How to Recover Operations Manager Admin Password
search cancel

How to Recover Operations Manager Admin Password

book

Article ID: 293424

calendar_today

Updated On:

Products

Operations Manager

Issue/Introduction

This article applies to the Cloud Foundry (TAS) versions 1.10x and above.
 

When the user forgets the Operations Manager admin password, the following procedure can be used to recover or reset the admin password.

Note: This process applies only to Operations Manager when it is configured to use an internal password store. Users who set up the SAML-based authentication will not be able to use this process. These users will need to follow the password reset or recovery options provided through their Corp SAML provider. Alternatively, users can put Operations Manager into rescue mode and disable SAML authentication, which reverts Operations Manager back to the internal password store.

 

Resolution

Recovering the installed password from uaa.yml

If, by chance, you have never changed the Operations Manager password after the initial install, then the procedure below is the preferred method:

1. SSH into Operations Manager and locate the file:

sudo less /home/tempest-web/ramdisk/uaa/config/uaa.yml


2. Navigate to line "users:" and note the admin password for Operations Manager. In the example below, the admin password is "example":

users:
  - admin|example|[email protected]|OpsMan|Admin|opsman.admin,scim.read,scim.write,uaa.admin


3. Attempt to use that password to login.


Manually Resetting the Admin Password

If you have changed the password since installation, then you can revert back to the installed password found in the uaa.yml.

1. SSH into Operations Manager and change to the following working directory:

cd /home/tempest-web/uaa/tomcat


2. Stop Operations Manager service:

sudo service tempest-web stop


3. Edit "/home/tempest-web/ramdisk/uaa/config/uaa.yml" and set "scim.user.override => true" as per the following example. scim.user.override will overwrite users stored in the UAA Database with what is defined in the scim.users list during start up. 

 
Note: When editing yml files, spacing matters and in this case, a single indent is equivalent to 2 spaces.
scim:
  user:
   override: true
  users:
  - admin|example|[email protected]|OpsMan|Admin|opsman.admin,scim.me,uaa.admin,clients.admin
 
4. We cannot start Operations Manager here because it will remove any changes made to uaa.yml. Hence, we will have to start UAA manually:
sudo CLOUDFOUNDRY_CONFIG_PATH=/home/tempest-web/ramdisk/uaa/config JAVA_OPTS=-Djava.security.egd=file:/dev/urandom CATALINA_OPTS="-Xmx768m -XX:MaxPermSize=256m" bin/catalina.sh run
    *Note: Depending on Opsman config/version, the user may need to remove <-XX:MaxPermSize=256m"> from the above command in order for the command to work.

5. From a new terminal verify that you can get an access token with the new password "example":
~$ uaac target https://${OPSMAN Hostname}/uaa

~$ uaac token owner get
Client ID:  opsman
Client secret:
User name:  admin
Password:  example

6. If getting the access token was successful then proceed to quit the UAA process by performing Ctrl+C from the terminal were catalina.sh was executed from

7. Start Operations Manager back up. This will automatically regenerate "/home/tempest-web/ramdisk/uaa/config/uaa.yml" and remove any changes made in our previous steps:
sudo service tempest-web start 

8. Proceed to log in to Operations Manager using the password defined in scim.users.admin which, in our example is "example".



Powered by Wolken Software