Reset the "admin" user password

This document (000020787) is provided subject to the disclaimer at the end of this document.

Situation

The admin password is the key to administering the NeuVector deployment and viewing the cluster network activities.  It is important to change the password upon installation and keep it safely guarded.  Sometimes, the password is guarded too well and gets lost or the administrator leaves the company.  If you have kubectl access to the cluster, you can reset the admin password to the default using the following steps.

REMINDER: Please save the JSON output from the consul kv get command until you successfully complete the procedure and verify it worked!

    Resolution

     
    1. Execute into one of the controller pods
      • kubectl exec -it <controller_pod> -n neuvector -- sh
    2. Check if admin entry exists and saved the output JSON somewhere for safekeeping. (If the entry does not exist, please stop and consult with NeuVector Support.)
      • consul kv get object/config/user/admin
    3. Take the output from the above consul kv get command and replace the password_hash string with the below hash string for "admin".  This output takes the place of <REPLACE_ME> in step 4, and it should be a single continuous line WITHOUT line breaks.
      • c7ad44cbad762a5da0a452f9e854fdc1e0e7a52a38015f23f3eab1d80b931dd472634dfac71cd34ebc35d16ab7fb8a90c81f975113d6c7538dc69dd8de9077ec
      • Example (UPDATED JSON): {"fullname":"admin","username":"admin","password_hash":"c7ad44cbad762a5da0a452f9e854fdc1e0e7a52a38015f23f3eab1d80b931dd472634dfac71cd34ebc35d16ab7fb8a90c81f975113d6c7538dc69dd8de9077ec","pwd_reset_time":"2023-03-23T21:25:23.75136146Z","pwd_hash_history":null,"domain":"","server":"","email":"","role":"admin","role_oride":false,"timeout":300,"locale":"en","role_domains":{},"last_login_at":"2023-03-23T21:25:01.981582916Z","login_count":1,"failed_login_count":0,"block_login_since":"0001-01-01T00:00:00Z"}
    4. Apply the UPDATED JSON by replacing <REPLACE_ME> in the below example command before execution.  The single quotes surrounding the JSON are needed.   (It is best to craft this command inside a text editor to verify before applying it to the controller shell.)
      • ​​​​consul kv put object/config/user/admin '<REPLACE_ME>'
    5. The below message gets returned upon successful update.
      • Success! Data written to: object/config/user/admin

    Disclaimer

    This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

    • Document ID:000020787
    • Creation Date: 12-Dec-2023
    • Modified Date:12-Dec-2023
      • SUSE NeuVector

    < Back to Support Search

    For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

    SUSE Support Forums

    Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

    Join Our Community

    Support Resources

    Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


    SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
    Support FAQ

    Open an Incident

    Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

    Go to Customer Center