARY>
bye
Now, Uncomment security stuff again in config file and give restart to all nodes.
$ sudo sed -i '20,22 s/^#//' node?/conf/mongod.conf
$ grep -ri -A 1 -B 1 key node?/conf/mongod.conf
node1/conf/mongod.conf-security:
node1/conf/mongod.conf: keyFile: "/data/mongo3.2/node1/mongo_3.2-keyfile"
node1/conf/mongod.conf- authorization: "enabled"
--
node2/conf/mongod.conf-security:
node2/conf/mongod.conf: keyFile: "/data/mongo3.2/node2/mongo_3.2-keyfile"
node2/conf/mongod.conf- authorization: "enabled"
--
node3/conf/mongod.conf-security:
node3/conf/mongod.conf: keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
node3/conf/mongod.conf- authorization: "enabled"
$ grep -ri -A 1 -B 1 key node?/conf/mongod.conf
node1/conf/mongod.conf-security:
node1/conf/mongod.conf: keyFile: "/data/mongo3.2/node1/mongo_3.2-keyfile"
node1/conf/mongod.conf- authorization: "enabled"
--
node2/conf/mongod.conf-security:
node2/conf/mongod.conf: keyFile: "/data/mongo3.2/node2/mongo_3.2-keyfile"
node2/conf/mongod.conf- authorization: "enabled"
--
node3/conf/mongod.conf-security:
node3/conf/mongod.conf: keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
node3/conf/mongod.conf- authorization: "enabled"
After that try to login again using new credentials.
$ mongo -u rootadmin -p new-password mongo-server:27017/adminNote: If you are not using the config file and just passing arguments, then you can stop and then start replica set nodes without these parameters.
MongoDB shell version: 3.2.15
connecting to: mongo-server:27017/admin
Server has startup warnings:
2017-10-20T13:47:30.262+0200 I CONTROL [initandlisten]
MongoDB Enterprise rs0:PRIMARY> show dbs
admin 0.078GB
local 6.075GB
MongoDB Enterprise rs0:PRIMARY>
