Oracle® Exalogic Elastic Cloud

ExaPasswd User's Guide

Release 1.0
E53666-04
April 2016

This document describes how to install and use ExaPasswd, a tool that automates
changing the passwords of the various hardware and software components of an
Exalogic rack.
This document contains the following sections:
■ Introduction to ExaPasswd
■ Supported Platforms
■ Installing ExaPasswd
■ Using ExaPasswd
■ Known Issues
■ Documentation Accessibility

1 Introduction to ExaPasswd
An Exalogic rack consists of a variety of hardware and software components, each of
which has unique credentials. Changing the passwords of each component would
require you to log in to each component individually and synchronize the passwords
with Exalogic Control. ExaPasswd automates this time-consuming process.

Note: Before running ExaPasswd for an Exalogic rack that was

upgraded to EECS 2.0.6.0.0 from EECS 2.0.4.x.x, you must first
synchronize the ECU configuration files with the current
configuration of the machine, by running the ECU converter. The ECU
converter is a tool that is included with ExaPatch. For more
information about the ECU converter, see the ExaPatch User's Guide.

Table 1 lists the default users of an Exalogic rack and ExaPasswd's support for those
components.

Table 1 Default Exalogic Credentials

Component User ExaPasswd Support
Physical components
Linux Compute nodes root Yes
Solaris Compute nodes root No

1
Table 1 (Cont.) Default Exalogic Credentials
Component User ExaPasswd Support
Oracle VM Server nodes root Yes
oracle (Oracle VM agent) Yes
Storage appliance root Yes
Compute node ILOMs root Yes (July PSU 2014 or later)
Storage appliance ILOM root Yes (July PSU 2014 or later)
InfiniBand switches root Yes (July PSU 2014 or later)
ilom-admin Yes (July PSU 2014 or later)
ilom-operator No
Management switch admin Yes
Power distribution units admin No

Exalogic Control1
Exalogic Control vServer root Yes
Oracle Database emoc (Database login) Yes
emoc_ro (Database login) Yes
dbsnmp (Database login) Yes
ovs (Database login) No
sys (Database login) Yes
sysman (Database login) Yes
system (Database login) Yes
Proxy Controller vServers root Yes
Oracle VM Manager admin (Oracle VM Manager login) Yes
weblogic (WebLogic Server login) Yes
1
In EECS release 2.0.6.x.x and later, the Exalogic Control stack consists of two Proxy Controller vServers
and an Exalogic Control vServer, which hosts the Enterprise Controller, Oracle VM Manager, and Oracle
Virtual Assembly Builder components. The Exalogic Control vServer also hosts the Oracle Database
instance that is shared by EM Ops Center and Oracle VM Manager.

2 Supported Platforms
For a list of the EECS releases that are supported for ExaPasswd, see the My Oracle
Support document ID 1912063.1.

3 Installing ExaPasswd
For instructions on installing ExaPasswd, see the Exalogic LifeCycle Toolkit My Oracle
Support document ID 1912063.1.
After following the instructions in the My Oracle Support document, you can run
ExaPasswd from /exalogic-lctools/bin/.

2
4 Using ExaPasswd
The following is the general syntax of the ExaPasswd command:
# ./exapasswd options

The options available to ExaPasswd vary depending on whether the Exalogic

environment is physical or virtual.
This section contains the following topics:
■ Section 4.1, "ExaPasswd Options in Physical Environments"
■ Section 4.2, "ExaPasswd Options in Virtual Environments"
■ Section 4.3, "Running ExaPasswd"
■ Section 4.4, "ExaPasswd Log Files"

4.1 ExaPasswd Options in Physical Environments

On physical environments, ExaPasswd supports only component target options.
These options are suffixed with -targets and you must specify the address of each
component for which you want to change the password.
Example: --compute-nodes-targets, --infiniband-switches-targets
ExaBR automatically obtains the passwords if password-less SSH has been configured
between the specified components and the node running ExaPasswd. You can use the
ExaBR init-ssh command to enable key-based authentication as described in Section
2.3.1, "Enabling Key-Based Authentication for ExaBR" in the ExaBR User's Guide. If
password-less SSH is not enabled, ExaPasswd prompts for passwords.
Table 2 describes all the options applicable to ExaPasswd on physical environments.

Table 2 ExaPasswd Options in Physical Environments

Component Option Description
Compute nodes --compute-nodes-targets Changes the root password(s)
target1,[target2,...] of the specified compute
node(s).
Note: ExaPasswd cannot
change the passwords of
Solaris compute nodes.
Compute node --compute-node-iloms-targets Changes the password(s) of the
ILOMs target1,[target2,...] specified compute node
ILOM(s).
Storage nodes --storage-nodes-targets Changes the password(s) of the
target1,[target2,...] specified storage node(s).
Note: For the storage nodes,
ExaPasswd changes the
password of the active head. As
the storage nodes are
configured in an active-passive
cluster by default, the password
of the active head is
synchronized with the passive
head.
Storage node --storage-node-iloms-targets Changes the password(s) of the
ILOMs target1,[target2,...] specified storage node ILOM(s).

