Resetting the Superuser

ENTERPRISE

Reset an existing user or create a new user with the DC/OS reset superuser script

You can reset an existing user or create a new user with the DC/OS reset superuser script. This is helpful if the superuser account becomes locked or invalid.

Prerequisite: You must have SSH access to the DC/OS cluster.

  1. SSH to the master node using the method of your choice.

    For example:

    1. dcos node ssh --master-proxy --leader

  2. Navigate to /opt/mesosphere/active/bouncer/bouncer/bin/ and run the reset-superuser script with the username (<username>) specified.

    1. sudo /opt/mesosphere/bin/dcos-shell /opt/mesosphere/active/bouncer/bouncer/bin/reset-superuser <username>

  3. Enter the new password for the user and follow the prompts to complete the procedure.

    1. Type superuser password:
    2. Retype superuser password:

    For an existing user, the output should resemble:

    1. 170518-22:11:11.630 INFO: Attempt to create user with uid `<username>`.
    2. 170518-22:11:12.111 INFO: User already exists.
    3. 170518-22:11:12.111 INFO: Update password for user with uid `<username>`.
    4. 170518-22:11:12.597 INFO: Password updated.
    5. 170518-22:11:12.597 INFO: Attempt to create ACL with rid `dcos:superuser`.
    6. 170518-22:11:12.668 INFO: ACL already exists.
    7. 170518-22:11:12.668 INFO: Attempt to create group with gid `superusers`.
    8. 170518-22:11:12.735 INFO: Group already exists.
    9. 170518-22:11:12.735 INFO: Attempt to assign superuser privileges to the superusers group.
    10. 170518-22:11:12.803 INFO: Permission is already set.
    11. 170518-22:11:12.803 INFO: Attempt to put uid `<username>` into the superusers group.
    12. 170518-22:11:12.877 INFO: User added to group.
    13. 170518-22:11:12.877 INFO: Done.