Working as a Consultant has extremely advantages - you meet different customers, you face challenges you wouldn't be able to find in your own environment or in you home lab. Yesterday I was asked by my colleague to take a closer look on two vRealize Orchestrator appliances - we were not able to login via ssh as root user any more. I will show you how to reset root password in vRealize Orchestrator in just a few steps.
Luckily for us VMware has a standardized way of appliance delivery. Most of them I used are SuSe Linux-based and they have a lot of in common in terms of configuration. For example you can configure networking in the same way - I was building lab on my laptop and I configured vRealize Operations Manager and vRealize Orchestrator using same script.
How to recover vRealize Orchestrator root password?
Unfortunately there is no VMware KB which we can use to reset vRealize Orchestrator root password but as I mentioned before - we can do it a bit differently. There are some blog post which guide you how to reset admin password, but in order to do it you need root access - what to do if you lost it?
- Take snapshot of vRO virtual machine.
- Reboot it and once GRUB is visible move arrows or press space bar to stop booting process. Select VMware vRealize Orchestrator Appliance and press e key to edit commands before booting.
- Once selected choose kernel and press e once more.
- Add init=/bin/bash to kernel parameters. After you added bash to kernel parameters hit Enter.
- Press b key and wait for vRealize Orchestrator Appliance to boot.
- In order to reset password type passwd root. Enter new password twice and you are done.
- To finish root password recovery reboot appliance and check if you can login with newly set password.
As you see resetting root password isn't that complicated. One could ask why is this process so easy? It is because GRUB changes are not protected. In next post I will show you how to secure your Appliance GRUB.
It is extremely important to have proper RBAC - Role Base Access Control so unauthorized people will not have access rights to your core infrastructure.