Resetting the Superuser

ENTERPRISE

You can reset an existing user or create a new user with the DC/OS reset superuser script. This is helpful if the superuser account becomes locked or invalid.

Prerequisite: You must have SSH access to the DC/OS cluster.

  1. SSH to the master node.

    dcos node ssh --master-proxy --leader
    
  2. Navigate to /opt/mesosphere/active/bouncer/bouncer/bin/ and run the reset-superuser script with the username (<username>) specified.

    sudo /opt/mesosphere/bin/dcos-shell /opt/mesosphere/active/bouncer/bouncer/bin/reset-superuser <username>
    
  3. Enter the new password for the user and follow the prompts to complete the procedure.

    Type superuser password: 
    Retype superuser password: 
    

    For an existing user, the out should resemble:

    170518-22:11:11.630 INFO: Attempt to create user with uid `<username>`.
    170518-22:11:12.111 INFO: User already exists.
    170518-22:11:12.111 INFO: Update password for user with uid `<username>`.
    170518-22:11:12.597 INFO: Password updated.
    170518-22:11:12.597 INFO: Attempt to create ACL with rid `dcos:superuser`.
    170518-22:11:12.668 INFO: ACL already exists.
    170518-22:11:12.668 INFO: Attempt to create group with gid `superusers`.
    170518-22:11:12.735 INFO: Group already exists.
    170518-22:11:12.735 INFO: Attempt to assign superuser privileges to the superusers group.
    170518-22:11:12.803 INFO: Permission is already set.
    170518-22:11:12.803 INFO: Attempt to put uid `<username>` into the superusers group.
    170518-22:11:12.877 INFO: User added to group.
    170518-22:11:12.877 INFO: Done.