JavaScript must be enabled to correctly display this content

Chapter 3 Administering Oracle VM Manager

Administering Oracle VM Manager involves creating, deleting, and working with user accounts, modifying database schema, rotating log files, and capturing diagnostic information for troubleshooting.

3.1 Oracle VM Manager Administrator Tool (ovm_admin)

The Oracle VM Manager Administrator Tool, which can be invoked on the command line using the ovm_admin command, is used to perform administrative actions specific to Oracle VM Manager. These actions allow you to manage users that have access to the Oracle VM Manager data store, and control log rotation for the AdminServer.log file. To perform any action using the Oracle VM Manager Administrator Tool, you must use the password that is configured for the weblogic user.

The Oracle VM Manager Administrator Tool provides you with the ability to perform various user management functions directly from the command line. By default, the Oracle VM Manager installation process only creates and configures a single Oracle VM Manager administrative user. While this is often sufficient for many customers, creating separate administrative user accounts may be useful for security and auditing purposes.

The Oracle VM Manager Administrator Tool is installed as part of the default Oracle VM Manager installation process. The full path to the Oracle VM Manager Administrator Tool is:

/u01/app/oracle/ovm-manager-3/bin/ovm_admin

Syntax

ovm_admin [ --help ] [ --createuser ] [ --deleteuser admin ] [ --listusers ] [ --modifyuser ] [ --modifyds ] [ --listds ] [ --lockusers tries ] [ --unlockuser admin ] [ --listconfig ] [ --rotatelogsdaily HH:MM ] [ --rotatelogsbysize KB ] [ --updatemysqlroot ]

Options

The following table shows the available options for this command.

Option	Description
`--help`	Display the ovm_admin command parameters and options.
`--listconfig`	Displays Oracle VM Manager configuration details.
`--listusers`	List the Oracle VM Manager users. For an example of how to list users, see Section 3.1.1, “Listing Users”.
`--createuser`	Create new Oracle VM Manager admin user. For an example of how to create a user, see Section 3.1.2, “Creating Users”.
`--deleteuser`	Delete an Oracle VM Manager admin user. For an example of how to delete a user, see Section 3.1.3, “Deleting Users”.
`--modifyuser`	Modify an Oracle VM Manager user password. For an example of how to change a user's password, see Section 3.1.4, “Changing User Passwords”.
`--lockusers tries`	Set the maximum login tries before locking accounts. This setting is global. For an example of how to change account locking, see Section 3.1.5, “Configure Account Locking”.
`--unlockuser admin`	Unlock a user account. For an example of how to unlock a user account, see Section 3.1.6, “Unlocking User Accounts”.
`--listds`	List Oracle VM Manager data sources. For an example of how to list data sources, see Section 3.1.7, “Listing Data Sources”.
`--modifyds`	Modify an Oracle VM Manager database schema. Typically used if the password for the MySQL database has been changed directly within MySQL. For an example of how to modify database schema, see Section 3.1.8, “Modifying the Oracle VM Manager Database Schema”.
`--rotatelogsdaily HH:MM`	Rotate the Oracle VM Manager application logs daily (HH:MM). For examples of rotating log files, see Section 3.1.9, “Rotating Log Files”.
`--rotatelogsbysize KB`	Rotate the Oracle VM Manager application logs by size (KB). For examples of rotating log files, see Section 3.1.9, “Rotating Log Files”.
`--updatemysqlroot`	Change the password for the MySQL root user. The Oracle VM Manager Administrator Tool connects to the MySQL database as the root user. This option changes the password that the Oracle VM Manager Administrator Tool uses for the root user but does not change the password in the database itself. For this reason, you must first change the password with the Oracle VM Manager Administrator Tool and then manually change the password in the database. You should review the best practices and considerations for this option before you change the password, see Section 3.1.10, “Changing the Password for the MySQL Root User”.

