E38253 02

Oracle Exalogic Elastic Cloud
Credentials Management Guide

Release EL X2-2, X3-2 and X4-2
E38253-02
April 2014
This document describes how to change the security credentials for various
components in an Exalogic machine. You can use the procedures in this document to
change all the security credentials from the settings that were initially configured by
the ECU. You can also use these procedures to change the security credentials for
specific Exalogic components at any time.
The target audience for this document consists of system administrators who are
familiar with the architecture and deployment of Exalogic and Exalogic Control, and
have experience in administering Linux systems, Oracle WebLogic Server, and
Exalogic Control (Oracle VM Manager and Enterprise Manager Ops Center).
This document contains the following sections:
Section 1, "Overview of the Credential Management Procedure"
Section 2, "Changing Credentials for Physical Components"
Section 3, "Changing Credentials for the Oracle Database Component of the

Exalogic Control Stack"
Section 4, "Changing Credentials for Oracle VM Manager"
Section 5, "Changing Credentials for Enterprise Manager Ops Center"
Section 6, "Documentation Accessibility"
1 Overview of the Credential Management Procedure

Table 1 lists the users on various infrastructure components on an Exalogic machine.
Table 1
Users on Exalogic Infrastructure Components
Component Category
Component
User
Physical components
Compute nodes
root
Storage nodes
root
Compute node ILOMs
root
Storage node ILOMs
root
InfiniBand switches
root
ilom-admin
ilom-operator
Power distribution units
admin
Table 1 (Cont.) Users on Exalogic Infrastructure Components

Component Category
Component
Exalogic Control vServers1
Exalogic Control Components
User
root
Oracle VM Manager
admin (Oracle VM Manager login)

weblogic (WebLogic Server login)
Oracle Database
emoc (Database login)

emoc_ro (Database login)
dbsnmp (Database login)
ovs (Database login)
sys (Database login)
sysman (Database login)
system (Database login)
In EECS release 2.0.6.x.x, the Exalogic Control stack consists of two Proxy Controller vServers and an
Exalogic Control vServer, which hosts the Enterprise Controller, Oracle VM Manager, and Oracle Virtual
Assembly Builder components. The Exalogic Control vServer also hosts the Oracle Database instance that
is shared by EM Ops Center and Oracle VM Manager.
In EECS releases before 2.0.6.0.0, each component of the Exalogic Control stackthat is, Enterprise
Controller, Proxy Controllers, Oracle VM Manager, and Oracle Databasewas hosted on a separate
vServer.
To change the security credentials for all the components in an Exalogic machine, do
the following:
1.
2.
Change the credentials for the following physical components, as described in

Section 2.
-
Compute nodes
Compute node ILOMs
IB switches
Cisco switch
Storage nodes
Power distribution units (PDUs)
Additionally, for an Exalogic machine in a virtual configuration, complete the

following steps:
a.
Change the credentials for the Oracle Database component of the Exalogic
Control stack, as described in Section 3.
b.
Change the credentials for the Oracle VM Manager, as described in Section 4.
c.
Change the credentials for the Enterprise Manager Ops Center components, as
described in Section 5.
2 Changing Credentials for Physical Components

The section contains the following topics:
Section 2.1, "Changing Credentials for Compute Nodes"
Section 2.2, "Changing Credentials for Compute Node ILOMs"
Section 2.3, "Changing Credentials for InfiniBand Switches"
Section 2.4, "Changing Credentials for the Cisco Switch"
Section 2.5, "Changing Credentials for the ZFS Storage Appliance"
Section 2.6, "Changing Credentials for Power Distribution Units (PDUs)"
2.1 Changing Credentials for Compute Nodes

Changing the passwords for the compute nodes involves the following tasks:
1.
Section 2.1.1, "Changing the root Password for a Compute Node"
2.
Section 2.1.2, "Synchronizing Compute-Node root Passwords with Enterprise

Manager Ops Center" (required only for an Exalogic machine in a virtual
configuration)
2.1.1 Changing the root Password for a Compute Node

To change the password for a compute node, complete the following steps:
1.
Log in as root to the compute node.
2.
Run the passwd root command.

