icon-arrow icon-check icon-mail icon-phone icon-facebook icon-linkedin icon-youtube icon-twitter icon-cheveron icon-download icon-instagram play close close icon-arrow-uturn icon-calendar icon-clock icon-search icon-chevron-process icon-skills icon-knowledge icon-kite icon-education icon-languages icon-tools icon-experience icon-coffee-cup
Werken bij Integration & Application Talents
Blog 06/02/2014

EM Cloud Control: Using emcli to bulk modify host credentials

Link message

In our environment all machines are linked to an LDAP server for authentication (AD in this case). You need to logon to machines with your personal credentials and use sudo to logon to a system account.  This is a common practice and easily implemented in EM Cloud Control through ‘named credentials’. In my case I have several system accounts I need to be able to ‘sudo’ to, to perform actions like patching. So for every system account I created a named credential with the appropriate sudo properties.

selective_list_nc

When I change my AD password, my stored host credentials will not work and could even lock my global account. You can ofcourse change the password in Cloud Control itself.

change_pw_nc

For one or two credentials, this is ok. But when you need to maintain more credentials it becomes tedious.

Luckily EM Cloud Control comes with a powerful commandline utility called ’emcli’. With ’emcli’ you can script all your Cloud Control automation needs. It is built on jython and is easy to use. So I created a script to modify all my named credentials of credential type HostCred.

# modifyPWHostCreds.py
#
# Who: Tony van Esch
#What: script to change all your Named HostCred passwords
# Why: When using personal host account linked to AD, there is always a pw policy.

from emcli import *
import sys

if len(sys.argv) != 2:
  print "ERROR. Invalid Arguments (%i): %s " %(len(sys.argv),str(sys.argv))
  print "Usage: emcli @modifyPWHostCreds.py <your admin account> <new password for host credentials>"
  exit()

emuser=sys.argv[0]
new_password=sys.argv[1]

set_client_property('EMCLI_OMS_URL','https://em.wh.nl:7802/em')
set_client_property('EMCLI_TRUSTALL','true')
login(username='%s' %(emuser))
nc=list_named_credentials(cred_owner=emuser.upper())
print "Modifying passwords for all your personal named hostCred credentials"

for cred in nc.out()['data']:
    if cred['Cred Type Name'] == 'HostCreds':
       print "Credential Name: %s" %(cred['Credential Name'])
       modify_named_credential(cred_name=cred['Credential Name'],attributes="HostPassword:%s" %(new_password) )

print "Done"

Update (2014-02-07): Added a filter on the credential list. Now only your personal credentials (you created yourself) are updated. Ofcourse your EM account should match your global (AD) account. But that speaks for itself.

References

Oracle® Enterprise Manager Command Line Interface 12c Release 1 (12.1.0.3)

Overzicht blogs

Geen reacties

Geef jouw mening

Reactie plaatsen

Reactie toevoegen

Jouw e-mailadres wordt niet openbaar gemaakt.
Over tekstopmaak

Geen HTML

  • Geen HTML toegestaan.
  • Regels en alinea's worden automatisch gesplitst.
  • Web- en e-mailadressen worden automatisch naar links omgezet.

Wil je deel uitmaken van een groep gedreven en ambitieuze experts? Stuur ons jouw cv!

office@iatalents.nl 030 - 600 47 20
Bezoek adres
Orteliuslaan 855
3528 BE UTRECHT
Postadres
Postbus 3072
3502 GB UTRECHT
Contact
030 - 600 47 20
Volg ons
Abonneer je op onze nieuwe Whitebooks
Midlancen

Het midlance-model biedt het beste van twee werelden

Alles over midlancen
Cookie statement Privacy statement Cookies beheren