The Oracle VM Manager Administrator Tool, which can be invoked on the
command line using the ovm_admin command,
is used to perform typical administrative actions specific to
Oracle VM Manager. These actions allow you to manage users that have
access to Oracle VM Manager's data store, and control log rotation for
the AdminServer.log
file. To perform any
action using the Oracle VM Manager Administrator Tool, you must use the
password that is configured for the
weblogic
user.
The Oracle VM Manager Administrator Tool is installed as part of the default Oracle VM Manager installation process. The full path to the Oracle VM Manager Administrator Tool is:
/u01/app/oracle/ovm-manager-3/bin/ovm_admin
Syntax
ovm_admin
[
--help
] [
--createuser
] [
--deleteuser
] [
--listusers
] [
--modifyuser
] [
--modifyds
] [
--lockusers
] [
tries
--unlockuser
] [
admin
--listconfig
] [
--rotatelogsdaily
] [
HH:MM
--rotatelogsbysize
]KB
Options
The following table shows the available options for this command.
Option | Description |
---|---|
| Display the ovm_admin command parameters and options. |
| Create new Oracle VM Manager admin user. |
| Delete an Oracle VM Manager admin user. |
| List the Oracle VM Manager users. |
| Modify an Oracle VM Manager user password. |
| Modify an Oracle VM Manager database schema. Typically used if the password for the MySQL database has been changed directly within MySQL. |
| Set the maximum login tries before locking accounts. This setting is global. |
| Unlock a user account. |
| List configuration information about Oracle VM Manager. |
| Rotate the Oracle VM Manager application logs daily (HH:MM). |
| Rotate the Oracle VM Manager application logs by size (KB). |
Examples
Example 1.1 Managing users with the Oracle VM Manager Administrator Tool
The Oracle VM Manager Administrator Tool provides you with the ability to perform various user management functions directly from the command line. By default, the Oracle VM Manager installation process only creates and configures a single Oracle VM Manager administrative user. While this is often sufficient for many customers, creating separate administrative user accounts may be useful for security and auditing purposes.
Example 1.2 Creating a new Oracle VM Manager user
A new user can be created for the Oracle VM Manager application using the Oracle VM Manager Administrator Tool by running the following command:
# ./ovm_admin --createuser
The tool returns the following output:
Oracle VM Manager Release version
Admin tool
Please enter the username : [ovmuser]
Please enter the password for [ovmuser] (minimum 8 chars. with one numeric/special char.) :
Please re-enter the password :
Your password must conform to the password requirements suggested by the Oracle VM Manager Administrator Tool, or the creation of your user fails in the final step.
Please enter the password for weblogic :
At this point you must enter the password for the Oracle WebLogic Server. If you have not changed the Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM Manager admin user's password.
Initializing WebLogic Scripting Tool (WLST) ... Welcome to Oracle WebLogic Server Administration Scripting Shell Type help() for help on available commands Connecting to Oracle WebLogic Server ... Connected ... Creating user '[ovmuser]' ... Created user '[ovmuser]' successfully ... Exiting...
Example 1.3 Deleting an Oracle VM Manager user
Removing an Oracle VM Manager administrative user can be achieved using the Oracle VM Manager Administrator Tool by running the following command:
# ./ovm_admin --deleteuser ovmuser
You are prompted for the Oracle WebLogic Server password. This is the password for the Oracle WebLogic Server as it was set up during installation. If you have not changed the Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM Manager admin user's password. Typical output is presented below:
Oracle VM Manager Releaseversion
Admin tool Please enter the password for weblogic : Initializing WebLogic Scripting Tool (WLST) ... Welcome to Oracle WebLogic Server Administration Scripting Shell Type help() for help on available commands Connecting to Oracle WebLogic Server ... Connected ... Deleting user 'ovmuser
' ... Deleted user 'ovmuser
' successfully ... Exiting...
There are some users stored within Oracle WebLogic Server that are critical to the healthy functioning of your Oracle VM Manager environment. Do not attempt to delete either of these accounts:
OracleSystemUser
weblogic
It is also generally advisable to keep the default admin user account, so that there is always at least one administrative account that is able to access the Oracle VM Manager application. Attempting to delete the Oracle WebLogic Server user account using the Oracle VM Manager Administrator Tool fails with the message:
Cannot delete the admin user account 'weblogic' ...
