How to Override Bosh VCAP password of an on demand service
search cancel

How to Override Bosh VCAP password of an on demand service

book

Article ID: 293541

calendar_today

Updated On:

Products

Operations Manager

Issue/Introduction

Symptoms:

By default On Demand Services do not provide access to the vcap user password. This article describes a procedure to override the vcap password generated by the bosh director.

This can be useful in cases where an Operator needs to gain direct access to the deployed VM when bosh ssh is not working because instance is in an unresponsive state.

Environment


Resolution

 Note: If for some reason you are not able to download the complete manifest because this is the first time the on demand service is being deployed then you can copy a manifest from a good deployment and change the deployment name along with any references to the deployment throughout the manifest. 

  • Find the service deployments GUID 
    cf service MY-INSTANCE --guid
11fc56eb-1f89-4e98-a1b2-3c65667412d2
  • With the service instance GUID we can build the deployment name as service-instance_. Here is an example passed on the previous step 
    service-instance_11fc56eb-1f89-4e98-a1b2-3c65667412d2
  • Download the manifest from the service deployment 
    bosh2 -e myenv -d service-instance_11fc56eb-1f89-4e98-a1b2-3c65667412d2 manifest > service-instance_11fc56eb-1f89-4e98-a1b2-3c65667412d2.yml
  • Generate a password for the vcap user. This requires the "whois" package is installed. In this example the password will be "boshbosh" 
    ~$ mkpasswd -s -m sha-512 boshbosh
$6$H########H/YR.$uqC2eeHS#############ygadE8Du#################v.LAs2DltR##################
  • Modify the service deployment manifest and add the "env->bosh->password" key under "instance_groups->name-of-instance". In this example we will use a redis deployment and set the password ot "boshbosh". 
    instance_groups:
- name: redis-instance
  instances: 1
  env:
    bosh:
      password: $6$H######FH/YR.$uqC2ee#########w1smtT.MJtCzM/X#####################rp1v.LAs2DltR########jf50
  • Deploy the manifest changes 
    bosh2 -e myenv -d service-instance_11fc56eb-1f89-4e98-a1b2-3c65667412d2 deploy service-instance_11fc56eb-1f89-4e98-a1b2-3c65667412d2.yml
  • Get the IP address of the redis instance that we just updated 
    bosh2 -e myenv -d service-instance_11fc56eb-1f89-4e98-a1b2-3c65667412d2 vms
  • ssh into the instance using the manifest password "boshbosh" as defined in the manifest 
    ssh vcap@



Powered by Wolken Software