cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
341
Views
0
Helpful
2
Replies

Recent UCS firmware change to password change behavior

dbarstad
Beginner
Beginner

I have had scripts that initialize C-series servers from a factory config to full application deployment for some time, but a recent change in the firmware is not allowing scripted password changes via the 'usual tools'.

Powershell allows for login, but I cannot use the Set-ImcLocalUser command as previously done to change the user password.

  • Get-ImcLocalUser -AccountStatus "active" | Set-ImcLocalUser -Pwd $NewPass -Force

RedFish also allows for 'login' but errors when doing the XPATCH.

Anyone know of a workaround or if there is direction from Cisco on a 'new flow' to affect a touchless provisioning?

d

1 Accepted Solution

Accepted Solutions

dbarstad
Beginner
Beginner

Workaround established.

As noted in my own follow up above, the restrictions on other fields in the admin user and the inability to individually reference a ID in the set-imclocaluser command necessitates a different approach.  The below PowerShell Invoke-RestMethod will patch just the password parameter and allow an automated flow to commence:

 
$user = "admin"
$DefPass = ConvertTo-SecureString "password" -AsPlainText -Force
$ImcDefCred = New-Object System.Management.Automation.PSCredential($user,$DefPass)
Invoke-RestMethod -Uri https://$Host.IP/redfish/v1/AccountService/Accounts/1 -Body '{ "Password" : "NewPassword" }' -Credential $ImcDefCred -Method patch
 
If you are automating in a non-powershell environment, you can just use curl also:
 
curl -k -u admin:password https://$Host.IP/redfish/v1/AccountService/Accounts/1 -XPATCH -d '{"Password" : "NewPassword"}'
 
 

View solution in original post

2 Replies 2

dbarstad
Beginner
Beginner

Found some detail in the XML question from a few months back.

https://community.cisco.com/t5/unified-computing-system-ucs/cimc-xml-api-change-in-behavior-for-0-day-provisioning/td-p/4864264

Looks like they just constrained what elements can be 'updated' to the password until it is initially reset.  That is an issue in the current Powershell structure as there is no -Id option in the set-imclocaluser command.  The only way it can be defined what user is to use get-imclocaluser -Id 1| set-imclocaluser -Pwd "xxx" or get-imclocaluser -AccountStatus "active" | set-imclocaluser -Pwd "xxx".

Is there a pending powershell commandlet update to be able to target the user via -Id  so a set-imclocaluser -Id 1 -Pwd "xxx" would work?

d

dbarstad
Beginner
Beginner

Workaround established.

As noted in my own follow up above, the restrictions on other fields in the admin user and the inability to individually reference a ID in the set-imclocaluser command necessitates a different approach.  The below PowerShell Invoke-RestMethod will patch just the password parameter and allow an automated flow to commence:

 
$user = "admin"
$DefPass = ConvertTo-SecureString "password" -AsPlainText -Force
$ImcDefCred = New-Object System.Management.Automation.PSCredential($user,$DefPass)
Invoke-RestMethod -Uri https://$Host.IP/redfish/v1/AccountService/Accounts/1 -Body '{ "Password" : "NewPassword" }' -Credential $ImcDefCred -Method patch
 
If you are automating in a non-powershell environment, you can just use curl also:
 
curl -k -u admin:password https://$Host.IP/redfish/v1/AccountService/Accounts/1 -XPATCH -d '{"Password" : "NewPassword"}'
 
 
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:


This community is intended for developer topics around Data Center technology and products. If you are looking for a non-developer topic about Data Center, you might find additional information in the Data Center and Cloud community