VMware Aria Operations for Logs (formerly known as vRealize Log Insight) is a powerful tool for log management and analysis, which is essential for monitoring, troubleshooting, and security auditing in virtualized environments. There are instances where you might need to reset the admin password, especially when it’s lost or forgotten. VMware provides a script called li-reset-admin-passwd.sh to handle this task.

This post covers the usage of the li-reset-admin-passwd.sh script, its switches, and how to effectively reset the admin password in VMware Aria Operations for Logs.

What is li-reset-admin-passwd.sh?

The li-reset-admin-passwd.sh script is a built-in utility that allows administrators to reset the password for the admin account in VMware Aria Operations for Logs. This script is typically run on the virtual appliance through the command line.

Running the li-reset-admin-passwd.sh Script

The script is located within the virtual appliance, so you’ll need SSH access to the Aria Operations for Logs instance to use it. Here is the general procedure for using the script:

  1. SSH into the VMware Aria Operations for Logs Appliance You need to access the appliance where the VMware Aria Operations for Logs is installed via SSH.bash
  2. Navigate to the Script Location Once logged in, the script can be found in /usr/lib/loginsight/application/sbin/.bash
  3. Run the Script with the Required Switches The basic command to reset the admin password is:
./li-reset-admin-passwd.sh

By default, the script will interactively prompt you to enter a new admin password. However, it also supports various switches for more specific usage.

    Switches and Options

    Here’s a breakdown of the available switches for li-reset-admin-passwd.sh:

    • --new-password <password>: Allows you to specify a new password non-interactively. This is useful for automating the password reset process or if you are running the script in a non-interactive environment.bash
    ./li-reset-admin-passwd.sh --new-password <new_password>
    • --force: Forces the reset of the password, even if there are warnings or potential conflicts. This is useful if, for some reason, the password reset process encounters issues but you need to proceed regardless.bash
    ./li-reset-admin-passwd.sh --new-password <new_password> --force
    • --help: Displays a help message with all available options. If you’re unsure of the usage or just want to double-check the syntax, this is a good starting point.
    ./li-reset-admin-passwd.sh --help
    • --user <username>: While the script is typically used to reset the admin account, you can specify a different user by using the --user switch. This is useful if you need to reset the password for another account.
    ./li-reset-admin-passwd.sh --user <username> --new-password <new_password>
    • --unlockAdmin: This option unlocks the admin account if it is locked due to failed login attempts. You can use this option in combination with resetting the password or on its own to simply unlock the account.
    ./li-reset-admin-passwd.sh --unlockAdmin

    Example Usage Scenarios

    • Basic Password Reset: If you simply want to reset the admin password interactively:
    ./li-reset-admin-passwd.sh --user <username> --new-password <new_password>
    • ./li-reset-admin-passwd.sh You will be prompted to enter a new password manually.
    • Non-Interactive Password Reset for AdminTo automate the password reset, you can pass the new password directly via the command line:
    ./li-reset-admin-passwd.sh --new-password "SecurePass123!"
    • Force Password Reset for Admin: If you encounter any issues during the reset process (e.g., warnings), use the --force option to proceed anyway:
    ./li-reset-admin-passwd.sh --new-password "SecurePass123!" --force
    • Reset Password for a Different User: If you need to reset the password for a non-admin user:
    ./li-reset-admin-passwd.sh --user "user1" --new-password "NewUserPass123!"
    • Unlock and Reset Admin Password To unlock the admin account and reset the password in one step:
    ./li-reset-admin-passwd.sh --new-password "SecurePass123!" --unlockAdmin

    Security Considerations

    When using the --new-password option, it’s critical to be cautious about how and where you run the command. If possible, avoid storing passwords in plain text in scripts or terminal history. Always follow best practices for secure password management, and consider running the command interactively when appropriate.

    Conclusion

    The li-reset-admin-passwd.sh script is an essential tool for administrators managing VMware Aria Operations for Logs. Whether you are performing a routine reset or dealing with a forgotten admin password, this script allows you to quickly regain access to the admin account.

    By understanding the available switches and options, you can tailor the command to your needs, making the password reset process smooth and efficient.