Example:
# passwd root
Changing password for user root
New UNIX password:
Retype new UNIX password:
2.1.2 Synchronizing Compute-Node root Passwords with Enterprise Manager Ops

Center
This section is relevant only for Exalogic machines in a virtual
configuration.
Note:
To synchronize a compute-node root password with Enterprise Manager Ops Center,

complete the following steps:
1.
Log in to the Exalogic Control Browser User Interface (BUI) as a user with the
Exalogic Systems Admin role or as root.
2.
From the navigation pane on the left, select Administration.
3.
Expand Enterprise Controller and select Credentials.
4.
Select the SSH credential for the compute node.

You can identify the compute node credentials by their description, typically
Server OS in rack rack_name, and the type, SSH, which is displayed in the
Protocol column, as indicated in Figure 1.
Figure 1 Selecting Compute Node Credentials in Exalogic Control
5.
Click the Edit Credentials icon.

The Update Credentials wizard is displayed.
6.
Enter the new password in the Password and Confirm Password fields.
7.
Click Update.
8.
Check for, and clear, the "Access point is blacklisted..." incident, as follows:
In the navigation pane on the left, select Message Center, then select the Incidents
tab, and check whether an incident with the following description is listed:
Management access point failed authentication during login to asset. Access
point is blacklisted from future connections to prevent security lockout.
This incident occurs if EM Ops Center accessed the asset after its credential was
changed on the asset but before the credential was updated in Exalogic Control.
If the incident exists, do the following:
a.
Select the incident.
b.
Click the Take Action(s) on Incident button in the toolbar above the list of
incidents.
The Take Action on Incident dialog box is displayed.
c.
In the Suggested Actions list, select Clear blacklisting and continue using
current credential.
d.
Click Execute Selected Action.
2.2 Changing Credentials for Compute Node ILOMs

Changing the passwords for the compute node ILOMs involves the following tasks:
1.
Changing Passwords for Compute Node ILOMs
2.
Synchronizing Compute Node ILOM Credentials with Enterprise Manager Ops

Center (required only for an Exalogic machine in a virtual configuration)
2.2.1 Changing Passwords for Compute Node ILOMs

You can change the password for the compute node ILOM by using either the BUI or
the CLI.
Changing the ILOM Password for a Compute Node Using the BUI
To change the ILOM password for a compute node using the BUI, complete the
following steps:
1.
Log in as root to the ILOM BUI of the compute node.

https://compute_node_ilom_address/
2.
Click the User Management tab.
3.
Go to the User Accounts subtab.
4.
In the Users panel, select the root account and click Edit.
5.
In the resulting dialog box, enter the new password in the New Password and
Confirm New Password fields.
6.
Click Save.
Changing the ILOM Password for a Compute Node Using the CLI
To change the ILOM password for a compute node using the CLI, complete the
following steps:
1.
Log in as root to the compute node ILOM.
2.
Run the following command:

-> set /SP/users/root password
Enter new password: ***********
Enter new password again: ***********
2.2.2 Synchronizing Compute Node ILOM Credentials with Enterprise Manager Ops
Center
configuration.
Note:
To synchronize the compute-node ILOM credentials with Enterprise Manager Ops

Center, complete the following steps:
1.
Log in to the Exalogic Control BUI as a user with the Exalogic Systems Admin
role or as root.
2.
3.
4.
complete the following steps for the SSH and IPMI credentials of the compute
node ILOMs:
a.
Select the credential.

You can identify the compute node ILOM credentials by the description,
typically Server ILOM in rack rack_name, as shown in Figure 2.
Figure 2 Selecting Compute Node ILOM Credentials in Exalogic Control
b.

5.
c.
d.
Click Update.
Check for, and clear, the Access point is blacklisted incident, as described in
step 8 of Section 2.1.2.
2.3 Changing Credentials for InfiniBand Switches

Changing the passwords for the IB switches involves the following tasks:
1.
Section 2.3.1, "Changing Credentials for IB Switches"
2.
Section 2.3.2, "Synchronizing IB Switch Credentials with Enterprise Manager Ops

Center" (required only for an Exalogic machine in a virtual configuration)
The IB switches are managed using the SSH and IPMI protocols. The instructions in
this section apply only to the SSH protocol.
2.3.1 Changing Credentials for IB Switches

You can change the password for an IB switch by using either the switch BUI or the
CLI.
Changing Passwords for an InfiniBand Switch Using the BUI
To change the password for an IB switch using the BUI, complete the following steps:
1.
Log in as root to the BUI of the IB switch.

https://hostname_or_address_of_switch
2.
3.
4.
complete the following steps for the ilom-admin, and ilom-operator users.
The root password can be changed only through the Linux
passwd command.
Note:
a.
In the Users panel, select the user, and click Edit.
b.
In the resulting dialog box, enter the new password.
c.
Click Save.
Changing Passwords for an InfiniBand Switch Using the CLI

To change the password for an IB switch using the CLI, complete the following steps:
1.
Log in as ilom-admin to the IB switch.