3
Table 2 (Cont.) ExaPasswd Options in Physical Environments
Component Option Description
InfiniBand --infiniband-switches-targets Changes the password(s) of the
switches target1,[target2,...] specified InfiniBand switch(es).
Management --cisco-switch-targets management_ Changes the password of the
switch switch_address specified management switch.
ExaPasswd tool supports both
SSH and telnet access. By
default, ExaPasswd uses SSH
access and logs in to the
management switch using the
root user. If the user name of
your management switch is not
root, use the --cisco-user
option.
--cisco-user username If the user name of the
management switch is not root,
use this option to specify the
user name ExaPasswd should
use. his option must be used
with the
--cisco-switch-targets
option. ExaPasswd will log in
with this user and modify the
password of the user.

4.2 ExaPasswd Options in Virtual Environments

In virtual environments, ExaPasswd has two types of options:
■ When the Exalogic Configuration Utility (ECU) files are present, use component
options. Component options run on all components of the specified type and
ExaPasswd uses the ECU files to obtain the addresses of the components.
Example: --compute-nodes, --infiniband-switches
■ When the ECU files are not present, use component target options. These options
are suffixed with -targets and you must specify the address of each component
for which you want to change the password.

Note: On virtual environments, when using the component target

options, you must use the --emoc option to specify the IP address or
host name of Exalogic Control. ExaPasswd uses this address to
connect to Exalogic Control and synchronize the new password.
On virtual environments, Oracle recommends that you use the
component target options only when the ECU files are not present.

Example: --compute-nodes-targets, --infiniband-switches-targets

ExaPasswd automatically obtains the passwords in the following scenarios:
■ The rack is using the factory default passwords that were configured by the ECU.
■ Password-less SSH has been configured between the specified components and
the compute node running ExaPasswd. You can use the ExaBR init-ssh
command to enable key-based authentication as described in Section 2.3.1,
"Enabling Key-Based Authentication for ExaBR" in the ExaBR User's Guide.

4
In all other scenarios, ExaPasswd prompts for the passwords for each component.
Table 3 describes the options of ExaPasswd on virtual environments.

Table 3 ExaPasswd Options in a Virtual Environment

Component Option Description
For all --emoc exalogic_control_address When using any of the component
components target options in a virtual
environment, you must specify this
option. Use this option to specify the
IP address or host name of Exalogic
Control.
Note: In virtual environments, only
use the --emoc option when the ECU
configuration files are not present.
Compute nodes --compute-nodes Changes the root passwords of all
the compute nodes.
--compute-nodes-targets Changes the root password(s) of the
target1,[target2,...] specified compute node(s). Oracle
recommends that you use this option
only when the ECU files are not
present.
Compute node --compute-node-iloms Changes the passwords of all the
ILOMs compute node ILOMs.
--compute-node-iloms-targets Changes the password(s) of the
target1,[target2,...] specified compute node ILOM(s).
Oracle recommends that you use this
option only when the ECU files are
not present.
Storage nodes --storage-nodes Changes the passwords of all the
storage nodes.
--storage-nodes-targets Changes the password(s) of the
target1,[target2,...] specified storage node(s). Oracle
recommends that you use this option
only when the ECU files are not
present.
Note: For the storage nodes,
ExaPasswd changes the password of
the active head. As the storage nodes
are configured in an active-passive
cluster by default, the password of
the active head is synchronized with
the passive head.
Storage node --storage-node-iloms Changes the passwords of all the
ILOMs storage node ILOMs.
--storage-node-iloms-targets Changes the password(s) of the
target1,[target2,...] specified storage node ILOM(s).
Oracle recommends that you use this
option only when the ECU files are
not present.

