Retrieve the service accounts credentials from SDDC Manager
search cancel

Retrieve the service accounts credentials from SDDC Manager

book

Article ID: 327195

calendar_today

Updated On:

Products

VMware Cloud Foundation

Issue/Introduction

This article provides the steps to retrieve the ESXi service accounts from SDDC Manager.

Symptoms:


Unable to SSH into an ESXi host with the stored root credentials on SDDC.

Environment

VMware Cloud Foundation 4.x
VMware Cloud Foundation 5.x

Resolution

  1. SSH into the SDDC Manager with vcf user and su to root

  2. Create a token on the SDDC Manager. (You will need to update the username and password value)

    TOKEN=$(curl -d '{"username" : "<sso_username>", "password" : "<sso_password>"}' -H "Content-Type: application/json" -X POST http://127.0.0.1/v1/tokens | jq -r '.accessToken')


    The <sso_username> needs to be [email protected]. The <sso_password> needs to be that account's password. Alternatively, it needs to be a vsphere.local account/password with vCenter admin permissions. An AD integrated account will not work.

  3. Pull the credentials from SDDC. 
    curl -k -X GET -H "Authorization: Bearer "$TOKEN"" --insecure 'https://localhost/v1/system/credentials/service' | json_pp | less
    Sample output 
       {
      "serviceType" : "SDDC_MANAGER",
      "entityId" : "9189####-####-####-####-########8251",
      "username" : "svc-vcf-xxxxx-xx",
      "id" : "688d####-####-####-####-########ad5e",
      "entityType" : "ESXI",
      "targetType" : "ESXI",
      "serviceId" : "2f7a####-####-####-####-########cb79",
      "secret" : "xxxxxxxxxxxxxxxxx",
      "credentialType" : "SSH",
      "creationTime" : 16#######96,
      "modificationTime" : 16#######96

      

Additional Information

Once you have the service account password you can connect to the ESXi host to clear out a root lockout or to reset the root password.


Powered by Wolken Software