Note: If you log in as root, you can change to the ILOM interface by
running the spsh command.
2.
Change the password for the ilom-admin user by running the following
command:
-> set /SP/users/ilom-admin password
Enter new password: ***********
3.
Repeat the previous step to change the password for the ilom-operator user.
4.
Change the password for the root user:

a.
Log in as root to the IB switch.
b.
Run the passwd command.

# passwd
Changing password for user root.
New UNIX password:
passwd: all authentication tokens updated successfully.
2.3.2 Synchronizing IB Switch Credentials with Enterprise Manager Ops Center

configuration.
Note:
To synchronize the IB switch credentials with Enterprise Manager Ops Center,

1.
role or as root.
2.
3.
4.
Do the following for the SSH and IPMI credentials of the IB switches:
a.
Select the credential for the IB switch for which you changed the password.
You can identify the IB switch credentials by the description, typically
Infiniband Switch in rack rack_name, as shown in Figure 3.
Figure 3 Selecting IB Switch Credentials in Exalogic Control
b.

5.
c.
Enter the new password for the ilom-admin user in the Password and
Confirm Password fields.
d.
Click Update.
2.4 Changing Credentials for the Cisco Switch

Changing the password for the Cisco switch in Exalogic involves the following tasks:
1.
Section 2.4.1, "Changing Passwords for the Cisco Switch"
2.
Section 2.4.2, "Synchronizing Cisco Switch Credentials with Enterprise Manager

Ops Center" (required only for an Exalogic machine in a virtual configuration)
2.4.1 Changing Passwords for the Cisco Switch

To change the administration and telnet login passwords for the Cisco switch,
1.
Connect to the switch using telnet.

The switch enters the User EXEC mode.
2.
Go the Privileged EXEC mode by running the enable command.

Switch> enable
At the prompt, enter the current administration password.

3.
To change the administration password, run the following commands:

Switch# configure terminal
Switch (config)# enable secret new_admin_password
Switch(config)# end
Switch# write memory
4.
To change the telnet login password, run the following commands:

Switch# configure terminal
Switch(config)# line vty 0 15
Switch(config-line)# login
Switch(config-line)# password new_password
Switch(config-line)# login
Switch(config-line)# end
Switch# write memory
For more guidelines, best practices, and procedures for securing the Cisco switch, see
the documentation provided by Cisco.
2.4.2 Synchronizing Cisco Switch Credentials with Enterprise Manager Ops Center
configuration.
Note:
To synchronize the Cisco switch credentials with Enterprise Manager Ops Center,
1.
role or as root.
2.
3.
4.
Select the credential for the Cisco switch.

You can identify the Cisco switch credential by its protocol, Cisco iOS, as shown
in Figure 4.
Figure 4 Selecting the Cisco Switch Credential in Exalogic Control
5.

6.
Enter the new passwords:
Enter the new telnet password in the Login Password and Confirm Login
fields.
Enter the new administration password in the Admin Password and Confirm
Admin fields.
7.
Click Update.
8.
2.5 Changing Credentials for the ZFS Storage Appliance

The ZFS storage appliance in Exalogic has two storage nodes. Each node has two
credentials: one for the root user of the appliance and the other for the root user of the
ILOM interface.
Changing the passwords for the ZFS storage appliance involves the following tasks:
1.
Changing root Passwords for Storage Appliance Nodes
2.
Changing root Passwords for the Storage Appliance ILOMs
3.
Synchronizing Storage Appliance Credentials in Enterprise Manager Ops Center

(required only for an Exalogic machine in a virtual configuration)
2.5.1 Changing root Passwords for Storage Appliance Nodes

