Resetting internal passwords

If you need to change the password for the admin, connect, ztp, or geored user because of imminent password expiry or because the account is permanently locked after unsuccessful logins attempts, use the fss-change-passwords.sh utility on the deployer VM to change the password and unlock the account.

Perform this procedure only during a maintenance window. You can change the password for any of the admin, connect, ztp, or geored user accounts or all of them.

Create a JSON password configuration file that contains the new passwords for internal users.

The following example shows the contents of a /root/sample-password-values.json file in the deployer VM; the file contains only the new passwords for the admin, connect, geored, and ztp users:

{
  "fss": {
    "passwords": {
      "keycloak": {
        "ztp": {
          "current": "",
          "new": "fssNewPass@123"
        },
        "admin": {
          "current": "",
          "new": "fssNewPass@123"
        },
        "connect": {
          "current": "",
          "new": "fssNewPass@123"
        },
        "geored": {
          "current": "",
          "new": "fssNewPass@123"
        }
      }
    }
  }
}

Reset the passwords.

[root@ fss-deployer ~]# fss-change-passwords.sh configure reset-pass.json
SUCCESS keycloak : ztp
SUCCESS keycloak : admin
SUCCESS keycloak : connect
SUCCESS keycloak : geored
Waiting for all the pods to come up...
     All pods are Running!