Resetting the vmware-system-user password for VMware Cloud Foundation Services Runtime

search cancel

Resetting the vmware-system-user password for VMware Cloud Foundation Services Runtime

book

Article ID: 444453

calendar_today

Updated On:

Products

VCF Automation VCF Operations

Issue/Introduction

Password reset procedure for vmware-system-user local Linux account for VCF Services Runtime 9.1.
You are unable to login to the VCF Services Runtime virtual machines using either the Virtual Console or Secure Shell (SSH) with the vmware-system-user account.

Environment

VCF Management Services 9.1.0
VCF Services Runtime 9.1.0

Resolution

Note:

The below process should only be followed when you are unable to manage the vmware-system-user password via the Fleet Management UI/API.
If the password is known and you simply wish to reset, see Update Passwords for VMware Cloud Foundation Components.

The procedure requires multiple steps:

Identify one of the VCF services runtime control plane node virtual machines
- Follow Steps 1-3 within the following document:
  - Establish an SSH Connection to a VCF Services Runtime Instance.
Reboot the virtual machine into single user mode
- Navigate to the vSphere Client where the cluster is deployed and find the virtual machine. Open a virtual console.
- Right click on the virtual machine, choose Power, then Restart Guest OS.
- Switch back to the virtual console and once you see the Photon bootloader screen, press 'e'.
- Use the cursor keys to position the cursor at the end of the kernel command line and add 'rw init=/bin/bash' to the end, then press F10 to continue the boot procedure.
Create a temporary user and set its password (15 characters, no more than 3 sequential characters of same class)
- useradd temp
- passwd temp
Give the new user sudo privileges
- echo "temp ALL=(ALL) ALL" >> /etc/sudoers.d/90-cloud-init-users
Reboot the VM
- reboot -f
Login via an ssh session using the newly created temp user
Switch to Root
- sudo su -
Update the password in the Kubernetes secret
- CLUSTER=$(kubectl get configmap global-config -n vmsp-platform -o jsonpath='{.data.cluster\.name}')
- NEW_PASSWORD=TYPETHENEWPASSORD
- HASH=$(printf '%s' "${NEW_PASSWORD}" | vmsp passwd --password-stdin | tr -d '\n' | base64 -w0)
- kubectl patch secret "${CLUSTER}-ssh-password-secret" -n vmsp-platform --type=merge -p "{\"data\":{\"sshPassword\":\"${HASH}\"}}"
Confirm the vmware-system-user can now login
Remove the temporary user
- sudo userdel temp

Note: Step 7 will immediately trigger all the virtual machines in the cluster to update the password for vmware-system-user.

Additional Information

Resetting Passwords for VMware Cloud Foundation Services Runtime

Feedback

thumb_up Yes

thumb_down No