Example 1.4 Changing an Oracle VM Manager user's password
It is possible to change any Oracle VM Manager administrative user's password using the Oracle VM Manager Administrator Tool by running the following command:
# ./ovm_admin --modifyuser
The tool returns the following output:
Oracle VM Manager Release version
Admin tool
Please enter the username : [ovmuser]
Please enter the current password :
You must be able to provide the user's current password in order to modify the user account.
If you need to reset an account due to a lost password, you should delete the user account and create a new account.
Please enter a new password for [ovmuser] (minimum 8 chars. with one numeric/special char.) :
Please re-enter the password :
Your password must conform to the password requirements suggested by the Oracle VM Manager Administrator Tool, or the creation of your user fails in the final step.
Please enter the password for weblogic :
At this point you must enter the password for the Oracle WebLogic Server. If you have not changed the Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM Manager admin user's password.
Initializing WebLogic Scripting Tool (WLST) ... Welcome to Oracle WebLogic Server Administration Scripting Shell Type help() for help on available commands Connecting to Oracle WebLogic Server ... Connected ... Modifying user '[ovmuser]' ... Modified user '[ovmuser]' successfully ... Exiting...
Example 1.5 Modifying the Oracle VM Manager database schema
You can use the Oracle VM Manager Administrator Tool to handle
database schema changes within MySQL. The most typical use
case for this is where the password for the Oracle VM Manager
database has been changed directly within MySQL, without
using any of the tools provided with Oracle VM. An
alternative use case would be where the Oracle VM Manager database
has been renamed within MySQL. The
--modifyds
option is used to update
Oracle VM Manager for changes made directly to the MySQL database:
# ./ovm_admin --modifyds
The tool prompts you for the Oracle VM Manager database schema, password and the Oracle WebLogic Server password, and returns output similar to the following:
Oracle VM Manager Release version
Admin tool
Please enter the Oracle VM Manager database schema (ovs or appfw): ovs
Please enter the schema password for ovs (minimum 8 chars. with one numeric/special char.) :
Please re-enter the password :
Please enter the password for weblogic :
Initializing WebLogic Scripting Tool (WLST) ...
......
Modified Data Source successfully ...
Disconnected from Oracle WebLogic Server: AdminServer
Exiting...
Note that there is a second database schema, usually named appfw, that is also used by Oracle VM Manager. If the password for this database has also been changed, then the same command must be run again, as follows:
Oracle VM Manager Release version
Admin tool
Please enter the Oracle VM Manager database schema (ovs or appfw): appfw
Please enter the schema password for appfw (minimum 8 chars. with one numeric/special char.) :
Please re-enter the password :
Please enter the password for weblogic :
Initializing WebLogic Scripting Tool (WLST) ...
......
Modified Data Source successfully ...
Disconnected from Oracle WebLogic Server: AdminServer
Exiting...
When you have finished running this command, you must restart Oracle VM Manager:
# service ovmm restart # service ovmcli restart
Example 1.6 Listing Oracle VM Manager users
You can use the Oracle VM Manager Administrator Tool to obtain a list of users that have access to the Oracle VM Manager application by running the following command:
# ./ovm_admin --listusers
The tool prompts you for the Oracle WebLogic Server password and returns output similar to the following:
Oracle VM Manager Release version
Admin tool
Please enter the password for weblogic :
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to Oracle WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to Oracle WebLogic Server ...
Connected ...
Listing Oracle VM users ...
User : OracleSystemUser
User : weblogic
User : admin
User : [ovmuser]
Listed users successfully ...
Exiting...
Some of the users stored within Oracle WebLogic Server and listed are critical to the healthy functioning of your Oracle VM Manager environment. These include:
OracleSystemUser: Used by Oracle Web Services Manager (OWSM). OWSM is part of the standard Oracle Fusion Middleware (FMW) Infrastructure, that includes ADF.
weblogic: The default Oracle WebLogic Server administrative user.
The default admin user account is also typically listed. Any other user accounts listed, such as the [ovmuser] account, have been added to the system after installation.