3.1.1 Listing Users

Obtain a list of users that have access to Oracle VM Manager with the following command:

# ./ovm_admin --listusers

The tool prompts you for the Oracle WebLogic Server password and returns output similar to the following:

Oracle VM Manager Release version Admin tool

/u01/app/oracle/ovm-manager-3/ovm_wlst

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

date_time [main] INFO  ovm.wlst.commands - Connecting using URL t3://localhost:7001
Please enter the password for weblogic: 

Location changed to serverRuntime tree. This is a read-only tree with DomainMBean as the root. 
For more help, use help('domainConfig')

weblogic, admin, ovmuser

Some users stored within Oracle WebLogic Server are critical to your Oracle VM Manager environment, such as the following:

OracleSystemUser: Used by Oracle Web Services Manager (OWSM). OWSM is part of the standard Oracle Fusion Middleware (FMW) Infrastructure, that includes ADF.
weblogic: The default Oracle WebLogic Server administrative user.

The default admin user account is also typically listed. Any other user accounts listed, such as the ovmuser account, have been added to the system after installation.

For more information about default user accounts, see Section 4.1, “Default Oracle VM Manager Users”.

3.1.2 Creating Users

Create new Oracle VM Manager users with the following command:

# ./ovm_admin --createuser

The tool returns the following output:

Oracle VM Manager Release version Admin tool

/u01/app/oracle/ovm-manager-3/ovm_wlst

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

date_time [main] INFO  ovm.wlst.commands - Connecting using URL t3://localhost:7001

Please enter the password for weblogic:

At this point you must enter the password for the Oracle WebLogic Server. If you have not changed the Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM Manager admin user's password.

Please enter the username: ovmuser
Please enter a new password for ovmuser, this password
must be at least 8 characters long and must contain at least one non-alphabetic character: 
Please re-enter the password: 

Location changed to serverRuntime tree. This is a read-only tree with DomainMBean as the root. 
For more help, use help('domainConfig')

date_time [main] INFO  ovm.wlst.domainbuilder.Domain - Created a user named ovmuser

Note

The must conform to the password requirements suggested by the Oracle VM Manager Administrator Tool or the creation of the user fails in the final step.

3.1.3 Deleting Users

Delete Oracle VM Manager administrative users with the following command:

# ./ovm_admin --deleteuser ovmuser

You are prompted for the Oracle WebLogic Server password. This is the password for the Oracle WebLogic Server as it was set up during installation. If you have not changed the Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM Manager admin user's password. Typical output is presented below:

Oracle VM Manager Release version Admin tool

/u01/app/oracle/ovm-manager-3/ovm_wlst

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

date_time [main] INFO  ovm.wlst.commands - Connecting using URL t3://localhost:7001
Please enter the password for weblogic: 

Location changed to serverRuntime tree. This is a read-only tree with DomainMBean as the root. 
For more help, use help('domainConfig')


date_time [main] INFO  ovm.wlst.domainbuilder.Domain - Deleted the user named ovmuser

Important

Some users stored within Oracle WebLogic Server are critical to your Oracle VM Manager environment. Do not attempt to delete either of the following users:

OracleSystemUser
weblogic

You should also keep the default admin user account so that there is always at least one administrative account that can access Oracle VM Manager.

3.1.4 Changing User Passwords

Change any Oracle VM Manager administrative user's password with the following command:

# ./ovm_admin --modifyuser

The tool returns the following output:

Oracle VM Manager Release version Admin tool

/u01/app/oracle/ovm-manager-3/ovm_wlst

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands
date_time [main] INFO  ovm.wlst.commands - Connecting using URL t3://localhost:7001

Please enter the password for weblogic:

Please enter the username: ovmuser
Please enter the password for ovmuser:

Note

You must provide the user's current password to modify the user account.

If you need to reset an account due to a lost password, you should first delete the user account and then create a new account.

Please enter a new password for ovmuser, this password 
must be at least 8 characters long and must contain at least one non-alphabetic character: 
Please re-enter the password:

Note

The password must conform to the password requirements suggested by the Oracle VM Manager Administrator Tool or the creation of the user fails in the final step.

Location changed to serverRuntime tree. This is a read-only tree with DomainMBean as the root. 
For more help, use help('domainConfig')

date_time [main] INFO  ovm.wlst.domainbuilder.Domain - Changed ovmuser's password

3.1.5 Configure Account Locking

To protect unauthorized access to Oracle VM Manager you can configure an account locking facility that is triggered after a number of failed attempts to log in.

