Pivotal Knowledge Base


How to Recover Operations Manager Admin Password


Pivotal Cloud Foundry Version 1.10


If the user forgets the admin password of the Pivotal Operations Manager, the following procedure can be used to recover/reset the admin password.

Important Note- This process applies only to Operations Manager when it's configured to use an internal password store. Users who set up the SAML-based authentication will not be able to use this process. Users will need to follow the password reset/recovery options provided through their Corp SAML provider. Alternatively, users can put Operations Manager into rescue mode and disable SAML authentication which reverts Operations Manager back to the internal password store.


Recovering the installed password from uaa.yml

If by chance you never changed the operations manager password after the initial install, then the procedure below is the preferred method:

  1. SSH into Operations Manager and locate the file
    sudo less /home/tempest-web/uaa/config/uaa.yml
  2. Navigate to line "users:" and note the admin password for Operations Manager. In the example below, the admin password is "password"
      - admin|password|admin@test.org|OpsMan|Admin|opsman.admin,scim.read,scim.write,uaa.admin
  3. Attempt to use that password to login

Manually Resetting the Admin Password

If you have changed the password since installation, then you can revert back to the installed password found in the uaa.yml.

  1. SSH into Operations Manager and change to the following working directory
    cd /home/tempest-web/uaa/tomcat
  2. Stop Operations Manager service
    sudo service tempest-web stop
  3. Edit "/home/tempest-web/uaa/config/uaa.yml" and set "scim.user.override => true" as per the following example. scim.user.override will overwrite users stored in the UAA Database with what is defined in the scim.users list during start up. NOTE: When editing yml files, spacing matters and in this case, a single indent is equivalent to 2 spaces
  4. scim:
       override: true
      - admin|password|admin@test.org|OpsMan|Admin|opsman.admin,scim.me,uaa.admin,clients.admin
  5. We can not start Operations Manager here because it will remove any changes made to uaa.yml. Hence, we will have to start UAA manually
    sudo CLOUD_FOUNDRY_CONFIG_PATH=/home/tempest-web/uaa/config JAVA_OPTS=-Djava.security.egd=file:/dev/urandom CATALINA_OPTS="-Xmx768m -XX:MaxPermSize=256m" bin/catalina.sh run
  6. From a new terminal verify that you can get an access token with the new password "password"
    ~$ uaac target https://${OPSMAN Hostname}/uaa
    ~$ uaac token owner get
    Client ID:  opsman
    Client secret:
    User name:  admin
    Password:  password
  7. If getting the access token was successful then proceed to quit the UAA process by performing Ctrl+C from the terminal were catalina.sh was executed from
  8. Start Operations Manager back up. This will automatically regenerate "/home/tempest-web/uaa/config/uaa.yml" and remove any changes made in our previous steps
    sudo service tempest-web start 
  9. Proceed to log in to Operations Manager using the password defined in scim.users.admin which, in our example is "password"


Powered by Zendesk