Support Questions

Jacqueline · ‎08-20-2017

Hi ,

I am using mysql as the database for Ambari Version2.4.2.0.

Would like to change Ambari database user password.

From mysql we can change the password. That is easy.

Question is how to update the

1) -- server.jdbc.rca.user.passwd=${alias=ambari.db.password}

2) -- server.jdbc.user.passwd=${alias=ambari.db.password}

in the file /etc/ambari-server/conf/ambari.properties

Note, i am not trying to change Ambari admin password, which is used to login to Ambari UI

Please help

Regards

JJ

jsensharma · ‎08-20-2017

@Jacqualin jasmin

As we see that your passwords are encrypted, Because you mght have the "security.passwords.encryption.enabled" property set to true inside your ambari.properties.

# grep 'passwd' /etc/ambari-server/conf/ambari.properties 
server.jdbc.rca.user.passwd=${alias=ambari.db.password}
server.jdbc.user.passwd=${alias=ambari.db.password}

Assuming you remember your old ambari db pasword (by default it shoudl be "bigdata"), And you want to change the DB password to something new like "bigdata_new"

# mysql -u ambari -p 
Enter password: bigdata
mysql> use ambari;
mysql> SET PASSWORD FOR 'ambari'@'localhost' = PASSWORD('bigdata_new');
mysql> SET PASSWORD FOR 'ambari'@'%' = PASSWORD('bigdata_new');
mysql> SET PASSWORD FOR 'ambari'@'standaloneambari1.example.com' = PASSWORD('bigdata_new');
mysql> FLUSH PRIVILEGES;

REMEMBER: in the following statement you will need to enter your ambari DB hostname while resetting the DB password. Here standalone1.example.com is the FQDN (hostname -f) where my MySQL DB was running.

mysql> SET PASSWORD FOR 'ambari'@'standaloneambari1.example.com' = PASSWORD('bigdata_new');

.

Steps from ambari side:

First of all please take a backup of ambari properties file

# cp -f /etc/ambari-server/conf/ambari.properties  /etc/ambari-server/conf/ambari.properties.ORIGINAL

.

Once the password is changed from the DB side then edit the "/etc/ambari-server/conf/ambari.properties" file and change the value of "server.jdbc.rca.user.passwd" and "server.jdbc.user.passwd" property as following:

# grep 'passwd' /etc/ambari-server/conf/ambari.properties 
server.jdbc.rca.user.passwd=/etc/ambari-server/conf/password.dat 
server.jdbc.user.passwd=/etc/ambari-server/conf/password.dat

Create a file with name "/etc/ambari-server/conf/password.dat" and enter the new Ambari Database password there. Like:

# echo "bigdata_new" > /etc/ambari-server/conf/password.dat 
# cat  /etc/ambari-server/conf/password.dat 
bigdata_new

Restart ambari server to see if it is starting fine with the newly retested ambari db password or not?

# ambari-server restart

.

If everything is OK so far then do the following:
If ambari server starts fine then we can now proceed with "Encrypting the password" again using "ambari-server setup-security" option [2] Encrypt passwords stored in ambari.properties file.

# ambari-server setup-security
Using python  /usr/bin/python
Security setup options...
===========================================================================
Choose one of the following options: 
  [1] Enable HTTPS for Ambari server.
  [2] Encrypt passwords stored in ambari.properties file.
  [3] Setup Ambari kerberos JAAS configuration.
  [4] Setup truststore.
  [5] Import certificate to truststore.
===========================================================================
Enter choice, (1-5): 2
Password encryption is enabled.
Do you want to reset Master Key? [y/n] (n): n
Adjusting ambari-server permissions and ownership...
Ambari Server 'setup-security' completed successfully.

Once this is done we should see that the password is again encrypted.

# grep 'passwd' /etc/ambari-server/conf/ambari.properties 
server.jdbc.rca.user.passwd=${alias=ambari.db.password}
server.jdbc.user.passwd=${alias=ambari.db.password}

.

