ExaPasswd User's Guide
Release 1.0
E53666-04
April 2016
This document describes how to install and use ExaPasswd, a tool that automates changing the passwords of the various hardware and software components of an Exalogic rack.
This document contains the following sections:
An Exalogic rack consists of a variety of hardware and software components, each of which has unique credentials. Changing the passwords of each component would require you to log in to each component individually and synchronize the passwords with Exalogic Control. ExaPasswd automates this time-consuming process.
Note:
Before running ExaPasswd for an Exalogic rack that was upgraded to EECS 2.0.6.0.0 from EECS 2.0.4.x.x, you must first synchronize the ECU configuration files with the current configuration of the machine, by running the ECU converter. The ECU converter is a tool that is included with ExaPatch. For more information about the ECU converter, see the ExaPatch User's Guide.Table 1 lists the default users of an Exalogic rack and ExaPasswd's support for those components.
Table 1 Default Exalogic Credentials
| Component | User | ExaPasswd Support |
|---|---|---|
|
Physical components |
||
|
Linux Compute nodes |
|
Yes |
|
Solaris Compute nodes |
|
No |
|
Oracle VM Server nodes |
|
Yes Yes |
|
Storage appliance |
|
Yes |
|
Compute node ILOMs |
|
Yes (July PSU 2014 or later) |
|
Storage appliance ILOM |
|
Yes (July PSU 2014 or later) |
|
InfiniBand switches |
|
Yes (July PSU 2014 or later) Yes (July PSU 2014 or later) No |
|
Management switch |
|
Yes |
|
Power distribution units |
|
No |
|
Exalogic ControlFoot 1 |
||
|
Exalogic Control vServer |
|
Yes |
|
Oracle Database |
|
Yes Yes Yes No Yes Yes Yes |
|
Proxy Controller vServers |
|
Yes |
|
Oracle VM Manager |
|
Yes Yes |
Footnote 1 In EECS release 2.0.6.x.x and later, the Exalogic Control stack consists of two Proxy Controller vServers and an Exalogic Control vServer, which hosts the Enterprise Controller, Oracle VM Manager, and Oracle Virtual Assembly Builder components. The Exalogic Control vServer also hosts the Oracle Database instance that is shared by EM Ops Center and Oracle VM Manager.
For a list of the EECS releases that are supported for ExaPasswd, see the My Oracle Support document ID 1912063.1.
For instructions on installing ExaPasswd, see the Exalogic LifeCycle Toolkit My Oracle Support document ID 1912063.1.
After following the instructions in the My Oracle Support document, you can run ExaPasswd from /exalogic-lctools/bin/.
The following is the general syntax of the ExaPasswd command:
# ./exapasswd options
The options available to ExaPasswd vary depending on whether the Exalogic environment is physical or virtual.
This section contains the following topics:
On physical environments, ExaPasswd supports only component target options. These options are suffixed with -targets and you must specify the address of each component for which you want to change the password.
Example: --compute-nodes-targets, --infiniband-switches-targets
ExaBR automatically obtains the passwords if password-less SSH has been configured between the specified components and the node running ExaPasswd. You can use the ExaBR init-ssh command to enable key-based authentication as described in Section 2.3.1, "Enabling Key-Based Authentication for ExaBR" in the ExaBR User's Guide. If password-less SSH is not enabled, ExaPasswd prompts for passwords.
Table 2 describes all the options applicable to ExaPasswd on physical environments.
Table 2 ExaPasswd Options in Physical Environments
| Component | Option | Description |
|---|---|---|
|
Compute nodes |
|
Changes the Note: ExaPasswd cannot change the passwords of Solaris compute nodes. |
|
Compute node ILOMs |
|
Changes the password(s) of the specified compute node ILOM(s). |
|
Storage nodes |
|
Changes the password(s) of the specified storage node(s). Note: For the storage nodes, ExaPasswd changes the password of the active head. As the storage nodes are configured in an active-passive cluster by default, the password of the active head is synchronized with the passive head. |
|
Storage node ILOMs |
|
Changes the password(s) of the specified storage node ILOM(s). |
|
InfiniBand switches |
|
Changes the password(s) of the specified InfiniBand switch(es). |
|
Management switch |
|
Changes the password of the specified management switch. ExaPasswd tool supports both SSH and telnet access. By default, ExaPasswd uses SSH access and logs in to the management switch using the |
|
|
If the user name of the management switch is not |
In virtual environments, ExaPasswd has two types of options:
When the Exalogic Configuration Utility (ECU) files are present, use component options. Component options run on all components of the specified type and ExaPasswd uses the ECU files to obtain the addresses of the components.
Example: --compute-nodes, --infiniband-switches
When the ECU files are not present, use component target options. These options are suffixed with -targets and you must specify the address of each component for which you want to change the password.
Note:
On virtual environments, when using the component target options, you must use the--emoc option to specify the IP address or host name of Exalogic Control. ExaPasswd uses this address to connect to Exalogic Control and synchronize the new password.
On virtual environments, Oracle recommends that you use the component target options only when the ECU files are not present.
Example: --compute-nodes-targets, --infiniband-switches-targets
ExaPasswd automatically obtains the passwords in the following scenarios:
The rack is using the factory default passwords that were configured by the ECU.
Password-less SSH has been configured between the specified components and the compute node running ExaPasswd. You can use the ExaBR init-ssh command to enable key-based authentication as described in Section 2.3.1, "Enabling Key-Based Authentication for ExaBR" in the ExaBR User's Guide.