You can change the root user password for each storage appliance node either by
using the storage appliance BUI or the CLI.
Note:
Perform this procedure for both storage-appliance nodes.
Changing the root Password for a Storage Appliance Node Using the BUI
1. Log in as root to the BUI of the storage appliance.
https://storage_node_hostname:215
2.
Click the Configuration tab.
3.
Go to the Users subtab.
4.
From the list of users displayed on the left, select Super-User, and click the Edit
entry icon.
5.
Enter the new password and confirm it.
6.
Click Apply.
Changing the root Password for a Storage Appliance Node Using the CLI
1. Log in as root (via SSH) to the storage appliance node.
2.
Run the following commands:

storage_node:> configuration
storage_node:configuration> users
storage_node:configuration users> select root
storage_node:configuration users root> set initial_password=new_password
3.
Run commit to apply the new password for the root user.
2.5.2 Changing root Passwords for the Storage Appliance ILOMs

You can change the password for each storage appliance ILOM either by using the
storage appliance BUI or the CLI.
Note:
Perform this procedure for both storage-appliance ILOMs.
Changing the root Password for a Storage Appliance ILOM Using the BUI
1. Log in as root to the ILOM interface of the storage appliance.
https://storage_node_ilom
2.
3.
10
4.
In the Users panel, select the root account and click Edit.
5.
In the resulting dialog box, enter the new password in the New Password and
Confirm New Password fields.
6.
Click Save.
Changing the root Password for a Storage Appliance ILOM Using the CLI
Log in as root (via SSH) to the storage appliance ILOM.
1.
2.

-> set /SP/users/root password=newpassword
Changing password for user /SP/users/root...
New password was successfully set for user /SP/users/root
2.5.3 Synchronizing Storage Appliance Credentials in Enterprise Manager Ops Center

configuration.
Note:
After changing the passwords for the storage nodes, the passwords must be updated
in Enterprise Manager Ops Center.
1.
role or as root.
2.
3.
4.
Do the following for the IPMI and SSH credentials of both the storage nodes:
a.

You can identify the IPMI and SSH credentials for the storage nodes, as shown
in Figure 7.
Figure 5 Selecting IPMI and SSH Credentials for Storage Nodes in Exalogic Control
b.

5.
c.
d.
Click Update.
Update the storage administration credential for both the storage nodes.
11
You can identify this credential by the protocol name, Storage Administration,
which is displayed in the Protocol column.
a.

You can identify this credential by the protocol, Storage Administration, as
shown in Figure 6.
Figure 6 Selecting the Storage Administration Credential in Exalogic Control
b.

6.
c.
Enter the new passwords in the Admin Password and Confirm Admin
Password fields.
d.
Click Update.
2.6 Changing Credentials for Power Distribution Units (PDUs)

The Exalogic machine contains two PDUs that are managed using Exalogic Control.
Changing the passwords for the PDUs involves the following tasks:
1.
Section 2.6.1, "Changing Passwords for PDUs"
2.
Section 2.6.2, "Synchronizing PDU Passwords with Enterprise Manager Ops

Center" (required only for an Exalogic machine in a virtual configuration)
2.6.1 Changing Passwords for PDUs

To change the passwords of the PDUs, complete the following steps for each PDU:
1.
Browse to the PDU metering unit (for example, http://rack05pdu2) from a

system on the network.
2.
Click Net Configuration.
3.
Log in as admin.
4.
Scroll down the page until you see the Admin/User fields.
5.
Enter a new password for the root and admin users.
6.
Click Submit.
12
2.6.2 Synchronizing PDU Passwords with Enterprise Manager Ops Center

configuration.
Note:
To synchronize the PDU passwords with Enterprise Manager Ops Center, complete
the following steps:
1.
role or as root.
2.
3.
4.
Do the following for the HTTP credential of each PDU:

a.
Select the HTTP credential for the PDU.

You can identify the PDU credentials by the description, typically PDU in rack
rack_name, as shown in Figure 7.
Figure 7 Selecting the PDU Credentials in Exalogic Control
b.

5.
c.
d.
Click Update.
3 Changing Credentials for the Oracle Database Component of

the Exalogic Control Stack
configuration.
Note:
In the Exalogic rack, the Oracle Database component is shared between Oracle VM
Manager and Enterprise Manager Ops Center. Changing the passwords for the Oracle
Database component involves the following tasks:
1.
Section 3.1, "Changing the root Password for the Oracle Database Component"
13
2.
Section 3.2, "Changing Database Credentials for Enterprise Manager Ops Center
Users"
3.
Section 3.3, "Changing Credentials for the Database Schema of Oracle VM

Manager"
3.1 Changing the root Password for the Oracle Database Component
To change the passwords for the root user of the database vServer, complete the
following steps:
1.
2.
Log in as root to the vServer that hosts the Oracle Database component of the
Exalogic Control stack:
Up to EECS 2.0.4.x.x: Database vServer
EECS 2.0.6.x.x: Exalogic Control vServer

