change-root-password

Description

Change the root password for a node on a host.

Note: The change-root-password command can only be run on nodes in a running process state.

The --password flag is required and specifies the new SingleStore root password to be configured. Note that the MEMSQL_PASSWORD environment variable is a safer alternative option for setting the password.

Be sure to wrap the password with single quotes (') to avoid having the shell interpret special characters in the password.

The root password is stored in the following places:

  • In a cluster metadata, which is used by a cluster to verify incoming connections.

  • In the nodeMetadataFile on each host (run memsqlctl env to display the path to the file) , which is used by Toolbox to connect to a node.

The change-root-password command can be used in the following cases:

  • If the nodeMetadataFile is in sync with the cluster metadata, the command will update the password in both the cluster metadata and the nodeMetadataFile by calling:

    SET PASSWORD FOR 'root'@<host> = PASSWORD(<new password>)

  • If the nodeMetadataFile is no longer in sync with the cluster and the nodes have become inaccessible (such as when the password is changed without using Toolbox), the command will update the password only in the nodeMetadataFile and only if the provided password matches the password in the cluster metadata.

Toolbox encrypts passwords when sending data to a remote host. If the encryption key is broken on a remote host, it must be fixed with the following command:

sdb-admin change-root-password --fix-secure-key --ctl-host <host>

After running this command, the user must also set the root password for each node on that host as the nodeMetadataFile will be out of sync with the cluster metadata.

Usage

Usage:
  sdb-admin change-root-password [flags]

  For flags that can accept multiple values (indicated by VALUES after the name of the flag),
  separate each value with a comma.

Flags:
  -a, --all                  Change the database root password of all nodes in the cluster
      --fix-secure-key       Reset the secure key
  -h, --help                 Help for change-root-password
      --memsql-id MemsqlID   The node ID of the node on which to change the root password
      --password STRING      The new database root password for the node. If a password is specified on the command line, it must not contain an unescaped '$' character as it will be replaced by the shell

Global Flags:
      --backup-cache FILE_PATH                File path for the backup cache
      --cache-file FILE_PATH                  File path for the Toolbox node cache
  -c, --config FILE_PATH                      File path for the Toolbox configuration
      --disable-colors                        Disable color output in console, which some terminal sessions/environments may have difficulty with
      --disable-spinner                       Disable the progress spinner, which some terminal sessions/environments may have issues with
  -j, --json                                  Enable JSON output
      --parallelism POSITIVE_INTEGER          Maximum number of operations to run in parallel
      --runtime-dir DIRECTORY_PATH            Where to store Toolbox runtime data
      --ssh-control-persist SECONDS           Enable SSH ControlPersist and set it to the specified duration in seconds
      --ssh-max-sessions POSITIVE_INTEGER     Maximum number of SSH sessions to open per host, must be at least 3
      --ssh-strict-host-key-checking          Enable strict host key checking for SSH connections
      --ssh-user-known-hosts-file FILE_PATH   Path to the user known_hosts file for SSH connections. If not set, /dev/null will be used
      --state-file FILE_PATH                  Toolbox state file path
  -v, --verbosity count                       Increase logging verbosity: valid values are 1, 2, 3. Usage -v=count or --verbosity=count
  -y, --yes                                   Enable non-interactive mode and assume the user would like to move forward with the proposed actions by default

Remarks

This command is interactive unless you use either --yes or --json flag to override interactive behavior.

Last modified: October 6, 2023

Was this article helpful?