Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update MxAdmin password without restarting the container #162

Open
scchengaiah opened this issue Mar 9, 2023 · 2 comments
Open

Update MxAdmin password without restarting the container #162

scchengaiah opened this issue Mar 9, 2023 · 2 comments

Comments

@scchengaiah
Copy link

Hello everyone,
We use ADMIN_PASSWORD env variable to set the MxAdmin password.

We are in a situation to change this without bringing the application down.

Is there any other possibility to change this via some API ?
@mattmarich-wrstbnd
Copy link

@scchengaiah
I wrote a python script to rotate the passwords since there's nothing included in the buildpack for this specific scenario, I run the following using a kubernetes job which I pass in the adminUsername, m2eeEndpoint (which is the nginx _mxadmin upsteam), and newAdminPassword (so we can rotate our credentials on a schedule). Hopefully this saves you some time!

#!/usr/bin/env python3
import os
import sys
from lib.m2ee.client import M2EEClient
import warnings
with warnings.catch_warnings():
  warnings.filterwarnings("ignore",category=DeprecationWarning)
  import crypt # Use same package/logic as docker-mendix-buildpack, when they move to python3.13 update package and htpasswd logic.

required_vars = ['adminUsername', 'm2eeEndpoint', 'newAdminPassword']

for var in required_vars:
  if os.environ.get(var) is None:
    print(f"Error: Environment variable '{var}' is not set.")
    sys.exit(1)

admin_username=os.environ['adminUsername']
current_admin_password=os.environ['ADMIN_PASSWORD']
m2ee_endpoint=os.environ['m2eeEndpoint']
new_admin_password=os.environ['newAdminPassword']
pod_index=int(os.environ['CF_INSTANCE_INDEX'])

if pod_index == 0:
  print("Pod Index:0, Updating M2EE Password in Database")
  m2ee_client = M2EEClient(url=m2ee_endpoint, password=current_admin_password)

  print("Updating Admin Password in Database")
  m2eeresponse = m2ee_client.update_admin_user({
    "username": admin_username,
    "password": new_admin_password,
  })
  if m2eeresponse.has_error():
    m2eeresponse.display_error()
    os._exit(1)
  else:
    print("Admin Password Updated in Database")

print("Updating Admin Password in Nginx")
with open("/opt/mendix/build/nginx/.htpasswd", "w") as file_handler:
  file_handler.write(
    f"{admin_username}:{crypt.crypt(new_admin_password, crypt.mksalt(crypt.METHOD_SHA512))}\n"
  )
file_handler.close()

@scchengaiah
Copy link
Author

scchengaiah commented Apr 3, 2024
edited
Loading

@mattmarich-wrstbnd
Appreciate your effort on coming up with the script for credential rotation. We shall try this in our environment. Thank you 🙂🤝

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@scchengaiah @mattmarich-wrstbnd