Friday, October 20, 2017

How to reset mongodb rootadmin password ??




Sometimes we have to manage credentials for lots of things and its obvious that we can forget one of them. Here I am going to explain that how we can reset "rootadmin" password for running mongodb replica set.

I am not going in details about installation, configuration or functionality detail. Instead, I'll directly jump to actual technical hacking stuff. Along with with we'll also learn some sed tricks that can be handy on many occasions.

Things responsible for Authentication/Permissions with in mongodb replica set-


security:
  keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
  authorization: "enabled"
keyFile - This is the path to file that stores the shared secret that all MongoDB instances use to authenticate to each other in a sharded cluster or replica set.
authorization - This will Enable or disable Role-Based Access Control (RBAC) to govern each user’s access to database resources and operations. By default, this will be Disabled

So, in working env when we forget rootadmin password. By the way "rootadmin" is the user who has all admin level access to perform anything on |admin| and other DBs.

$ mongo -u rootadmin -p secret   mongo-server:27017/admin
MongoDB shell version: 3.2.15
connecting to: mongo-server:27017/admin
2017-10-20T13:44:29.431+0200 E QUERY    [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1441:20
@(auth):6:1
@(auth):1:2
exception: login failed


 So, first of all, stop all nodes in MongoDB replica set. Comment out the three line which will be there in your configuration files. Here I am running three instances on the same node so using |sed| trick to comment and uncomment the multiple config files.

Before making changes -


$ grep -ri -A 1 -B 1 key node?/conf/mongod.conf 
node1/conf/mongod.conf-security:
node1/conf/mongod.conf:  keyFile: "/data/mongo3.2/node1/mongo_3.2-keyfile"
node1/conf/mongod.conf-  authorization: "enabled"
--
node2/conf/mongod.conf-security:
node2/conf/mongod.conf:  keyFile: "/data/mongo3.2/node2/mongo_3.2-keyfile"
node2/conf/mongod.conf-  authorization: "enabled"
--
node3/conf/mongod.conf-security:
node3/conf/mongod.conf:  keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
node3/conf/mongod.conf-  authorization: "enabled"


Comment out the security config parameter(Here I am commenting line number 20-22)-


$ sudo  sed  -i '20,22 s/^/#/' node?/conf/mongod.conf 

Check again after making changes(See the diference # ) -


$ grep -ri -A 1 -B 1 key node?/conf/mongod.conf
node1/conf/mongod.conf-#security:
node1/conf/mongod.conf:#  keyFile: "/data/mongo3.2/node1/mongo_3.2-keyfile"
node1/conf/mongod.conf-#  authorization: "enabled"
--
node2/conf/mongod.conf-#security:
node2/conf/mongod.conf:#  keyFile: "/data/mongo3.2/node2/mongo_3.2-keyfile"
node2/conf/mongod.conf-#  authorization: "enabled"
--
node3/conf/mongod.conf-#security:
node3/conf/mongod.conf:#  keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
node3/conf/mongod.conf-#  authorization: "enabled"

Start all the nodes, and login without the password. 


$ mongo   mongo-server:27017/admin
MongoDB shell version: 3.2.15
connecting to: mongo-server:27017/admin
Server has startup warnings:
2017-10-20T13:40:19.999+0200 I CONTROL  [initandlisten]
MongoDB Enterprise rs0:PRIMARY> show dbs
admin  0.078GB
local  6.075GB
MongoDB Enterprise rs0:PRIMARY> db
admin
MongoDB Enterprise rs0:PRIMARY> db.changeUserPassword("rootadmin","new-password")
MongoDB Enterprise rs0:PRIMARY>
bye

Now, Uncomment security stuff again in config file and give restart to all nodes.

$ sudo  sed  -i '20,22 s/^#//' node?/conf/mongod.conf
$ grep -ri -A 1 -B 1 key node?/conf/mongod.conf
node1/conf/mongod.conf-security:
node1/conf/mongod.conf:  keyFile: "/data/mongo3.2/node1/mongo_3.2-keyfile"
node1/conf/mongod.conf-  authorization: "enabled"
--
node2/conf/mongod.conf-security:
node2/conf/mongod.conf:  keyFile: "/data/mongo3.2/node2/mongo_3.2-keyfile"
node2/conf/mongod.conf-  authorization: "enabled"
--
node3/conf/mongod.conf-security:
node3/conf/mongod.conf:  keyFile: "/data/mongo3.2/node3/mongo_3.2-keyfile"
node3/conf/mongod.conf-  authorization: "enabled" 

After that try to login again using new credentials.

$ mongo -u rootadmin -p new-password mongo-server:27017/admin
MongoDB shell version: 3.2.15
connecting to: mongo-server:27017/admin
Server has startup warnings:
2017-10-20T13:47:30.262+0200 I CONTROL  [initandlisten]
MongoDB Enterprise rs0:PRIMARY> show dbs
admin  0.078GB
local  6.075GB
MongoDB Enterprise rs0:PRIMARY> 
Note: If you are not using the config file and just passing arguments, then you can stop and then start replica set nodes without these parameters.


No comments:

Post a Comment

Kubernetes 1.31 || Testing the Image Volume mount feature using Minikube

With Kubernetes new version 1.31 ( https://kubernetes.io/blog/2024/08/13/kubernetes-v1-31-release/ ) there are so many features releases for...