A default user with the system-wide SuperUser role is created during the installation of oVirt / RHEV. A command line tool called ovirt-aaa-jdbc-tool can be used to manage local user accounts on the internal domain post installation. Any changes made through ovirt-aaa-jdbc-tool will take effect immediately and there is no need to restart the ovirt-engine service. This walkthrough guide will help you to reset admin user password on a local domain in oVirt/RHEV virtualization environment.
Let’s first view admin user account information before attempting password reset;
[[email protected] ~]$ sudo ovirt-aaa-jdbc-tool user show admin
-- User admin(d2cd1649-16b8-4d9c-a4c5-2825cb31a5e7) --
Namespace: *
Name: admin
ID: d2cd1649-16b8-4d9c-a4c5-2825cb31a5e7
Display Name:
Email: [email protected]
First Name: admin
Last Name:
Department:
Title:
Description:
Account Disabled: false
Account Locked: false
Account Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2022-01-09 00:09:42Z
Account Valid To: 2222-01-09 00:09:42Z
Account Without Password: false
Last successful Login At: 2022-01-22 19:28:12Z
Last unsuccessful Login At: 1970-01-01 00:00:00Z
Password Valid To: 2221-11-22 00:09:45ZWe shall use the ovirt-aaa-jdbc-tool tool to reset the password of the internal administrative user ([email protected]). The new password to be assigned this user needs to meet the following policy requirements:
- Password must have a minimum of 6 characters.
- The new password used cannot be one of the three previous passwords used.
The command syntax for resetting admin user password is:
$ sudo ovirt-aaa-jdbc-tool user password-reset username --password-valid-to="yyyy-MM-dd HH:mm:ssX"A value for --password-valid-to must be set, otherwise the password expiry time defaults to the current time. The date format is as shared in command syntax yyyy-MM-dd HH:mm:ssX
In the following command we change the [email protected] user password and set password validity to 2035-12-31 12:00:00Z.
[[email protected] ~]$ sudo ovirt-aaa-jdbc-tool user password-reset admin --password-valid-to="2035-12-31 12:00:00Z"Input and confirm new password as prompted:
Password: In the used example, Z in date format stands for UTC time. You can view user new details after reset:
[[email protected] ~]$ sudo ovirt-aaa-jdbc-tool user show admin
-- User admin(d2cd1649-16b8-4d9c-a4c5-2825cb31a5e7) --
Namespace: *
Name: admin
ID: d2cd1649-16b8-4d9c-a4c5-2825cb31a5e7
Display Name:
Email: [email protected]
First Name: admin
Last Name:
Department:
Title:
Description:
Account Disabled: false
Account Locked: false
Account Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2022-01-09 00:09:42Z
Account Valid To: 2222-01-09 00:09:42Z
Account Without Password: false
Last successful Login At: 2022-01-22 19:28:12Z
Last unsuccessful Login At: 2022-01-21 10:58:26Z
Password Valid To: 2035-12-31 12:00:00ZUnlocking admin user account
If you have had attempted to login to oVirt / RHEV Administration Portal too many times with the wrong password, then the admin user account may be locked.
The following command is used to unlock admin user account:
[[email protected] ~]$ sudo ovirt-aaa-jdbc-tool user unlock adminWe have learned how to reset local domain admin user password in oVirt / RHEV environment.
