In order to make this change, connect via SSH into the Ops Manager virtual machine (VM) and follow these steps:
 

1. Decrypt the installation.yml file. Run the following:

sudo -u tempest-web SECRET_KEY_BASE="s" ./decrypt /var/tempest/workspaces/default/installation.yml /tmp/installation.yml

When prompted, enter the decryption passphrase for Ops Manager.

2. Edit /tmp/installation.yml. Search for the existing password, change it to your new password or leave it blank. If you leave the password blank then Ops Manager will generate a new password for you when you apply changes. Save the file.

3. Make a backup of the original installation.yml file. Run the following:

cp /var/tempest/workspaces/default/installation.yml ~/installation-orig.yml

4. Encrypt the modified installation.yml and overwrite the original.

sudo -u tempest-web SECRET_KEY_BASE="s" RAILS_ENV=production /home/tempest-web/tempest/web/scripts/encrypt /tmp/installation.yml /var/tempest/workspaces/default/installation.yml

When prompted, enter the decryption passphrase for Ops Manager.

5. Restart Ops Manager's Web UI. Run the following:

sudo service tempest-web stop && sudo service tempest-web start

6. Refresh your browser, enter the decryption passphrase and wait for UAA to start. Log on and Apply Changes on all the tiles (not selective deploy). This will push out the new password to the UAA.

7. Once Apply Changes has succeeded, in Ops Manager navigate to the Elastic Runtime tile's credentials screen. Go to the admin user and click "Show Credentials". You should see the new admin credential listed (for 1.12, you will still see the old password).

8. Take the new admin credentials and attempt to log on to Apps Manager or by using the cf cli. This should succeed. Attempting to log on with the old password should fail. 

Impact

TAS does not officially support changing the UAA admin user's password. The instructions above are not officially tested as a part of the Operations Manager test suite, so use them at your own risk.

Please also be careful when editing installation.yml. YAML files make use of white space as a delimiter, so be careful when making changes. Also, make sure you use spaces instead of tabs.

If Operations Manager is unable to load your edited installation.yml file, you can revert to the backup with the following steps:
 

1. Run the following:

cp ~/installation-orig.yml /var/tempest/workspaces/default/installation.yml

2. Run the following:

sudo service tempest-web stop && sudo service tempest-web start

3. Refresh your browser, enter the decryption passphrase, and wait for UAA to start.

Please contact support with questions, concerns, or if you require assistance with the above procedure.

Note: It may be tempting to change the admin user's password with the uaac utility. Unfortunately, this is not sufficient because it will only update the admin user's password in UAA. This leaves Operations Manager out of sync and can cause jobs and errands to fail.

It may be tempting to change the admin user's password with the uaac utility. Unfortunately, this is not sufficient because it will only update the admin user's password in UAA. This leaves Operations Manager out of sync and can cause jobs and errands to fail.