docker-mendix-buildpack icon indicating copy to clipboard operation
docker-mendix-buildpack copied to clipboard

Published 20 hours ago verified publisher icon mendix

Update MxAdmin password without restarting the container

Open scchengaiah opened this issue 1 year ago • 2 comments

Hello everyone, We use ADMIN_PASSWORD env variable to set the MxAdmin password.

We are in a situation to change this without bringing the application down.

Is there any other possibility to change this via some API ?

scchengaiah avatar Mar 09 '23 09:03 scchengaiah

@scchengaiah I wrote a python script to rotate the passwords since there's nothing included in the buildpack for this specific scenario, I run the following using a kubernetes job which I pass in the adminUsername, m2eeEndpoint (which is the nginx _mxadmin upsteam), and newAdminPassword (so we can rotate our credentials on a schedule). Hopefully this saves you some time!

#!/usr/bin/env python3
import os
import sys
from lib.m2ee.client import M2EEClient
import warnings
with warnings.catch_warnings():
  warnings.filterwarnings("ignore",category=DeprecationWarning)
  import crypt # Use same package/logic as docker-mendix-buildpack, when they move to python3.13 update package and htpasswd logic.

required_vars = ['adminUsername', 'm2eeEndpoint', 'newAdminPassword']

for var in required_vars:
  if os.environ.get(var) is None:
    print(f"Error: Environment variable '{var}' is not set.")
    sys.exit(1)

admin_username=os.environ['adminUsername']
current_admin_password=os.environ['ADMIN_PASSWORD']
m2ee_endpoint=os.environ['m2eeEndpoint']
new_admin_password=os.environ['newAdminPassword']
pod_index=int(os.environ['CF_INSTANCE_INDEX'])

if pod_index == 0:
  print("Pod Index:0, Updating M2EE Password in Database")
  m2ee_client = M2EEClient(url=m2ee_endpoint, password=current_admin_password)

  print("Updating Admin Password in Database")
  m2eeresponse = m2ee_client.update_admin_user({
    "username": admin_username,
    "password": new_admin_password,
  })
  if m2eeresponse.has_error():
    m2eeresponse.display_error()
    os._exit(1)
  else:
    print("Admin Password Updated in Database")

print("Updating Admin Password in Nginx")
with open("/opt/mendix/build/nginx/.htpasswd", "w") as file_handler:
  file_handler.write(
    f"{admin_username}:{crypt.crypt(new_admin_password, crypt.mksalt(crypt.METHOD_SHA512))}\n"
  )
file_handler.close()

mattmarich-wrstbnd avatar Apr 02 '24 18:04 mattmarich-wrstbnd

@mattmarich-wrstbnd Appreciate your effort on coming up with the script for credential rotation. We shall try this in our environment. Thank you 🙂🤝

scchengaiah avatar Apr 03 '24 13:04 scchengaiah