Configure the account locking facility with the following command:

# ./ovm_admin --lockusers [3]

Note

Account locking is enabled by default according to the base Oracle WebLogic Server configuration. After you exceed the maximum number of invalid login attempts, the account is locked for 30 minutes before it is automatically unlocked again.

To change the lock period, you must edit the Oracle WebLogic Server configuration. For more information on configuring the Oracle WebLogic Server lockout parameters, refer to the appropriate Oracle WebLogic Server documentation.

Important

This is a global parameter that applies to all users. Setting this parameter on an instance of Oracle VM Manager that makes use of a single administrator account can result in this account being locked for 30 minutes before anybody can use it again. To recover from this is it is possible to unlock the account. See Section 3.1.6, “Unlocking User Accounts”.

You are prompted to enter the Oracle WebLogic Server password in order to apply this setting. Typical output from the command follows:

Oracle VM Manager Release version Admin tool

/u01/app/oracle/ovm-manager-3/ovm_wlst

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

date_time [main] INFO  ovm.wlst.commands - Connecting using URL t3://localhost:7001
Please enter the password for weblogic: 

Location changed to edit tree. This is a writable tree with 
DomainMBean as the root. To make changes you will need to start 
an edit session via startEdit(). 

For more help, use help('edit')


Starting an edit session ...
Started edit session, please be sure to save and activate your 
changes once you are done.
date_time [main] INFO  ovm.wlst.domainbuilder.Domain - Set lockout threshold to 3 tries
Saving all your changes ...
Saved all your changes successfully.
Activating all your changes, this may take a while ... 
The edit lock associated with this edit session is released 
once the activation is completed.

The following non-dynamic attribute(s) have been changed on MBeans 
that require server re-start:
MBean Changed : Security:Name=myrealmUserLockoutManager
Attributes changed : LockoutThreshold

Activation completed

You must restart Oracle VM Manager for the changes to the account locking facility to take effect, as follows:

# service ovmm restart

3.1.6 Unlocking User Accounts

When account locking is enabled (see Section 3.1.5, “Configure Account Locking”), it is possible for Oracle VM Manager user accounts to become locked for up to 30 minutes if a user fails to authenticate after the number of attempts that has been configured for this facility. When a user's account has become locked and the user enters the correct username and password combination, an error appears when the user attempts to authenticate:

Unexpected error during login (javax.security.auth.login.LoginException), 
please consult logs for details.

An investigation of the AdminServer.log reveals:

>BEA-090078< >User ovmuser in security realm myrealm 
has had 3 invalid login attempts, locking account for 30 minutes.<

You can override the 30 minute lock on an account with the following command:

# ./ovm_admin --unlockuser ovmuser

You are prompted for the Oracle WebLogic Server account password in order to complete the operation.

3.1.7 Listing Data Sources

Use this command option to check data sources before using the --modifyds option or to validate the result of a --modifyds operation.

Obtain a list of data sources that Oracle VM Manager uses with the following command:

# ./ovm_admin --listds

Oracle VM Manager Release version Admin tool

//u01/app/oracle/ovm-manager-3/ovm_wlst

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

date_time [main] INFO  ovm.wlst.commands - Connecting using URL t3://localhost:7001
Please enter the password for weblogic:

The tool prompts you to enter the MySQL user that should be used to query the database and then provides output similar to the following:

Please enter the name of a MySQL user: [appfw, ovs] ovs

Listing Oracle VM Manager Data Source 'ovm-jpa-ds'...
DriverName                              com.mysql.jdbc.Driver
Url                                     jdbc:mysql://localhost:49500/ovs
DatabaseName                            ovs
Listing Oracle VM Manager Data Source 'ovm-jpa-ds' successfully

Listing Oracle VM Manager Data Source 'ovm-odof-ds'...
DriverName                              com.mysql.jdbc.Driver
Url                                     jdbc:mysql://localhost:49500/ovs
DatabaseName                            ovs
Listing Oracle VM Manager Data Source 'ovm-odof-ds' successfully

3.1.8 Modifying the Oracle VM Manager Database Schema

You can use the Oracle VM Manager Administrator Tool to handle database schema changes within MySQL. The most typical use case for this is where the password for the Oracle VM Manager database has been changed directly within MySQL, without using any of the tools provided with Oracle VM. An alternative use case would be where the Oracle VM Manager database has been renamed within MySQL.

