The Oracle VM Manager Administrator Tool provides you with the ability to perform various user management functions directly from the command line. By default, the Oracle VM Manager installation process only creates and configures a single Oracle VM Manager administrative user. While this is often sufficient for many customers, creating separate administrative user accounts may be useful for security and auditing purposes.

A new user can be created for the Oracle VM Manager application using the Oracle VM Manager Administrator Tool by running the following command:

# ./ovm_admin --createuser

The tool returns the following output:

Oracle VM Manager Release version Admin tool

Please enter the username : [ovmuser]

Please enter the password for [ovmuser] (minimum 8 chars. with one numeric/special char.) :
Please re-enter the password :  

Please enter the password for weblogic :     

At this point you must enter the password for the Oracle WebLogic Server. If you have not changed the Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM Manager admin user's password.

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to Oracle WebLogic Server ...

Connected ...
Creating user '[ovmuser]' ...
Created user '[ovmuser]' successfully ...
Exiting...

Removing an Oracle VM Manager administrative user can be achieved using the Oracle VM Manager Administrator Tool by running the following command:

# ./ovm_admin --deleteuser ovmuser

You are prompted for the Oracle WebLogic Server password. This is the password for the Oracle WebLogic Server as it was set up during installation. If you have not changed the Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM Manager admin user's password. Typical output is presented below:

Oracle VM Manager Release version Admin tool

Please enter the password for weblogic :

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to Oracle WebLogic Server ...

Connected ...
Deleting user 'ovmuser' ...
Deleted user 'ovmuser' successfully ...
Exiting...

Cannot delete the admin user account 'weblogic' ...

It is possible to change any Oracle VM Manager administrative user's password using the Oracle VM Manager Administrator Tool by running the following command:

# ./ovm_admin --modifyuser

The tool returns the following output:

Oracle VM Manager Release version Admin tool

Please enter the username : [ovmuser]

Please enter the current password : 

Please enter a new password for [ovmuser] (minimum 8 chars. with one numeric/special char.) : 
Please re-enter the password :

Please enter the password for weblogic : 

At this point you must enter the password for the Oracle WebLogic Server. If you have not changed the Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM Manager admin user's password.

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to Oracle WebLogic Server ...

Connected ...
Modifying user '[ovmuser]' ...
Modified user '[ovmuser]' successfully ...
Exiting...

You can use the Oracle VM Manager Administrator Tool to handle database schema changes within MySQL. The most typical use case for this is where the password for the Oracle VM Manager database has been changed directly within MySQL, without using any of the tools provided with Oracle VM. An alternative use case would be where the Oracle VM Manager database has been renamed within MySQL. The --modifyds option is used to update Oracle VM Manager for changes made directly to the MySQL database:

# ./ovm_admin --modifyds

The tool prompts you for the Oracle VM Manager database schema, password and the Oracle WebLogic Server password, and returns output similar to the following:

Oracle VM Manager Release version Admin tool

Please enter the Oracle VM Manager database schema (ovs or appfw): ovs

Please enter the schema password for ovs (minimum 8 chars. with one numeric/special char.) :
Please re-enter the password : 

Please enter the password for weblogic : 

Initializing WebLogic Scripting Tool (WLST) ...
......
Modified Data Source successfully ...
Disconnected from Oracle WebLogic Server: AdminServer
Exiting...

Note that there is a second database schema, usually named appfw, that is also used by Oracle VM Manager. If the password for this database has also been changed, then the same command must be run again, as follows:

Oracle VM Manager Release version Admin tool

Please enter the Oracle VM Manager database schema (ovs or appfw): appfw

Please enter the schema password for appfw (minimum 8 chars. with one numeric/special char.) :
Please re-enter the password : 

Please enter the password for weblogic : 

Initializing WebLogic Scripting Tool (WLST) ...
......
Modified Data Source successfully ...
Disconnected from Oracle WebLogic Server: AdminServer
Exiting...

When you have finished running this command, you must restart Oracle VM Manager:

# service ovmm restart
# service ovmcli restart

You can use the Oracle VM Manager Administrator Tool to obtain a list of users that have access to the Oracle VM Manager application by running the following command:

# ./ovm_admin --listusers

The tool prompts you for the Oracle WebLogic Server password and returns output similar to the following:

Oracle VM Manager Release version Admin tool

Please enter the password for weblogic : 

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to Oracle WebLogic Server ...

Connected ...
Listing Oracle VM users ...
User : OracleSystemUser
User : weblogic
User : admin
User : [ovmuser]
Listed users successfully ...
Exiting...

Some of the users stored within Oracle WebLogic Server and listed are critical to the healthy functioning of your Oracle VM Manager environment. These include:

The default admin user account is also typically listed. Any other user accounts listed, such as the [ovmuser] account, have been added to the system after installation.

In order to protect unauthorized access to Oracle VM Manager it is possible to configure an account locking facility that is triggered after a number of failed attempts to log in. This is achieved using the Oracle VM Manager Administrator Tool in the following way:

# ./ovm_admin --lockusers [3]

You are prompted to enter the Oracle WebLogic Server password in order to apply this setting. Typical output from the command follows:

Oracle VM Manager Release version Admin tool

Please enter the password for weblogic : 

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to Oracle WebLogic Server ...

Connected ...
Setting Invalid Login attempts to '[3]' ...
Exiting...
Restart of Oracle VM Manager is required for Data Store change to take effect ...

Restart Oracle VM Manager in order for the setting to take effect.

An account is locked for 30 minutes before it is automatically unlocked again.

When account locking is enabled (see Example 1.7, “Locking Oracle VM Manager user accounts”), it is possible for Oracle VM Manager user accounts to become locked for up to 30 minutes if a user fails to authenticate after the number of attempts that has been configured for this facility. When a user's account has become locked and the user enters the correct username and password combination, an error appears when the user attempts to authenticate:

Unexpected error during login (javax.security.auth.login.LoginException), 
please consult logs for details.

An investigation of the AdminServer.log reveals:

000000000183> >1358953290200< >BEA-090078< >User ovmuser in security realm myrealm 
has had 3 invalid login attempts, locking account for 30 minutes.<

It is possible to override the 30 minute lock on an account by using the Oracle VM Manager Administrator Tool in the following way:

# ./ovm_admin --unlockuser [ovmuser]

You are prompted for the Oracle WebLogic Server account password in order to complete the operation.

The Oracle VM Manager Administrator Tool allows you to control how and when log files are rotated. There are two options available:

In both cases, you are prompted for the Oracle WebLogic Server password in order to update the configuration.

To set the logs to rotate daily at an allocated time, run the Oracle VM Manager Administrator Tool in the following way:

# ./ovm_admin --rotatelogsdaily [00:30]

The time provided is specified in the format HH:MM.

Typical output from the command follows:

Oracle VM Manager Release version Admin tool

Please enter the password for weblogic : 

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to Oracle WebLogic Server ...

Connected ...
Configure log rotation setting to rotate daily at [00:30] ...
Modified log rotation setting successfully ...
Exiting...

To set the logs to rotate when they reach a specified size, run the Oracle VM Manager Administrator Tool in the following way:

# ./ovm_admin --rotatelogsbysize [1024]

The size provided is specified according to the number of kilobytes before rotation.

Typical output from the command follows:

Oracle VM Manager Release version Admin tool

Please enter the password for weblogic : 

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to Oracle WebLogic Server ...

Connected ...
Configure log rotation setting to rotate the logs based on size ([1024] KB) ...
Modified log rotation setting successfully ...
Exiting...