Context
If user-admin role to admin user is revoked by mistake, then one will not be able to create or add any new roles to an existing user. This article explains how to work around this situation. If there is no other user with user-admin role then basically one will be stuck.
Method
- Shut down one node.
- Change the cluster-name to a different cluster-name in the config, so that the node doesn't join the cluster.
- Remove the security.smd file which will be in /opt/aerospike/smd/ directory.
- Start the node, now the node would have come up with the default admin role and default password, this node will not join the cluster as the cluster-name is different.
- We will not see the security.smd now as the node is afresh.
- Go to asadm and grant some roles to the admin user, or create a dummy user if you can, this is to make sure that we generate a security.smd.
https://aerospike.com/docs/server/operations/configure/security/access-control#roles - Open the security.smd and increase the generation greater than the other nodes for the user that has user-admin permissions.
{
"key": "test|P",
"value": "$2a$10$7EqJtq98hPqEX7fNZaFWoOU4Rn.f3DX0Z38lDGiUMPCvtmdP43AAm",
"generation": 8,
"timestamp": 493416976337
},
- Shut down the node, edit the config file and remove the cluster-name.
- Start the node and now we will have the admin user with admin roles.
Applies To Earliest Version
Current Version
Applies To Latest Version
Current Version
