From 4e023a9b44efc586db4a1544da36839493be9b0c Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Tue, 17 Sep 2024 16:26:47 +0100 Subject: [PATCH 1/2] Add note on id of grafana_local_admin account --- doc/source/operations/secret-rotation.rst | 28 ++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/doc/source/operations/secret-rotation.rst b/doc/source/operations/secret-rotation.rst index a2dad9b80..0b55a9eaf 100644 --- a/doc/source/operations/secret-rotation.rst +++ b/doc/source/operations/secret-rotation.rst @@ -74,7 +74,7 @@ Full method the state of the cloud before any changes are made 2. Edit your Kolla-Ansible checkout to include changes not yet included - upstream. + upstream. .. _kolla-change: @@ -98,7 +98,7 @@ Full method .. code:: bash git fetch https://review.opendev.org/openstack/kolla-ansible refs/changes/78/903178/2 && git cherry-pick FETCH_HEAD - + 3. Re-install Kolla-Ansible from source in your Kolla-Ansible Python environment @@ -129,7 +129,7 @@ Full method ^redis_master_password ^memcache_secret_key _ssh_key - + private_key public_key ^$ @@ -234,6 +234,28 @@ Full method grafana-cli admin reset-admin-password --password-from-stdin + .. note:: + + If you see an error ``Error: ✗ could not read user from database. Error: user not found`` + from Grafana CLI, it means that the ID of ``grafana_local_admin`` + is not 1 (The default value used with password reset command). + You can find the ID of ``grafana_local_admin`` by accessing MariaDB. + + .. code:: sql + + # Enter MariaDB with + docker exec -u 0 -it mariadb bash + mysql grafana -p + # Enter database password when prompted + + SELECT id,login FROM user WHERE login = "grafana_local_admin"; + + Once you get the ID, run the password reset with user-id option + + .. code:: bash + + grafana-cli admin reset-admin-password --user-id --password-from-stdin + 12. Update the MariaDB database password 1. Generate a new secret: From e4cb3685cf66071412a03fb07b4ddb337583b933 Mon Sep 17 00:00:00 2001 From: Seunghun Lee Date: Wed, 18 Sep 2024 10:41:45 +0100 Subject: [PATCH 2/2] Update grafana_admin_password section Updating the procedure instead of adding a note --- doc/source/operations/secret-rotation.rst | 35 +++++++++-------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/doc/source/operations/secret-rotation.rst b/doc/source/operations/secret-rotation.rst index 0b55a9eaf..a01f66fa9 100644 --- a/doc/source/operations/secret-rotation.rst +++ b/doc/source/operations/secret-rotation.rst @@ -222,39 +222,32 @@ Full method 2. Update the value of ``grafana_admin_password`` in ``passwords.yml`` - 3. Exec into the Grafana container on a controller + 3. Exec into the MariaDB container on a controller then login to MariaDB .. code:: bash - sudo docker exec -it grafana bash - - 4. Run the password reset command, then enter the new password - - .. code:: bash + sudo docker exec -u 0 -it mariadb bash + (mariadb) mysql grafana -p + # Enter database password when prompted - grafana-cli admin reset-admin-password --password-from-stdin + 4. Query for the ID of ``grafana_local_admin`` - .. note:: + .. code:: sql - If you see an error ``Error: ✗ could not read user from database. Error: user not found`` - from Grafana CLI, it means that the ID of ``grafana_local_admin`` - is not 1 (The default value used with password reset command). - You can find the ID of ``grafana_local_admin`` by accessing MariaDB. + SELECT id,login FROM user WHERE login = "grafana_local_admin"; + # Take a note of this ID - .. code:: sql + 5. Exec into the Grafana container on a controller - # Enter MariaDB with - docker exec -u 0 -it mariadb bash - mysql grafana -p - # Enter database password when prompted + .. code:: bash - SELECT id,login FROM user WHERE login = "grafana_local_admin"; + sudo docker exec -it grafana bash - Once you get the ID, run the password reset with user-id option + 6. Run the password reset command, then enter the new password - .. code:: bash + .. code:: bash - grafana-cli admin reset-admin-password --user-id --password-from-stdin + grafana-cli admin reset-admin-password --user-id --password-from-stdin 12. Update the MariaDB database password