In all other scenarios, ExaPasswd prompts for the passwords for each component.
Table 3 describes the options of ExaPasswd on virtual environments.
Table 3 ExaPasswd Options in a Virtual Environment
| Component | Option | Description |
|---|---|---|
|
For all components |
|
When using any of the component target options in a virtual environment, you must specify this option. Use this option to specify the IP address or host name of Exalogic Control. Note: In virtual environments, only use the |
|
Compute nodes |
|
Changes the |
|
|
Changes the |
|
|
Compute node ILOMs |
|
Changes the passwords of all the compute node ILOMs. |
|
|
Changes the password(s) of the specified compute node ILOM(s). Oracle recommends that you use this option only when the ECU files are not present. |
|
|
Storage nodes |
|
Changes the passwords of all the storage nodes. |
|
|
Changes the password(s) of the specified storage node(s). Oracle recommends that you use this option only when the ECU files are not present. Note: For the storage nodes, ExaPasswd changes the password of the active head. As the storage nodes are configured in an active-passive cluster by default, the password of the active head is synchronized with the passive head. |
|
|
Storage node ILOMs |
|
Changes the passwords of all the storage node ILOMs. |
|
|
Changes the password(s) of the specified storage node ILOM(s). Oracle recommends that you use this option only when the ECU files are not present. |
|
|
InfiniBand switches |
|
Changes the passwords of all the InfiniBand switches. |
|
|
Changes the password(s) of the specified InfiniBand switch(es). Oracle recommends that you use this option only when the ECU files are not present. |
|
|
Management switch |
|
Changes the password of the management switch. ExaPasswd tool supports both SSH and telnet access. By default, ExaPasswd uses SSH access and logs in to the management switch using the |
|
|
Changes the password of the specified management switch. Oracle recommends that you use this option only when the ECU files are not present. ExaPasswd tool supports both SSH and telnet access. By default, ExaPasswd uses SSH access and logs in to the management switch using the |
|
|
|
This option must be used with the |
|
|
All hardware components |
|
Changes the passwords for all hardware components of a rack. |
|
Oracle VM agents |
|
Changes the passwords of the Oracle VM agents. |
|
|
Changes the passwords of the specified Oracle VM agents. The IP address or host name of the Oracle VM Manager vServer should be specified. Oracle recommends that you use this option only when the ECU files are not present. |
|
|
Oracle VM Manager |
|
Changes the password of the Oracle VM Manager |
|
|
Changes the password of the specified Oracle VM Manager |
|
|
Oracle VM Manager database |
|
Changes the passwords of the |
|
|
Changes the passwords of the |
|
|
Exalogic Control database |
|
Changes the passwords of the |
|
|
Changes the passwords of the |
|
|
Exalogic Control vServers |
|
Changes the passwords for all the Exalogic Control vServers. |
|
|
Changes the password(s) for the specified Exalogic Control vServer(s). Oracle recommends that you use this option only when the ECU files are not present. |
|
|
All virtual components |
|
Changes the passwords for all the software components of a rack. |
|
All physical and virtual components |
|
Changes the passwords for both the physical and software components of the rack |
Run ExaPasswd as follows:
Note:
When you update passwords using ExaPasswd, the tool does not update the ECU files with these new passwords. However ExaPasswd can still use the ECU files to obtain the addresses of the various components.Log in to the compute node on which you installed the Exalogic Lifecycle Toolkit as described in Section 3, "Installing ExaPasswd."
Note:
On virtual environments, you must run ExaPasswd from the compute node that has the ECU configuration files.Navigate to the directory that contains ExaPasswd:
cd /exalogic-lctools/bin/
Run ExaPasswd in one of the following ways:
To run ExaPasswd on a specific target on a physical environment, run ExaPasswd as follows:
./exapasswd --target_name target1,[target2,...]
For a list of various targets, see Section 4.1, "ExaPasswd Options in Physical Environments."
Example:
./exapasswd --infiniband-switches-targets ib01.example.com,ib02.example.com --cisco-switch-targets mgmt.example.com --cisco-user admin
To run ExaPasswd on a type of component for virtual environments on which the ECU files are present, run ExaPasswd as follows:
./exapasswd --component-type
For a list of various component types, see Section 4.2, "ExaPasswd Options in Virtual Environments."
Examples:
./exapasswd --all ./exapasswd --control-vms --emoc-database
To run ExaPasswd on a specific target for virtual environments on which the ECU files are not present, run ExaPasswd as follows:
./exapasswd --emoc address_of_exalogic_control --target_name target1,[target2,...]
For a list of various targets, see Section 4.2, "ExaPasswd Options in Virtual Environments."
Example:
./exapasswd --emoc elcont.example.com --infiniband-switches-targets ib01.example.com
ExaPasswd displays the number of components for which the passwords will be changed.
Verify if the number of components is correct and press y to continue.
ExaPasswd displays a list of the targets.
When prompted, enter the new passwords.
ExaPasswd stores log files on the compute node on which ExaPasswd is run in the /var/log/ directory in the format exapasswd-YYMMDD-HHMMSS.log.
For known issues, see the Exalogic LifeCycle Toolkit My Oracle Support document ID 1912063.1
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Oracle® Exalogic Elastic Cloud ExaPasswd User's Guide, Release 1.0
E53666-04
Copyright © 2010, 2016, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.