Update the Root User Password

This page describes how to change the passwords for the root user for the Controller. 

Root User and Account Owners

The root user is a built-in Controller user with global administrator privileges in the Controller environment. Only the root user can access the System Administration Console, where you can create and manage accounts in multi-tenant Controllers and configure global Controller settings in both single- or multi-tenant Controllers. 

The root user is a superuser for the Controller. Unlike other types of users, you cannot remove the root user account or create other superuser accounts in the Controller. The password for the root user is set during installation, but you can change the root password in the Administration Console. 

While the root user has global administrative privileges, account administrators act as administrators only within individual accounts in a multi-tenant Controller. It's typically the role of the root user to create accounts and an initial administrator for the account, and the role of each account administrator to create additional users within the account. See Roles and Permissions and Manage Users and Groups.

Change the Controller Root User Password

You can change the root user password from the AppDynamics Administration Console page.

To change the root user password:

1. Log in to the administration console as described in Access the Administration Console.
2. Click Settings  and choose My Settings.
3. Click Edit > Change Password.
4. Type the new password for the root user in the New Password and Repeat New Password fields.
5. Click Save. 

Logging in to the Administration Console requires you to have the root user password. If you do not have the root user password, you need to reset it.

Reset Root User Password

If you have lost the AppDynamics root user password for your installation and need to reset it, follow these steps:

1. From the command line, change to the Controller's bin directory. For example, on Linux:

   cd <controller_home>/bin

2. Use the following script to log in to the Controller database of the Controller;
   • For Windows: controller.bat login-db
   • For Linux: sh controller.sh login-db
   You will see a MySQL prompt.

3. After running the script, you will be prompted to enter a password. Enter the root password for the Controller database.

4. From the MySQL prompt, enter the following SQL command to get root user details:

   select * from user where name='root' \G;

5. Use the following SQL command to change the password: 

   update user set encrypted_password = sha1('<NewPassword>') where name = 'root';

   The hash for the password will be upgraded to PBKDF2 when you log in.

6. Restart the Appserver.

For information on setting the database root user password, see Controller Data and Backups. 

Change the Controller Database Root User Password

If the Enterprise Console has NOT discovered the Controller:

• Downtime is required to change the Controller database root user password. If you have installed a Controller HA pair, you must disable auto-failover to avoid an accidental failover while changing the password. For more details, see Automatic Failover.  
• You need to change the password on both of the Controller HA pairs.

To change the Controller database root user password:

1. Log in to the Controller host. From a command line, enter:
   

   cd <controller_home_dir>

2. To stop the App Server and the database, enter:
   

   bin/controller.sh stop

   

   If you are using MS Windows, you must use the Windows services to stop the Controller.

3. To start the database in insecure mode, enter: 
   

   bin/controller.{sh|bat} start-db insecure

   
   The insecure option starts the database without password requirements. Use this option only to reset the password for the database. The option is similar to starting MySQL with the --skip-grant-tables option.

4. To log in to the database, enter: 
   

   bin/controller.{sh|bat} login-db insecure

5. Use MySQL to run the following commands:

   1. To specify the Controller database, enter: 
      

      use mysql;

   2. To reload the MySQL grant tables, enter: 


      FLUSH PRIVILEGES;

   3. To determine your MySQL version, enter:


      select version();

   4. Based on which MySQL version you are using:

      update mysql.user set password=password('<new-password-here>') where user like 'root%';

      update mysql.user set authentication_string=password('<new-password-here>') where user like 'root%';

      flush privileges;
      alter user 'root'@'localhost' identified by '<new-password-here>';
      alter user 'root'@'127.0.0.1' identified by '<new-password-here>';
      alter user 'root'@'::1' identified by '<new-password-here>'; 

   5. To reload the MySQL grant tables, enter: 

      FLUSH PRIVILEGES;

   6. To exit MySQL, enter: 


      quit

6. To stop the database, enter: 
   

   bin/controller.{sh|bat} stop-db

7. To start the App Server, enter: 
   

   bin/controller.sh start

   

   If you are using MS Windows, you must use the Windows services to start the Controller.

   

   In the case of a Controller HA pair, generate an obfuscated password file for the Controller Database root user using the below command on the primary Controller server. This command will generate the password file on both primary and secondary Controller servers.

   controller-ha/set_mysql_password_file.sh -p <new-password-here> -s <secondary_controller_hostname> 

If the Enterprise Console has discovered the Controller: 
To update the Controller database root password with the following steps:

1. Log in to the Enterprise Console and select the desired platform. 

2. Select Configurations > Controller Settings > Database Configurations. 
3. Enter the new password in New password for Controller DB root user. 
4. Reenter the password in Confirm New password for Controller DB root user. 
5. Select Save. 

The password change takes immediate effect. 

If you previously disabled auto-failover, you should now enable it.

Change the Controller DB User Password

Downtime is required to change the Controller database root user password. If you have installed a Controller HA pair, you must disable auto-failover to avoid an accidental failover while changing the password. For more details about disabling auto-failover, see Automatic Failover.  

To change the Controller DB user password:

1. Log in to the Enterprise Console and select the desired platform. 

2. Select Configurations > Controller Settings > AppServer Configurations.
3. In the Basic tab, enter the new password in New password for Controller DB user.
4. Re-enter the password in Confirm New password for Controller DB user.
5. Click Save. 

The password change takes immediate effect.