Example 1.7 Locking Oracle VM Manager user accounts
In order to protect unauthorized access to Oracle VM Manager it is possible to configure an account locking facility that is triggered after a number of failed attempts to log in. This is achieved using the Oracle VM Manager Administrator Tool in the following way:
# ./ovm_admin --lockusers [3]
Account locking is enabled by default according to the base Oracle WebLogic Server configuration. The default settings allow for 5 invalid login attempts before the account is locked. The lock period is set to 30 minutes. The only way to change the lock period is to edit the underlying Oracle WebLogic Server configuration directly. For more information on configuring the Oracle WebLogic Server lockout parameters, please refer to the Oracle WebLogic Server documentation on this at:
http://docs.oracle.com/cd/E13222_01/wls/docs81/ConsoleHelp/security_realm_userlockout.html
This is a global parameter that applies to all users. Setting this parameter on an instance of Oracle VM Manager that makes use of a single administrator account can result in this account being locked for 30 minutes before anybody is able to use it again. To recover from this is it is possible to unlock the account. See Example 1.8, “Unlocking Oracle VM Manager user accounts”.
You are prompted to enter the Oracle WebLogic Server password in order to apply this setting. Typical output from the command follows:
Oracle VM Manager Release version
Admin tool
Please enter the password for weblogic :
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to Oracle WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to Oracle WebLogic Server ...
Connected ...
Setting Invalid Login attempts to '[3]' ...
Exiting...
Restart of Oracle VM Manager is required for Data Store change to take effect ...
Restart Oracle VM Manager in order for the setting to take effect.
An account is locked for 30 minutes before it is automatically unlocked again.
Example 1.8 Unlocking Oracle VM Manager user accounts
When account locking is enabled (see Example 1.7, “Locking Oracle VM Manager user accounts”), it is possible for Oracle VM Manager user accounts to become locked for up to 30 minutes if a user fails to authenticate after the number of attempts that has been configured for this facility. When a user's account has become locked and the user enters the correct username and password combination, an error appears when the user attempts to authenticate:
Unexpected error during login (javax.security.auth.login.LoginException), please consult logs for details.
An investigation of the AdminServer.log
reveals:
000000000183> >1358953290200< >BEA-090078< >User ovmuser in security realm myrealm has had 3 invalid login attempts, locking account for 30 minutes.<
It is possible to override the 30 minute lock on an account by using the Oracle VM Manager Administrator Tool in the following way:
# ./ovm_admin --unlockuser [ovmuser]
You are prompted for the Oracle WebLogic Server account password in order to complete the operation.
Example 1.9 Rotating Oracle VM Manager logs
The Oracle VM Manager Administrator Tool allows you to control how and when log files are rotated. There are two options available:
--rotatelogsdaily: Set the logs to be rotated on a daily basis at an allocated time.
--rotatelogsbysize: Set the logs to be rotated when they reach a specified size.
In both cases, you are prompted for the Oracle WebLogic Server password in order to update the configuration.
Example 1.10 Rotating Oracle VM Manager logs daily
To set the logs to rotate daily at an allocated time, run the Oracle VM Manager Administrator Tool in the following way:
# ./ovm_admin --rotatelogsdaily [00:30]
The time provided is specified in the format
HH:MM
.
Typical output from the command follows:
Oracle VM Manager Release version
Admin tool
Please enter the password for weblogic :
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to Oracle WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to Oracle WebLogic Server ...
Connected ...
Configure log rotation setting to rotate daily at [00:30] ...
Modified log rotation setting successfully ...
Exiting...
Example 1.11 Rotating Oracle VM Manager logs by size
To set the logs to rotate when they reach a specified size, run the Oracle VM Manager Administrator Tool in the following way:
# ./ovm_admin --rotatelogsbysize [1024]
The size provided is specified according to the number of kilobytes before rotation.
Typical output from the command follows:
Oracle VM Manager Release version
Admin tool
Please enter the password for weblogic :
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to Oracle WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to Oracle WebLogic Server ...
Connected ...
Configure log rotation setting to rotate the logs based on size ([1024] KB) ...
Modified log rotation setting successfully ...
Exiting...