Hi team ,
we are using NSX version 6.3.2 . I want to change Edges admin password via API . I am aware of Edges> Action > Change Cli Credentials but i am running into a issue where when i click OK to change password , it takes a lot of time and operation time out .
1. I can't see the password line in when i get the output of API of an Edge .
https:// IP /api/4.0/edges/edge-74
<remoteAccess>true</remoteAccess>
<userName>admin</userName>
<password > test </password > " can i add this line ?"
2 . I was googling that i can Get NSX edges root passwords from /home/secureall/secureall/sem/WEB-INF/classes/GetSpockEdgePassword.sh but there is /GetCliUserEdgePassword.sh as well which i am not able to find in NSX 6.3.2 . is there any way i can get admin password of the Edges.
Tarun Gupta
9910302342
Hi,
... when i click OK to change password , it takes a lot of time and operation time out ...
This is your real problem. This shows a communication issue between the manager and the ESG(s).
<password > test </password > " can i add this line ?"
Use the call:
PUT /api/4.0/edges/{edgeId}/clisettings
Request:
Body: application/xml
<cliSettings>
<userName></userName>
<password></password>
<remoteAccess></remoteAccess>
<passwordExpiry></passwordExpiry>
<sshLoginBannerText></sshLoginBannerText>
</cliSettings>
2 . I was googling that i can Get NSX edges root passwords from /home/secureall/secureall/sem/WEB-INF/classes/GetSpockEdgePassword.sh but there is /GetCliUserEdgePassword.sh as well which i am not able to find in NSX 6.3.2 . is there any way i can get admin password of the Edges.
Yes, there's other files to achieve the password retrieval but I would strongly advise you against it and do it with GSS supervision. Especially the password change. I would recommend first - again - to check what's with that timeout problem.
Do your hosts show up properly under installation tabs? The RabbitMQ service is running on the manager?
Regards,
Roland
Edit: I noticed - after re-reading - that I was wrong here:
> Yes, there's other files to achieve the password retrieval...
There is no procedure to get the "admin" user password and change it from the manager CLI. Only the Manager UI or the API are the way - I know - to change that. From the manager CLI and then from the root mode you can only get the edge "root" user PW.
Sorry.
Hi Roland,
Thanks a lot for your reply .
Yes Rabbit MQ service is running on NSX Manager . I am able to change most of the Edges cli admin password but not all . I can see 5671 port connection Established in Edge .
Also , vShiled-Statefull-Firewall service is also running on all the hosts in Edge cluster as well . One of the issue i identified while changing admin password is " admin account locked " when i take console on Edge. I am under the impression that admin accounts gets unlocked after 30 mins or so .. but if that is not the case .. it fails to update password and it will not change the Cli password.
At last , the only optiion i go with is to re-deploy which is becoming a issue since i am working in operations and i have to ask for customer downtime . I am not aware of any other way to reset admin password if UI does not work or taking a lot of time and operation time out .
any help here to change password if UI does not work ?
Thanks for posting the Api commands but these will not hold if some one re-deploy the same edge ..lossing the passowrd again and running into same admin account issue . Any correction here will be appreciated.
Last , thanks for your support. .waiting for reply .
One of the issue i identified while changing admin password is " admin account locked " when i take console on Edge. I am under the impression that admin accounts gets unlocked after 30 mins or so .. but if that is not the case .. it fails to update password and it will not change the Cli password.
This is usually the case when SSH is open to the outside. Because bots make permanent login attempts with "root" and "admin" users and the admin account is more or less permanently locked. Sometimes it is also a monitoring system that is responsible for the permanent login attempts.
However, if the problem only occurs with some edge gateways, check if SSH is open for the whole world and block the port for these edge gateways. After 15 minutes the login should work again.
Alternatively, you can also disable SSH, wait 15 minutes, enable it and be very fast before it is locked again.