Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15072
Views
30
Helpful
13
Replies

No shell access after upgrade to CPI 3.5

Go to solution
Hilario Martin
Level 4
Level 4

‎12-17-2018 01:50 PM

Hi,

After upgrading from Prime 3.2 to 3.5 and  trying to open a shell I´ve got this message:

prime Shell will be disabled as it reached timeout. Please install root patch to enable shell

I could verify that the shell command is not visible anymore from the CLI.

Any idea about this?

 

Cisco Application Deployment Engine OS Release: 4.1
ADE-OS Build Version: 4.1.0.001
ADE-OS System Architecture: x86_64

Copyright (c) 2009-2018 by Cisco Systems, Inc.
All rights reserved.
Hostname: xxx


Version information of installed applications
---------------------------------------------

Cisco Prime Infrastructure
********************************************************
Version : 3.5.0 [FIPS not Enabled]
Build : 3.5.0.0.550

 

 

Thanks in advance,

HMG.

 

9 people had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
esterodr
Cisco Employee
Cisco Employee

‎01-30-2019 12:14 PM

Hello, 

 

For this kind of issue is better to open a TAC case so the Prime Infrastructure Engineer can recover the shell cli access using a patch file. This procedure requires TAC to copy a RootEnable patch into the Prime defaultRepo, and install it so you can recover back the shell password.

 

I did the below steps already and it worked. Please check below: 

 

Recover Shell CLI Access on Prime 3.5:

 

To copy the file from SFTP Server to Prime 3.5:


prime3.5/admin# copy sftp://a.b.c.d/RootEnable-appbundle-x86_64.tar.gz disk:/defaultRepo
Username: cisco
Password: cisco123!

 

(This syntax is to copy the file from SFTP Server to the defaultRepo of the Prime).

(You can put your own credentials on your SFTP server, this is just an example).
(a.b.c.d stands for the IP Address of the SFTP Server).

 

Check the file got copied successfully: 

 

apl90624/admin# show repo defaultRepo
RootEnable-appbundle-x86_64.tar.gz

 

Execute the install command, and below the expected output: 

 

apl90624/admin# application install RootEnable-appbundle-x86_64.tar.gz defaultRepo
Save the current ADE-OS running configuration? (yes/no) [yes] ? yes
Generating configuration...
Saved the ADE-OS running configuration to startup successfully

Please ensure you have a backup of the system before proceeding.
Proceed with the application install ? (yes/no) [yes] ? yes
Initiating Application installation...

Application successfully installed


Reconfigure the shell password back:


apl90624/admin# shell

Shell access password is not set
Configure password for shell access

Password :
Password Again :

Shell access password is set
Run the command again to enter shell


apl90624/admin# shell
Enter shell access password :
Starting bash shell ...
ade #

 

Root password successfully recovered.

 

Hope this helps to fix the issue.

View solution in original post

Go to solution
esterodr
Cisco Employee
Cisco Employee
In response to Hilario Martin

‎02-08-2019 06:04 AM

Hi Hilario,

The recommendation is to open the TAC case and get into webex with the Engineer for him/her to provide you with the patch and do the procedures to recover the shell password, that patch is an internal file not available to customers for download like any other files for Prime Infrastructure.
I'm glad my post has helped you!

View solution in original post

13 Replies 13

Go to solution
pieterh
VIP
VIP

‎12-18-2018 04:11 AM

root shell is reserved for use by Cisco TAC?

look at this thread

No root access after Prime Infrastructure upgrade to 3.1.0

 

when assisted by Cisco TAC you may be asked to install the root patch for use by the support engineer

after he finishes the root patch will be removed again.

 

0 Helpful

Go to solution
Hilario Martin
Level 4
Level 4
In response to pieterh

‎12-18-2018 05:12 AM

Hi,

 

Thanks pieterh,

 

I thinks only root shell is reserved to Cisco TAC but  admin shell.should be accessible.

 

Regards,

Hilario.

0 Helpful

Go to solution
Hilario Martin
Level 4
Level 4
In response to pieterh

‎12-18-2018 05:12 AM

Hi,

 

Thanks pieterh,

 

I thinks only root shell is reserved to Cisco TAC but  admin shell.should be accessible.

 

Regards,

Hilario.

0 Helpful

Go to solution
Waldemar Gretz
Level 1
Level 1

‎12-20-2018 09:01 AM

Hi,

i have the problem too, but on my CPI i have the following:

 

/admin# shell 
                    ^ 
% invalid command detected at '^' marker. 

 

Please HELP!!!

Go to solution
esterodr
Cisco Employee
Cisco Employee

‎01-30-2019 12:14 PM

Hello, 

 

For this kind of issue is better to open a TAC case so the Prime Infrastructure Engineer can recover the shell cli access using a patch file. This procedure requires TAC to copy a RootEnable patch into the Prime defaultRepo, and install it so you can recover back the shell password.