The --modifyds option is used to update Oracle VM Manager for changes made directly to the MySQL database:

# ./ovm_admin --modifyds

The tool prompts you for the Oracle VM Manager database schema password and the Oracle WebLogic Server password, and returns output similar to the following:

Oracle VM Manager Release version Admin tool

/u01/app/oracle/ovm-manager-3/ovm_wlst

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

date_time [main] INFO  ovm.wlst.commands - Connecting using URL t3://localhost:7001

Please enter the password for weblogic:

Please enter the name of a MySQL user: [appfw, ovs] ovs
Please enter the password for MySQL user ovs: 
Please enter the new password for ovs user: 
Please re-enter the password: 
Location changed to edit tree. This is a writable tree with 
DomainMBean as the root. To make changes you will need to start 
an edit session via startEdit(). 

For more help, use help('edit')

Starting an edit session ...
Started edit session, please be sure to save and activate your 
changes once you are done.

Saving all your changes ...
Saved all your changes successfully.
Activating all your changes, this may take a while ...

......
The following non-dynamic attribute(s) have been changed on MBeans 
that require server re-start:
MBean Changed : com.bea:Name=ovm-odof-ds,
Type=weblogic.j2ee.descriptor.wl.JDBCDriverParamsBean,Parent=[ovm_domain]
/JDBCSystemResources[ovm-odof-ds],Path=JDBCResource[ovm-odof-ds]/JDBCDriverParams
Attributes changed : PasswordEncrypted

Activation completed

Note that there is a second database schema, usually named appfw, that is also used by Oracle VM Manager. If the password for this database has also been changed, then the same command must be run again, as follows:

Oracle VM Manager Release version Admin tool

/u01/app/oracle/ovm-manager-3/ovm_wlst

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

date_time [main] INFO  ovm.wlst.commands - Connecting using URL t3://localhost:7001
Please enter the password for weblogic:

Please enter the name of a MySQL user: [appfw, ovs] appfw
Please enter the password for MySQL user appfw: 
Please enter the new password for appfw user: 
Please re-enter the password: 
Location changed to edit tree. This is a writable tree with 
DomainMBean as the root. To make changes you will need to start 
an edit session via startEdit(). 

For more help, use help('edit')

Starting an edit session ...
Started edit session, please be sure to save and activate your 
changes once you are done.

Saving all your changes ...
Saved all your changes successfully.
Activating all your changes, this may take a while ...

......
The following non-dynamic attribute(s) have been changed on MBeans 
that require server re-start:
MBean Changed : com.bea:Name=ovm-qrtz-ds,
Type=weblogic.j2ee.descriptor.wl.JDBCDriverParamsBean,Parent=[ovm_domain]
/JDBCSystemResources[ovm-qrtz-ds],Path=JDBCResource[ovm-qrtz-ds]/JDBCDriverParams
Attributes changed : PasswordEncrypted

Activation completed

When you have finished running this command, you must restart Oracle VM Manager as follows:

# service ovmm restart
# service ovmcli restart

3.1.9 Rotating Log Files

The Oracle VM Manager Administrator Tool allows you to control how and when log files are rotated. There are two options available:

--rotatelogsdaily: Set the logs to be rotated on a daily basis at an allocated time.
--rotatelogsbysize: Set the logs to be rotated when they reach a specified size.

In both cases, you are prompted for the Oracle WebLogic Server password to update the configuration.

Rotating Oracle VM Manager logs daily

To set the logs to rotate daily at an allocated time, run the Oracle VM Manager Administrator Tool as follows:

# ./ovm_admin --rotatelogsdaily [00:30]

The time provided is specified in the format HH:MM.

Typical output from the command follows:

Oracle VM Manager Release version Admin tool

Please enter the password for weblogic : 

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to Oracle WebLogic Server ...

Connected ...
Configure log rotation setting to rotate daily at [00:30] ...
Modified log rotation setting successfully ...
Exiting...

Rotating Oracle VM Manager logs by size

To set the logs to rotate when they reach a specified size, run the Oracle VM Manager Administrator Tool as follows:

# ./ovm_admin --rotatelogsbysize [1024]

The size provided is specified according to the number of kilobytes before rotation.