Example:
# passwd
New UNIX password:
3.2 Changing Database Credentials for Enterprise Manager Ops Center

Users
You must use the ecadm change-db-password command to change the schema
password for the Enterprise Manager Ops Center user (emoc) and the Enterprise
Manager Ops Center read-only user (emoc_ro). This utility logs in to the database
using the current user name and password, changes the password in the database, and
then updates the properties file with the new password.
1.
2.
Log in as root to the vServer that hosts the Enterprise Controller components:
Up to EECS 2.0.4.x.x: Enterprise Controller vServer
Create a temporary file containing the new password and secure it with 600
permissions.
Example:
# touch /tmp/password
# chmod 600 /tmp/password
# vi /tmp/password
newpassword
3.
To change the database password for the emoc user, run the ecadm command with
the change-db-password subcommand and the -p password_file option. When
prompted, confirm restart of the Enterprise Controller.
Example:
# /opt/sun/xvmoc/bin/ecadm change-db-password -p /tmp/password
The Enterprise Controller will be restarted after the database password is
changed. Continue? (y/n)
y
14
--- Changed database password, restarting.

shutting down Enterprise Controller using SMF...
ecadm: Enterprise Controller services have stopped
ecadm: Starting Enterprise Controller with SMF...
ecadm: Enterprise Controller services have started
4.
To change the database password for the emoc_ro user, run the ecadm
change-db-password command with the --as_read_only_user option.
Example:
# /opt/sun/xvmoc/bin/ecadm change-db-password --as_read_only_user -p
/tmp/password
The Enterprise Controller will be restarted after the database password is
changed. Continue? (y/n)
y
ecadm:
--- Changed database password, restarting.
5.
Remove the temporary file containing the new password.

Example:
# rm /tmp/password
3.3 Changing Credentials for the Database Schema of Oracle VM Manager

Changing the password for the database schema of Oracle VM Manager involves the
following tasks:
1.
Section 3.3.1, "Changing Passwords for OVS, SYS, SYSTEM, SYSMAN, and DBSNMP
Users"
2.
Section 3.3.2, "Changing the Password for the Oracle WebLogic Server Data Source
for Oracle VM Manager"
3.3.1 Changing Passwords for OVS, SYS, SYSTEM, SYSMAN, and DBSNMP Users
To change the password for the ovs user, complete the following steps:
1.
2.
Log in as root to the vServer that hosts the Oracle Database component of the
Exalogic Control stack:
Up to EECS 2.0.4.x.x: Database vServer
Change the passwords, by running the following commands:
Up to EECS 2.0.4.x.x
#
#
#
#
export ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1
export ORACLE_SID=elctrldb
cd /u01/app/oracle/product/11.2.0/dbhome_1/bin
./sqlplus sys/password@elctrldb as sysdba
SQL>
SQL>
SQL>
SQL>
SQL>
alter
alter
alter
alter
alter
user
user
user
user
user
OVS identified by
SYS identified by
SYSTEM identified
SYSMAN identified
DBSNMP identified
EECS 2.0.6.x.x
15
new_password;
new_password;
by new_password;
by new_password;
by new_password;
#
#
#
#
export ORACLE_HOME=/u01/app/oracle/product/11.2.0.3/dbhome_1
export ORACLE_SID=elctrldb
cd /u01/app/oracle/product/11.2.0.3/dbhome_1/bin
./sqlplus sys/password@elctrldb as sysdba
SQL>
SQL>
SQL>
SQL>
alter
alter
alter
alter
Note:
user
user
user
user
SYS identified by
SYSTEM identified
SYSMAN identified
DBSNMP identified
new_password;
by new_password;
by new_password;
by new_password;
In EECS 2.0.6, do not change the password for the OVS user.
For more information about changing Oracle Database user passwords, see "Finding
and Changing Default Passwords" in the Oracle Database 2 Day + Security Guide at
http://docs.oracle.com/cd/E11882_01/server.112/e10575/tdpsg_user_
accounts.htm#BABJAEDF.
3.3.2 Changing the Password for the Oracle WebLogic Server Data Source for Oracle
VM Manager
Due to a known issue in Oracle VM, the procedure in this
section does not work for EECS 2.0.6.
Note:
To change the password for the Oracle WebLogic Server data source for Oracle VM
Manager, complete the following steps:
1.
Log in as root to the Oracle VM Manager vServer.
2.