 

I did the below steps already and it worked. Please check below: 

 

Recover Shell CLI Access on Prime 3.5:

 

To copy the file from SFTP Server to Prime 3.5:


prime3.5/admin# copy sftp://a.b.c.d/RootEnable-appbundle-x86_64.tar.gz disk:/defaultRepo
Username: cisco
Password: cisco123!

 

(This syntax is to copy the file from SFTP Server to the defaultRepo of the Prime).

(You can put your own credentials on your SFTP server, this is just an example).
(a.b.c.d stands for the IP Address of the SFTP Server).

 

Check the file got copied successfully: 

 

apl90624/admin# show repo defaultRepo
RootEnable-appbundle-x86_64.tar.gz

 

Execute the install command, and below the expected output: 

 

apl90624/admin# application install RootEnable-appbundle-x86_64.tar.gz defaultRepo
Save the current ADE-OS running configuration? (yes/no) [yes] ? yes
Generating configuration...
Saved the ADE-OS running configuration to startup successfully

Please ensure you have a backup of the system before proceeding.
Proceed with the application install ? (yes/no) [yes] ? yes
Initiating Application installation...

Application successfully installed


Reconfigure the shell password back:


apl90624/admin# shell

Shell access password is not set
Configure password for shell access

Password :
Password Again :

Shell access password is set
Run the command again to enter shell


apl90624/admin# shell
Enter shell access password :
Starting bash shell ...
ade #

 

Root password successfully recovered.

 

Hope this helps to fix the issue.

Go to solution
esterodr
Cisco Employee
Cisco Employee
In response to esterodr

‎01-30-2019 12:21 PM

In addition to the above, once you upgrade PI from 3.X to PI 3.5, at the CLI prompt that asks you to "disable the shell", please say NO, because if you say YES, you will disable the shell, forcing to perform the above procedure described.

Regards,

Go to solution
Tobias Heisele
Level 1
Level 1
In response to esterodr

‎06-05-2020 02:25 AM

Hi,

I did the same mistake by answering YES at the installation wizard. When I install the patch, shell access is only avaiable for a specific time. Suddenly, the "shell" command disapeared at the cli. After reboot, I could reinstall the root patch. Is there any way to make it persistent?
0 Helpful

Go to solution
esterodr
Cisco Employee
Cisco Employee
In response to Tobias Heisele

‎06-05-2020 06:54 AM

Hi Tobias,



When you install the root patch to get shell access again, right after that you need to logout/login back to CLI to enable this password.

If you want to make the root persistent you need to open a TAC case since I don't know such procedure.



Regards,


0 Helpful

Go to solution
Hilario Martin
Level 4
Level 4
In response to esterodr

‎02-08-2019 05:57 AM

thanks for your info esterodr,

is there any way to get RootEnable-appbundle-x86_64.tar.gz without open a TAC?

 

regards :-)

 

0 Helpful

Go to solution
esterodr
Cisco Employee
Cisco Employee
In response to Hilario Martin

‎02-08-2019 06:04 AM

Hi Hilario,

The recommendation is to open the TAC case and get into webex with the Engineer for him/her to provide you with the patch and do the procedures to recover the shell password, that patch is an internal file not available to customers for download like any other files for Prime Infrastructure.
I'm glad my post has helped you!

Go to solution
yprasannas
Level 1
Level 1
In response to esterodr

‎05-01-2020 10:35 AM - edited ‎05-01-2020 10:38 AM

Can you check if this issue happens again? There seems to be a bug as we keep losing shell access. I have installed root patch several times. After few days I get the same time out message and have to install root patch again.

 

To compound the issue we ran into another potential bug where /var fills up and Prime stops working. I can't get to shell because of above mentioned issue. I had to do CentOS ISO recovery to access the  /var volume and delete large files to bring up Prime.

 

Hope this helps if someone runs into this issue.

 

0 Helpful

Go to solution
esterodr
Cisco Employee
Cisco Employee
In response to yprasannas

‎05-01-2020 10:47 AM

Hi yprasannas,



There are a couple of bugs for /var getting full: CSCvb45802 and CSCvb65492.



Below links:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo65492

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb45802



You can try to apply the WA, but if issue still happens, please open a case with TAC to have it fixed permanently.

The shell access should not be getting lost from time to time, if you have the root patch you can use it to recover the shell password without using CentOS image.



Hope this helps,


0 Helpful

Go to solution
yprasannas
Level 1
Level 1
In response to esterodr

‎05-01-2020 10:52 AM

Thanks for the info.

 

Regarding the shell access ...yes we keep losing it even after installing root patch. I have another TAC case open on this. I will update you all on how it goes.

0 Helpful
Customers Also Viewed These Support Documents