Solved: DNAC CLI admin user

OJ_Magellan · ‎08-16-2021

Hi

On DNAC's CLI

I was trying to generate the rca files on the DNAC nodes, yet couldn't, because the admin username was refering to my colleague's username, he generated AURA reports earlier today and I am guessing thats why the rca process is showing his username as the admin.

How's is it possible to change the username back to mine? I know by regenerating AURA reports I could use my username and change the admin user reference, yet its not feasible to generate AURA reports everytime to change the admin username.

Regards,

OJ

Tomas de Leon · ‎08-16-2021

Note: Which ever username that you define as the current admin user on the CLI will be used and needs the SUPER-ADMIN-ROLE assigned either by Local Authentication\Authorization or External Authentication\Authorization if External Auth is enabled.

$ ssh maglev@dnac.ip.address -p 2222
$ maglev login -u <username>

The Username configured will be used for running the RCA.

For Example

$ maglev login
[administration] password for 'tdeleon':
Aborted!

$ maglev login -u v1admin
[administration] password for 'v1admin':
User 'v1admin' logged into 'kong-frontend.maglev-system.svc.cluster.local' successfully

$ sudo rca
[sudo] password for maglev:

===============================================================
VERIFYING SSH/SUDO ACCESS
===============================================================
Done

===============================================================
VERIFYING ADMINISTRATION ACCESS

Please note that after 3 failed login attempts, diagnostic
collection will proceed, but not all diagnostics will be
collected.
===============================================================
[administration] password for 'v1admin':
User 'v1admin' logged into 'kong-frontend.maglev-system.svc.cluster.local' successfully

===============================================================
RCA package created on Mon Aug 16 13:55:12 UTC 2021
===============================================================

2021-08-16 13:55:12 | INFO | Generating log for 'date'...
tar: Removing leading `/' from member names
/etc/cron.d/
/etc/cron.d/refresh-certs
/etc/cron.d/.placeholder
/etc/cron.d/kube_swappiness
/etc/cron.d/run-maglev-config-update-check
/etc/cron.d/check_systemd_hang
/etc/cron.d/clean-elasticsearch-indexes
/etc/cron.d/logrotate
/etc/cron.d/clean-journal-files

View solution in original post

balaji.bandi · ‎08-16-2021

are you admin user ? or equivalent ?

admin user (also available as an environment variable DNAC_ADMIN_USER). This defaults to "admin", and only needs to be changed if using external auth and different superUser name. In many cases, this is not required, but is available as --admin-user

Look at the script how you can run :

https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/dna-center/215840-cisco-dna-center-aura-audit-and-upgrad.html#anc2

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Shantha Kumar Selvaraj · ‎08-16-2021

Hi,

under /home/maglev

you will find the hidden conf file ".maglevconf", you can list it with ls -lhart

create cp of this file ,its just like kubectl conf file.

Now delete it and try login with admin ,it will prompt for url, give url from the copied file

Tomas de Leon · ‎08-16-2021

Note: Which ever username that you define as the current admin user on the CLI will be used and needs the SUPER-ADMIN-ROLE assigned either by Local Authentication\Authorization or External Authentication\Authorization if External Auth is enabled.

$ ssh maglev@dnac.ip.address -p 2222
$ maglev login -u <username>

The Username configured will be used for running the RCA.

For Example

$ maglev login
[administration] password for 'tdeleon':
Aborted!

$ maglev login -u v1admin
[administration] password for 'v1admin':
User 'v1admin' logged into 'kong-frontend.maglev-system.svc.cluster.local' successfully

$ sudo rca
[sudo] password for maglev:

===============================================================
VERIFYING SSH/SUDO ACCESS
===============================================================
Done

===============================================================
VERIFYING ADMINISTRATION ACCESS

Please note that after 3 failed login attempts, diagnostic
collection will proceed, but not all diagnostics will be
collected.
===============================================================
[administration] password for 'v1admin':
User 'v1admin' logged into 'kong-frontend.maglev-system.svc.cluster.local' successfully

===============================================================
RCA package created on Mon Aug 16 13:55:12 UTC 2021
===============================================================

2021-08-16 13:55:12 | INFO | Generating log for 'date'...
tar: Removing leading `/' from member names
/etc/cron.d/
/etc/cron.d/refresh-certs
/etc/cron.d/.placeholder
/etc/cron.d/kube_swappiness
/etc/cron.d/run-maglev-config-update-check
/etc/cron.d/check_systemd_hang
/etc/cron.d/clean-elasticsearch-indexes
/etc/cron.d/logrotate
/etc/cron.d/clean-journal-files

OJ_Magellan · ‎08-17-2021

@Tomas de Leon

Thank you very much, that's exactly what I was looking for

Regards,

OJ

rasmus.elmholt · ‎09-20-2021

Hi OJ,

This is documented on the page on how to extract the RCA files: https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/dna-center/213926-how-to-generate-and-extract-root-cause-a.html

$ sudo maglev context delete maglev-1
Removed command line context 'maglev-1'