# /u01/app/oracle/ovm-manager-3/bin/ovm_admin --modifyds SID host port schema
password
Example:
# /u01/app/oracle/ovm-manager-3/bin/ovm_admin --modifyds elctrldb db-vm 1521
OVS new_password
At the prompt, enter the password for the weblogic user.
4 Changing Credentials for Oracle VM Manager

configuration.
Note:
Changing the passwords for Oracle VM Manager involves the following tasks:
1.
Section 4.1, "Changing the root Password for the Oracle VM Manager vServer"
(relevant only up to EECS 2.0.4.x.x)
2.
Section 4.2, "Changing admin and weblogic Passwords for Oracle VM Manager"
16
3.
Section 4.3, "Synchronizing the Oracle VM Manager Password with Enterprise

Manager Ops Center"
4.
Section 4.4, "Changing Passwords for Oracle VM Agents"
4.1 Changing the root Password for the Oracle VM Manager vServer
Note: This section is applicable to only EECS 2.0.4.x.x and earlier
releases.
To change the passwords for the root user of the Oracle VM Manager vServer,
1.
2.

Example:
# passwd
New UNIX password:
4.2 Changing admin and weblogic Passwords for Oracle VM Manager

Due to a known issue, the procedure described in this section
does not work for EECS 2.0.4.x.x and earlier releases. The issue has
been fixed in EECS 2.0.6.
Note:
To change the password for the Oracle VM Manager admin and weblogic users,
1.
Log in as root to the Exalogic Control vServer.
2.
Change the user to oracle:

# su - oracle
3.
Increase the number of unsuccessful login attempts that Oracle WebLogic Server
allows before the admin user is locked:
$ /u01/app/oracle/ovm-manager-3/bin/ovm_admin --lockusers tries
Set tries to a very high number; for example, 2000.

Note: This step is a temporary measure to prevent the admin user
from getting locked before you synchronize the new password in
Enterprise Manager Ops Center. Note that, after changing the admin
password and synchronizing it in Enterprise Manager Ops Center,
you must revert the user lock-out threshold to its original value.
4.
Go to the /u01/app/oracle/ovm-manager-3/bin directory:
17
$ cd /u01/app/oracle/ovm-manager-3/bin
5.

$ ./ovm_admin --modifyuser
6.
When prompted for the username, enter admin. At the subsequent prompts, enter
the current password and the new password.
For information about the required password length and
allowed characters, see the Oracle VM documentation. At the time of
publication of this guide, the requirement was for a minimum of eight
characters with at least one non-alphabetic character).
Note:
The Oracle VM Manager administration tool starts.

Example (for the admin user):
Oracle VM Manager Release 3.x.x Admin tool
Please enter the password for weblogic :
Enter the Oracle WebLogic password. You set this during the installation of
Oracle VM Manager. The utility connects to Oracle WebLogic and changes the
Oracle VM Manager admin password.Initializing ###### WebLogic Scripting Tool
(WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to WebLogic server ...
Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain
'base_adf_domain'.
Warning: An insecure protocol was used to connect to the
Server. To ensure on-the-wire security, the SSL port or Admin port should be
used instead.
Connected ...
Modifying user 'admin' ...
Modified user 'admin' successfully ...
Disconnected from weblogic server: AdminServer
Exiting...
Exiting WebLogic Scripting Tool.
7.
Perform steps 5 and 6, now for the weblogic user.
8.
Update the boot.properties file with the new password that you set for the
weblogic user:
a.
Go to the following directory:

$ /u01/app/oracle/ovm-manager-3/machine1/base_adf_
domain/servers/AdminServer/security
b.
Create a new boot.properties file.

$ mv boot.properties boot.properties.previous
$ cat > boot.properties << EOF
username: weblogic
password: new_password
EOF
new_password is the password that you set earlier for the weblogic user.
18
c.
Encrypt boot.properties by starting and stopping Oracle VM Manager.

$ service ovmm stop
$ service ovmm start
4.3 Synchronizing the Oracle VM Manager Password with Enterprise

Manager Ops Center
Due to a known issue, the procedure described in this section
does not work for EECS 2.0.4.x.x and earlier releases. The issue has
been fixed in EECS 2.0.6.
Note:
To synchronize the Oracle VM Manager password with Enterprise Manager Ops

Center, complete the following steps:
1.
role or as root.
2.
3.
4.
Select the Oracle VM Manager credential.

