Follow Us on Twitter

EM Cloud Control: Using emcli to bulk modify host credentials

by Tony van Esch on February 6, 2014 · 0 comments

In our environment all machines are linked to an LDAP server for authentication (AD in this case). You need to logon to machines with your personal credentials and use sudo to logon to a system account.  This is a common practice and easily implemented in EM Cloud Control through ‘named credentials’. In my case I have several system accounts I need to be able to ‘sudo’ to, to perform actions like patching. So for every system account I created a named credential with the appropriate sudo properties.

selective_list_nc

When I change my AD password, my stored host credentials will not work and could even lock my global account. You can ofcourse change the password in Cloud Control itself.

change_pw_nc

For one or two credentials, this is ok. But when you need to maintain more credentials it becomes tedious.

Luckily EM Cloud Control comes with a powerful commandline utility called ’emcli’. With ’emcli’ you can script all your Cloud Control automation needs. It is built on jython and is easy to use. So I created a script to modify all my named credentials of credential type HostCred.

 

# modifyPWHostCreds.py
#
# Who: Tony van Esch
#What: script to change all your Named HostCred passwords
# Why: When using personal host account linked to AD, there is always a pw policy.
from emcli import *
import sys
if len(sys.argv) != 2:
  print "ERROR. Invalid Arguments (%i): %s " %(len(sys.argv),str(sys.argv))
  print "Usage: emcli @modifyPWHostCreds.py <your admin account> <new password for host credentials>"
  exit()
emuser=sys.argv[0]
new_password=sys.argv[1]
set_client_property('EMCLI_OMS_URL','https://em.wh.nl:7802/em')
set_client_property('EMCLI_TRUSTALL','true')
login(username='%s' %(emuser))
nc=list_named_credentials(cred_owner=emuser.upper())
print "Modifying passwords for all your personal named hostCred credentials"
for cred in nc.out()['data']:
    if cred['Cred Type Name'] == 'HostCreds':
       print "Credential Name: %s" %(cred['Credential Name'])
       modify_named_credential(cred_name=cred['Credential Name'],attributes="HostPassword:%s" %(new_password) )
print "Done"

Update (2014-02-07): Added a filter on the credential list. Now only your personal credentials (you created yourself) are updated. Ofcourse your EM account should match your global (AD) account. But that speaks for itself.

References

Oracle® Enterprise Manager Command Line Interface 12c Release 1 (12.1.0.3)

 

 

 

Ratings:
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy This Password *

* Type Or Paste Password Here *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

 

Previous post:

Next post:

About Whitehorses
Company profile
Services
Technology

Whitehorses website

Home page
Whitebooks
Jobs

Follow us
Blog post RSS
Comment RSS
Twitter