What is the procedure to reset “admin” password when forgot, with out logging to cluster via AQL?
There is no password requirement on Community Edition.
Thanks Piyush for the response.
What is the procedure in case of Enterprise edition?
The simplest way would be to stop the cluster and delete
smd/security.smd from all nodes and then start the cluster. This file is typically stored as
Note: you cannot delete this file and restart one node at a time because the other nodes will restore this SMD file.
If this is a production cluster and you don’t want to do this with downtime, please contact Enterprise Support since this is a more involved procedure.
Also note that deleting this file will also delete all users, passwords, role assignments, etc.
Thanks Kevin. deleting security.smd works fine and able to login. Yes it looks like a risky and we are loosing all the roles assigned to admin account including other users. Hope aerospike will come up with an alternative to this as in production this approach is not recommended.
An alternative already exists, it is just a bit more tedious. Basically you would need to stop a server edit security.smd on that server and manually add new a user with the appropriate role and password and start the server back up. When the server comes up, it would then share this information with the other nodes.
Note: Since we do not store the plaintext passwords, we would need to generate this credential on another aerospike node which could be spun up just for this task.
Once this has been done, we could then use this new user to change the passwords on accounts with forgotten passwords.
If this ever comes up in production in the future, I would recommend reaching out to Enterprise Support to assist with these edits.
Thanks again Kevin for your prompt response with detailed steps.
While I totally agree in contacting aerospike enterprise support in case of production, there would be a delay in getting the issue fixed in production environment, so wondering if aerospike can invest some time to come up with a straight forward method of recovering forgotten admin account password without any downtime associated. I believe this could happen commonly in most of clients environment.
The simplest was would be to have a user with the “USER ADMIN” role reset the password for the account.
Thanks Kevin, but it looks like we need to maintain two different users (admin and other ) which should have “USER ADMIN” role, and security wise it’s not a best practice.