Changing the ESC Password
You will be forced to change the default password on the first time login. Portal will not let you bypass this step and will keep returning you to this page until you change the default password. After the first time password change, you can change your password using the procedures described in this section. Also, if the user has multiple browsers or tabs or the SAME user is logged on by 2 or more computers and one of the user changes the password then everyone will be logged off and asked to re-enter the new password. The user session has an expiry of 1 hour so if the user is inactive on the portal for an hour then portal will expire the session and the user will have to re-login. If you forgot your password, you can also update or randomly generate the password.
This section discusses how to change the passwords.
sudo escadm rest set --username {USERNAME} --password {PASSWORD}
sudo escadm etsi set --rest_user {USERNAME:PASSWORD}
Changing the ConfD Netconf/CLI Administrator Password Using the Command Line Interface
After you install ESC, to change the Confd admin password, do the following:
Starting ESC Release 5.4, you cannot execute the confd commands, such as confd_cli. The confd_cli -u admin is replaced with the ssh admin@localhost -p 2024 command.
For information on Installing ESC, see Installing Cisco Elastic Services Controller Using the QCOW Image.
To access the confD cli for an admin account:
admin@esc$ ssh admin@localhost -p 2024
admin@localhost's password: *******
admin connected from 127.0.0.1 using ssh on esc
admin@esc>
Procedure
Step 1 |
Log in to the ESC VM.
|
Step 2 |
Switch to the admin user.
|
Step 3 |
Load the ConfD CLI:
|
Step 4 |
Set the new admin password:
|
Step 5 |
Save the changes.
|
Creating Readonly User Group for ConfD in ESC
ConfD in ESC is enhanced with the introduction of a new group named readonly. If you are a member of readonly group, you can only retrieve the information and you cannot modify the permissions.
# bootvm.py name-500-105-100 --user_confd_pass admin:admin --user_confd_pass readonly:readonly::readonly --user_pass admin:admin --image ESC-5_0_0_105 --net network
confd:
init_aaa_users:
- group: readonly
name: admin
passwd: $6$rounds=4096$Ps1JIjKihRTF$fo8XPBxwEHJWWfNiXDnO269rlhAxAhWBc
PBfGnZxy1gM3QMxcN8jJ6guWt9Bu.ZkWdPt3hr0OghO73Wr3iDHb0
[root@name-500-155 admin]# /opt/cisco/esc/confd/bin/ssh admin@localhost -p 2024
admin connected from 127.0.0.1 using console on name-500-155
admin@name-500-155> configure
Entering configuration mode private
[ok][2019-12-06 18:17:39]
[edit]
admin@name-500-155% set aaa authentication users user test uid 9000 gid 9000 password $0$test homedir /var/confd/homes/test ssh_keydir /var/confd/homes/test/.ssh
[ok][2019-12-06 18:19:15]
[edit]
admin@name-500-155% set nacm groups group readonly user-name test
[ok][2019-12-06 18:19:41]
[edit]
admin@name-500-155% commit
Commit complete.
[ok][2019-12-06 18:19:47]
[edit]
admin@name-500-155%
name@my-server-39:~$ ssh -p 2024 readonly@172.29.0.57
readonly@172.29.0.57's password:
readonly connected from 172.16.103.46 using ssh on name-500-156
readonly@name-500-156> configure
Entering configuration mode private
[ok][2019-12-13 16:15:33]
[edit]
readonly@name-500-156% show esc_datamodel
tenants {
tenant admin {
description "Built-in Admin Tenant";
managed_resource false;
vim_mapping true;
}
}
[ok][2019-12-13 16:15:38]
[edit]
$ esc_nc_cli --user readonly --password ****** edit-config dep.xml
Configure
/opt/cisco/esc/confd/bin/netconf-console --port=830 --host=127.0.0.1 --user=readonly --password=****** --edit-config=/tmp/d.xml
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<rpc-error>
<error-type>application</error-type>
<error-tag>access-denied</error-tag>
<error-severity>error</error-severity>
</rpc-error>
</rpc-reply>
If ESC is configured to use PAM/IDM. The groups in IDM servers are directly mapped to the groups in ConfD. Hence, the readonly user must be mapped in the IDM group 'readonly'.
$ ipa group-find --all readonly
---------------
1 group matched
---------------
dn: cn=readonly,cn=groups,cn=accounts,dc=linuxsysadmins,dc=local
Group name: readonly
GID: 5003
Member users: readonly
ipantsecurityidentifier: S-1-5-21-2222126199-2113948134-574478857-1003
ipauniqueid: 858b8cda-0d34-11ea-bca8-525400b29c19
objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject, posixgroup, ipantgroupattrs
----------------------------
Number of entries returned 1
----------------------------
Changing Linux Account Password
Procedure
Step 1 |
Log in to ESC VM.
|
Step 2 |
To update or generate a random password, use the following command:
|
Changing the ESC Portal Password
The user can update or reset the default admin password.
Procedure
Step 1 |
Log in to ESC VM. |
Step 2 |
Switch to the root user. |
Step 3 |
To update the default admin password or randomly generate a password, use one of the following method:
|