After Upgrade, Admin Password Needs To Be Reset

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.

Other

13.74k stars 3.38k forks source link

After Upgrade, Admin Password Needs To Be Reset #5825

Closed andrew-landsverk-win closed 3 years ago

andrew-landsverk-win commented 4 years ago

ISSUE TYPE

Bug Report

SUMMARY

I've noticed with my last two updates, to 9.1.0 and to 9.1.1, following the upgrade I need to open a console to awx-web and run awx-manage changepassword admin to fix my password. I am using the official instructions to provide a vars file with the admin_password key defined.

ENVIRONMENT

AWX version: >= 9.1.0
AWX install method: kubernetes
Ansible version: 2.9.x
Operating System:
Web Browser:

STEPS TO REPRODUCE

Run update from 9.1.0, with a vars file defining admin_password
Can no longer login with admin credentials after update

EXPECTED RESULTS

Admin credentials still work as before

ACTUAL RESULTS

ADDITIONAL INFORMATION

margani commented 4 years ago

Also if you are doing this using a script or in the CD pipeline which there is no interctivity, it's better to do the following, so it doesn't show any prompt.

awx-manage migrate
awx-manage createsuperuser --username=admin --email=admin@example.com --noinput
awx-manage update_password --username=admin --password=changeme

or in the kubernetes:

kubectl exec -ti taskpodname -- awx-manage migrate
kubectl exec -ti taskpodname -- awx-manage createsuperuser --username=admin --email=admin@example.com --noinput
kubectl exec -ti taskpodname -- awx-manage update_password --username=admin --password=changeme

andrew-landsverk-win commented 4 years ago

I'm doing kubectl exec and opening a shell, then running awx-manage. However, the issue here is that upon upgrade, the existing admin user password is getting reset to something that it shouldn't be.

margani commented 4 years ago

I'm doing kubectl exec and opening a shell, then running awx-manage. However, the issue here is that upon upgrade, the existing admin user password is getting reset to something that it shouldn't be.

Yes I know, I am facing the same issue, and I thought it would be helpful for people who get stuck like me. I know it's not a solution but a workaround.

tcd156 commented 3 years ago

Heads up, I was unaware that this was the case, and after upgrading, our servers were hit with an automated cryptojacking attack.

At the very least, this should be made much more obvious. Having a crypto miner installed on our servers was fortunately much less nefarious than it could have been, but I was pretty surprised to see the default admin user being created again.

shanemcd commented 3 years ago

When using a vars file, it appears the default value from the inventory file must take precedence. I've opened up https://github.com/ansible/awx/pull/9111 which completely removes the default value, and forces users to provide it.

shanemcd commented 3 years ago

PR linked above has been merged. Next version of AWX will be out sometime this week.

tcd156 commented 3 years ago

Thanks @shanemcd!