Now restart ambari server

# ambari-server restart

.

View solution in original post

jsensharma · ‎08-20-2017

@Jacqualin jasmin

As we see that your passwords are encrypted, Because you mght have the "security.passwords.encryption.enabled" property set to true inside your ambari.properties.

# grep 'passwd' /etc/ambari-server/conf/ambari.properties 
server.jdbc.rca.user.passwd=${alias=ambari.db.password}
server.jdbc.user.passwd=${alias=ambari.db.password}

Assuming you remember your old ambari db pasword (by default it shoudl be "bigdata"), And you want to change the DB password to something new like "bigdata_new"

# mysql -u ambari -p 
Enter password: bigdata
mysql> use ambari;
mysql> SET PASSWORD FOR 'ambari'@'localhost' = PASSWORD('bigdata_new');
mysql> SET PASSWORD FOR 'ambari'@'%' = PASSWORD('bigdata_new');
mysql> SET PASSWORD FOR 'ambari'@'standaloneambari1.example.com' = PASSWORD('bigdata_new');
mysql> FLUSH PRIVILEGES;

REMEMBER: in the following statement you will need to enter your ambari DB hostname while resetting the DB password. Here standalone1.example.com is the FQDN (hostname -f) where my MySQL DB was running.

mysql> SET PASSWORD FOR 'ambari'@'standaloneambari1.example.com' = PASSWORD('bigdata_new');

.

Steps from ambari side:

First of all please take a backup of ambari properties file

# cp -f /etc/ambari-server/conf/ambari.properties  /etc/ambari-server/conf/ambari.properties.ORIGINAL

.

Once the password is changed from the DB side then edit the "/etc/ambari-server/conf/ambari.properties" file and change the value of "server.jdbc.rca.user.passwd" and "server.jdbc.user.passwd" property as following:

# grep 'passwd' /etc/ambari-server/conf/ambari.properties 
server.jdbc.rca.user.passwd=/etc/ambari-server/conf/password.dat 
server.jdbc.user.passwd=/etc/ambari-server/conf/password.dat

Create a file with name "/etc/ambari-server/conf/password.dat" and enter the new Ambari Database password there. Like:

# echo "bigdata_new" > /etc/ambari-server/conf/password.dat 
# cat  /etc/ambari-server/conf/password.dat 
bigdata_new

Restart ambari server to see if it is starting fine with the newly retested ambari db password or not?

# ambari-server restart

.

If everything is OK so far then do the following:
If ambari server starts fine then we can now proceed with "Encrypting the password" again using "ambari-server setup-security" option [2] Encrypt passwords stored in ambari.properties file.

# ambari-server setup-security
Using python  /usr/bin/python
Security setup options...
===========================================================================
Choose one of the following options: 
  [1] Enable HTTPS for Ambari server.
  [2] Encrypt passwords stored in ambari.properties file.
  [3] Setup Ambari kerberos JAAS configuration.
  [4] Setup truststore.
  [5] Import certificate to truststore.
===========================================================================
Enter choice, (1-5): 2
Password encryption is enabled.
Do you want to reset Master Key? [y/n] (n): n
Adjusting ambari-server permissions and ownership...
Ambari Server 'setup-security' completed successfully.

Once this is done we should see that the password is again encrypted.

# grep 'passwd' /etc/ambari-server/conf/ambari.properties 
server.jdbc.rca.user.passwd=${alias=ambari.db.password}
server.jdbc.user.passwd=${alias=ambari.db.password}

.

Now restart ambari server

# ambari-server restart

.

Jacqueline · ‎09-07-2017

Thank Jay for your perfect solution.

raghu9raghavend · ‎07-27-2018

@Jay Kumar SenSharma

will it work for postgres too?

thanks

Cloudera Community

Support Questions

how to reset ambari.db.password password.