5
Table 3 (Cont.) ExaPasswd Options in a Virtual Environment
Component Option Description
InfiniBand --infiniband-switches Changes the passwords of all the
switches InfiniBand switches.
--infiniband-switches-targets Changes the password(s) of the
target1,[target2,...] specified InfiniBand switch(es).
Oracle recommends that you use this
option only when the ECU files are
not present.
Management --cisco-switch Changes the password of the
switch management switch.
ExaPasswd tool supports both SSH
and telnet access. By default,
ExaPasswd uses SSH access and logs
in to the management switch using
the root user. If the user name of
your management switch is not root,
use the --cisco-user option.
--cisco-switch-targets Changes the password of the
management_switch_address specified management switch. Oracle
recommends that you use this option
only when the ECU files are not
present.
ExaPasswd tool supports both SSH
and telnet access. By default,
ExaPasswd uses SSH access and logs
in to the management switch using
the root user. If the user name of
your management switch is not root,
use the --cisco-user option.
--cisco-user username This option must be used with the
--cisco-switch or
--cisco-switch-targets option.
This option allows you to specify the
user name of the management
switch. By default, these options use
the root user.
All hardware --all-physical Changes the passwords for all
components hardware components of a rack.
Oracle VM --ovs-agents Changes the passwords of the Oracle
agents VM agents.
--ovs-agents-targets exalogic_ Changes the passwords of the
control_address specified Oracle VM agents. The IP
address or host name of the Oracle
VM Manager vServer should be
specified. Oracle recommends that
you use this option only when the
ECU files are not present.
Oracle VM --ovm-admin Changes the password of the Oracle
Manager admin VM Manager admin user.
user
--ovm-admin-targets target1 Changes the password of the
specified Oracle VM Manager admin
user. Oracle recommends that you
use this option only when the ECU
files are not present.

6
Table 3 (Cont.) ExaPasswd Options in a Virtual Environment
Component Option Description
Oracle VM --ovm-database Changes the passwords of the sys,
Manager system, sysman, and dbsnmp database
database users.
--ovm-database-targets Changes the passwords of the sys,
exalogic_control_address system, sysman, and dbsnmp database
users. Oracle recommends that you
use this option only when the ECU
files are not present.
Exalogic Control --emoc-database Changes the passwords of the emoc
database and emoc_ro database users.
--emoc-database-targets Changes the passwords of the emoc
exalogic_control_address and emoc_ro database users. Oracle
recommends that you use this option
only when the ECU files are not
present.
Exalogic Control --control-vms Changes the passwords for all the
vServers Exalogic Control vServers.
--control-vms-targets Changes the password(s) for the
target1,[target2,...] specified Exalogic Control vServer(s).
Oracle recommends that you use this
option only when the ECU files are
not present.
All virtual --all-virt Changes the passwords for all the
components software components of a rack.
All physical and --all Changes the passwords for both the
virtual physical and software components of
components the rack

4.3 Running ExaPasswd

Run ExaPasswd as follows:

Note: When you update passwords using ExaPasswd, the tool does
not update the ECU files with these new passwords. However
ExaPasswd can still use the ECU files to obtain the addresses of the
various components.

1. Log in to the compute node on which you installed the Exalogic Lifecycle Toolkit
as described in Section 3, "Installing ExaPasswd."

Note: On virtual environments, you must run ExaPasswd from the

compute node that has the ECU configuration files.

2. Navigate to the directory that contains ExaPasswd:

cd /exalogic-lctools/bin/

3. Run ExaPasswd in one of the following ways:

7
 ■ To run ExaPasswd on a specific target on a physical environment, run
ExaPasswd as follows:
./exapasswd --target_name target1,[target2,...]

For a list of various targets, see Section 4.1, "ExaPasswd Options in Physical
Environments."
Example:
./exapasswd --infiniband-switches-targets ib01.example.com,ib02.example.com
--cisco-switch-targets mgmt.example.com --cisco-user admin

■ To run ExaPasswd on a type of component for virtual environments on which

the ECU files are present, run ExaPasswd as follows:
./exapasswd --component-type

For a list of various component types, see Section 4.2, "ExaPasswd Options in
Virtual Environments."
Examples:
./exapasswd --all
./exapasswd --control-vms --emoc-database

■ To run ExaPasswd on a specific target for virtual environments on which the

ECU files are not present, run ExaPasswd as follows:
./exapasswd --emoc address_of_exalogic_control --target_name
target1,[target2,...]

For a list of various targets, see Section 4.2, "ExaPasswd Options in Virtual
Environments."
Example:
./exapasswd --emoc elcont.example.com --infiniband-switches-targets
ib01.example.com

ExaPasswd displays the number of components for which the passwords will be
changed.
4. Verify if the number of components is correct and press y to continue.
ExaPasswd displays a list of the targets.
5. When prompted, enter the new passwords.

4.4 ExaPasswd Log Files

ExaPasswd stores log files on the compute node on which ExaPasswd is run in the
/var/log/ directory in the format exapasswd-YYMMDD-HHMMSS.log.

5 Known Issues
For known issues, see the Exalogic LifeCycle Toolkit My Oracle Support document ID
1912063.1

8
6 Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle
Accessibility Program website at
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support
through My Oracle Support. For information, visit
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing
impaired.

Oracle® Exalogic Elastic Cloud ExaPasswd User's Guide, Release 1.0

E53666-04
Copyright © 2010, 2016, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected
by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate,
broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering,
disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them
to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then
the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware,
and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition
Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs,
including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license
terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use
in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in
dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe
use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks
or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered
trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle
Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products,
and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be
responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth
in an applicable agreement between you and Oracle.

9
10