You can identify the Oracle VM Manager credential by the description, typically
OVM Manager in rack rack_name and its protocol, Oracle VM, as shown in
Figure 8.
Figure 8 Selecting the Oracle VM Manager Credential in Exalogic Control
5.

6.
7.
Click Update.
8.
Revert the number of unsuccessful login attempts to the Oracle VM Manager that
Oracle WebLogic Server allows for the admin user, to the original value.
This step is necessary because, before changing the admin password, the number
of unsuccessful login attempts was increased, as described in Section 4.2,
"Changing admin and weblogic Passwords for Oracle VM Manager."
a.
19
b.
Change the user to oracle:

# su - oracle
c.

$ /u01/app/oracle/ovm-manager-3/bin/ovm_admin --lockusers 3
9.
4.4 Changing Passwords for Oracle VM Agents

You can change the passwords for the Oracle VM agents by using either the web
interface of Oracle VM Manager or the CLI.
This section contains the following topics:
Changing Passwords for Oracle VM Agents Using the OVMM Web Interface (in
EECS 2.0.4.x.x and Earlier Releases)
Changing Passwords for Oracle VM Agents Using the OVMM Web Interface (in
EECS 2.0.6.x.x)
Changing Passwords for Oracle VM Agents Using the CLI
Oracle VM Manager allows you to change the password for
the Oracle VM agent running on each Oracle VM Server. However,
you must set the same password for Oracle VM agents running on all
Oracle VM Servers in the Exalogic machine.
Note:
Changing Passwords for Oracle VM Agents Using the OVMM Web Interface (in EECS 2.0.4.x.x and
Earlier Releases)
1. Log in as root to the Oracle VM Manager web console.
https://IP_address:7002/ovm/console/
In this URL, IP_address is the eth-admin IP address of the Enterprise Controller

vServer.
2.
In the Home view, select Server Pools in the navigation pane.
3.
Do the following for each server pool:

a.
In the Server Pools tab in the management pane, select the server pool.
b.
Click the Change Agent Password button.
c.
Enter the current password (default: oracle), and then enter a new password
and confirm it.
You must set the same Oracle VM agent password for all the
server pools in the Exalogic machine.
Note:
d.
Click OK.
The new password is applied to the Oracle VM agents running on all the Oracle
VM Servers in the server pool.
20
Changing Passwords for Oracle VM Agents Using the OVMM Web Interface (in EECS 2.0.6.x.x)
1. Log in as root to the Oracle VM Manager web console.
https://IP_address:7002/ovm/console/
In this URL, IP_address is the eth-admin IP address of the Exalogic Control

vServer.
2.
Select the Servers and VMs tab.
3.
In the navigation pane on the left, expand Server Pools.
4.
Do the following for each server pool:

a.
In the navigation pane on the left, select the server pool.
b.
Right-click on the server pool. From the context menu, select Change Servers
Agent Password button.
c.
Enter the old password (default: oracle), and then enter a new password and
confirm it.
You must set the same Oracle VM agent password for all the
server pools in the Exalogic machine.
Note:
d.
Click OK.
The new password is applied to the Oracle VM agents running on all the Oracle
VM Servers in the server pool.
Changing Passwords for Oracle VM Agents Using the CLI
To change the password for the Oracle VM Server agents, run the ovs-agent-passwd
command on all the Oracle VM Server nodes:
# ovs-agent-passwd username password
The username used by Oracle VM Manager to communicate with the agent is oracle.
You must set the same password for all the Oracle VM Server
agents in the Exalogic machine.
Note:
5 Changing Credentials for Enterprise Manager Ops Center

configuration.
Note:
Changing the passwords for Enterprise Manager Ops Center involves the following
tasks:
1.
Section 5.1, "Changing root Passwords for EM Ops Center vServers"
2.
Section 5.2, "Change Passwords for Other Enterprise Manager Ops Center Users"
21
5.1 Changing root Passwords for EM Ops Center vServers

EM Ops Center consists of an Enterprise Controller (EC) and two Proxy Controllers
(PCs).
To change the root passwords for the Enterprise Manager Ops Center vServers and
also the password for the Exalogic Control BUI login, complete the following steps:
1.
2.
Log in as root to the vServer that hosts the Enterprise Controller component of
EM Ops Center.
Up to EECS 2.0.4.x.x: Enterprise Controller vServer
Run the passwd root command:

Example:
# passwd root
New UNIX password:
3.
Perform steps 1 and 2 for each of the Proxy Controller vServers.
5.2 Change Passwords for Other Enterprise Manager Ops Center Users
Repeat the procedure described in Section 5.1 to change the passwords for any
additional Enterprise Manager Ops Center users that may have been createdthat is,
any users with the Exalogic Systems Admin, Cloud User, and Cloud Admin roles.
6 Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle
Accessibility Program website at
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers have access to electronic support through My Oracle Support. For
information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or
visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing
impaired.
Oracle Exalogic Elastic Cloud Credentials Management Guide, Release EL X2-2, X3-2 and X4-2
E38253-02
Copyright 2013, 2014, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected
by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate,
broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering,
disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them
to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the
following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware,
and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition
Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs,
including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license
terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use
in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in
dangerous applications, then you shall be responsible to take all appropriate failsafe, backup, redundancy, and other measures to ensure its safe
22
use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks
or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered
trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle
Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products,
and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of
third-party content, products, or services.
23
24

E38253 02

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

E38253 02

Uploaded by

Copyright:

Available Formats

Oracle Exalogic Elastic Cloud

Credentials Management Guide

Section 1, "Overview of the Credential Management Procedure"

Section 2, "Changing Credentials for Physical Components"

Section 3, "Changing Credentials for the Oracle Database Component of the

Section 4, "Changing Credentials for Oracle VM Manager"

Section 5, "Changing Credentials for Enterprise Manager Ops Center"

Section 6, "Documentation Accessibility"

1 Overview of the Credential Management Procedure

Users on Exalogic Infrastructure Components

Compute node ILOMs

Storage node ILOMs

Power distribution units

Table 1 (Cont.) Users on Exalogic Infrastructure Components

Exalogic Control vServers1

Exalogic Control Components

admin (Oracle VM Manager login)

emoc (Database login)

Change the credentials for the following physical components, as described in

Compute node ILOMs

Power distribution units (PDUs)

Additionally, for an Exalogic machine in a virtual configuration, complete the

Change the credentials for the Oracle VM Manager, as described in Section 4.

2 Changing Credentials for Physical Components

Section 2.1, "Changing Credentials for Compute Nodes"

Section 2.2, "Changing Credentials for Compute Node ILOMs"

Section 2.3, "Changing Credentials for InfiniBand Switches"

Section 2.4, "Changing Credentials for the Cisco Switch"

Section 2.5, "Changing Credentials for the ZFS Storage Appliance"

Section 2.6, "Changing Credentials for Power Distribution Units (PDUs)"

2.1 Changing Credentials for Compute Nodes

Section 2.1.1, "Changing the root Password for a Compute Node"

Section 2.1.2, "Synchronizing Compute-Node root Passwords with Enterprise

2.1.1 Changing the root Password for a Compute Node

Log in as root to the compute node.

Run the passwd root command.

2.1.2 Synchronizing Compute-Node root Passwords with Enterprise Manager Ops

To synchronize a compute-node root password with Enterprise Manager Ops Center,

From the navigation pane on the left, select Administration.

Expand Enterprise Controller and select Credentials.

Select the SSH credential for the compute node.

Figure 1 Selecting Compute Node Credentials in Exalogic Control

Click the Edit Credentials icon.

Select the incident.

Click Execute Selected Action.

2.2 Changing Credentials for Compute Node ILOMs

Changing Passwords for Compute Node ILOMs

Synchronizing Compute Node ILOM Credentials with Enterprise Manager Ops

2.2.1 Changing Passwords for Compute Node ILOMs

Log in as root to the ILOM BUI of the compute node.

Click the User Management tab.

Go to the User Accounts subtab.

Log in as root to the compute node ILOM.

Run the following command:

To synchronize the compute-node ILOM credentials with Enterprise Manager Ops

From the navigation pane on the left, select Administration.

Expand Enterprise Controller and select Credentials.

Select the credential.

Figure 2 Selecting Compute Node ILOM Credentials in Exalogic Control

Click the Edit Credentials icon.

2.3 Changing Credentials for InfiniBand Switches

Section 2.3.1, "Changing Credentials for IB Switches"

Section 2.3.2, "Synchronizing IB Switch Credentials with Enterprise Manager Ops