Companies merge, hosts are inherited and repurposed, administrators come and go and not necessarily leave things in order after themselves. Or what if you forgot the password and the record of it is not recoverable? Where there’s a will, there’s a way.
I touched the other day on how ipmitool can be accessed from a CVM CLI but would require authentication details to pass on to the IPMI. Well, the host or rather the hypervisor installed on the host does not have to do so. Hence even when ADMIN account password (or any other account with full privileges) is lost the IPMI is still accessible from the hypervisor CLI and you can still reset the password, set up new user entirely, or set a new password for a user.
The process consists of several steps:
- Log in to the hypervisor on the host (AHV or ESXi).
- List user records using ipmitool. Take note of the user ID.
- Set the password for the user ID.
The task is complete.
Conveniently, commands syntax between AHV and ESXi differs only in the preceding “/“ slash symbol.
When there is no hypervisor, for example, during a SATADOM replacement when the access to the IPMI is necessary to complete the procedure, things become a little trickier. For Supermicro hardware one would need a bootable USB stick with either an ISO of the hypervisor matching the rest of the hosts in the cluster or with an IPMICFG tool from Supermicro. Boot the host into the hypervisor or the IPMICGF tool and set the password using the ipmitool.
Another important thing to remember is that BMC 7.08 changes the default IPMI password so that every node ships from the factory with a unique password. The new default IPMI credentials are username = ADMIN and password = node-serial-number.
Read more:
NX Series Hardware Administration Guide: Changing the IPMI Password for AHV
KB-1486 [ESXi] How to re-configure IPMI using ipmitool
NX Series Hardware Administration Guide: Changing the IPMI Password without Operating System Access