Locked out of my production Environment

trellis
,
1

I provisioned a website on a digitalocean VPS, which default user is “root” instead of “admin”.
I provisioned and deployed with the setting sshd_permit_root_login set to true.

A few days later, with the site now up and running, I thought it be a good idea to set that setting to false… Forgetting that my admin user is “root”… Oups.

I’m now locked out. I tried ssh-ing using the web user then sudo, but it asks for a password that does not exist…

The only option I have is to reset the root password using digitalocean control panel, but that creates downtime.

Do you see any other option that would not involve downtime (apart from setting up a new VPS!) ?

2

You could spin up a 2nd instance, point the domain to it (DNS) and then destroy the old one.

1 Like
3

Thank you, but that’s the one option i’d rather not consider. This site’s migration is a PITA.

4

Why is the migration hard in this case? Database and uploads/ files can be transferred using a script.

5

Hold up. “admin” is still created when you provision a VPS — that’s done by Trellis.

Sure it does. Do ansible-vault view group_vars/<environment>/vault.yml and then copy the admin user password at the top.

It’s pretty brief.

4 Likes
6

Thanks a lot that solved it!