Typical output from the command follows:

Oracle VM Manager Release version Admin tool

Please enter the password for weblogic : 

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to Oracle WebLogic Server ...

Connected ...
Configure log rotation setting to rotate the logs based on size ([1024] KB) ...
Modified log rotation setting successfully ...
Exiting...

3.1.10 Changing the Password for the MySQL Root User

You can change the password for the MySQL root user that the Oracle VM Manager Administrator Tool uses to connect to the MySQL database instance.

Important

The Oracle VM Manager Administrator Tool connects to the MySQL server as the root user. This option changes the password that the Oracle VM Manager Administrator Tool uses for the root user but does not change the password in the database itself. For this reason, you must first change the password with the Oracle VM Manager Administrator Tool and then manually change the password in the database.

Change the password for the MySQL root user as follows:

Run the Oracle VM Manager Administrator Tool with the --updatemysqlroot option.

# ./ovm_admin --updatemysqlroot

The tool returns the following output:

Oracle VM Manager Release version Admin tool

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to Oracle WebLogic Server Administration Scripting Shell

Type help() for help on available commands
date_time [main] INFO  ovm.wlst.commands - Connecting using URL t3://localhost:7001

Please enter the password for weblogic:

Enter the password for the Oracle WebLogic Server. If you have not changed the Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM Manager admin user's password.

The Oracle VM Manager Administrator Tool prompts you with the following:
```
Please enter the current password for MySQL user root:
```
Enter the current password for the MySQL root user.

The Oracle VM Manager Administrator Tool prompts you with the following:
```
Please enter the new password for MySQL user root:
Please re-enter the password:
```

Enter the new password for the MySQL root user and then confirm the password.

The command provides the following output:

date_time [main] INFO  ovm.wlst.domainbuilder.Domain -
Updated MySQL root password successfully in WebLogic!
Please note that you must separately update the password in the database

Stop Oracle VM Manager.
```
# /etc/init.d/ovmm stop
```
Manually change the password in the database so that it matches the password that you set with the Oracle VM Manager Administrator Tool, as follows:
1. Connect to the MySQL server.
```
# mysql -S /u01/app/oracle/mysql/data/mysqld.sock -u root -p
```
2. When prompted, enter the previous password for the root user, not the new password that you set with the Oracle VM Manager Administrator Tool.
3. Ensure you are using the MySQL database.
```
$ mysql> use mysql;
```
4. Change the password for the root user.
```
$ mysql> alter user 'root'@'localhost' identified by new_password;
```
5. Flush privileges.
```
$ mysql> flush privileges;
```
6. Disconnect from the MySQL server.
```
$ mysql> quit
```
Restart the MySQL service for Oracle VM Manager.
```
# /etc/init.d/ovmm_mysql restart
```
Start Oracle VM Manager.
```
# /etc/init.d/ovmm start
```

3.2 Working with the MySQL Instance

Oracle VM Manager uses an instance of MySQL Enterprise Edition for storing configuration and other data. Database files reside at /u01/app/oracle/mysql/data.

Starting, Stopping, and Checking Status of the MySQL Server

Note

Oracle VM Manager depends on a running instance of the MySQL server. MySQL should never be stopped, even for troubleshooting, nor for configuring MySQL server, while Oracle VM Manager is running. The Oracle VM Manager should be stopped before touching MySQL. Irrespective of Oracle Linux 6 or Oracle Linux 7, the service command should be used to start and stop the ovmm_mysql service.

To start, stop, restart and obtain the status of the MySQL server, you can use the /etc/init.d/ovmm_mysql init script as follows:

# /etc/init.d/ovmm_mysql restart

Alternatively, you can use the service command as follows:

# service ovmm_mysql start

MySQL Configuration and Event Logs

Configuration for the Oracle VM Manager MySQL server is contained in: /u01/app/oracle/mysql/data/my.cnf.

Warning

Editing the configuration file might break your Oracle VM Manager installation. Do not edit the configuration file unless an Oracle Support representative instructs you to do so.

MySQL server events are logged in: /u01/app/oracle/mysql/data/mysqld.err.