This topic describes how to configure NSX passwords after you have installed NSX for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI).
Prerequisites
Before completing this section, make sure you have completed the following sections:
- NSX-T Installation Prerequisites
- Install and Configure the NSX-T Manager Hosts
- Generate and Register the NSX-T TLS Certificate and Private Key
- Create an IP Pool for VTEP
- Configure Transport Zones
- Configure vSphere Networking for ESXi Hosts
- Deploy NSX-T Edge Nodes
- Deploy NSX-T Transport Nodes
- Create NSX-T Objects for Kubernetes Clusters Provisioned by TKGI
- Create NSX-T Objects for TKGI Management Plane Components
Configure the NSX-T Password Interval (Optional)
The default NSX-T password expiration interval is 90 days. After this period, the NSX-T passwords will expire on all NSX-T Manager Nodes and all NSX-T Edge Nodes. To avoid this, you can extend or remove the password expiration interval, or change the password if needed.
Note: For existing Tanzu Kubernetes Grid Integrated Edition deployments, anytime the NSX-T password is changed you must update the BOSH and PKS tiles with the new passwords. See Adding Infrastructure Password Changes to the Tanzu Kubernetes Grid Integrated Edition Tile for more information.
Update the NSX-T Manager Password and Password Interval
To update the NSX Manager password, perform the following actions on one of the NSX Manager nodes. The changes will be propagated to all NSX Manager nodes.
SSH into the NSX Manager Node
To manage user password expiration, you use the CLI on one of the NSX Manager nodes.
To access a NSX Manager node, from Unix hosts use the command ssh USERNAME@IP_ADDRESS_OF_NSX_MANAGER.
For example:
ssh [email protected]
On Windows, use Putty and provide the IP address for NSX Manager. Enter the user name and password that you defined during the installation of NSX-T.
Retrieve the Password Expiration Interval
To retrieve the password expiration interval, use the following command:
get user USERNAME password-expiration
For example:
NSX CLI (Manager, Policy, Controller 3.0.0.0.0.15946739). Press ? for cost or enter: help
nsx-mgr-1> get user admin password-expiration
Password expires 90 days after last change
Update the Admin Password
To update the user password, use the following command:
set user USERNAME password NEW-PASSWORD old-password OLD-PASSWORD
For example:
set user admin password my-new-pwd old-password my-old-pwd
Set the Admin Password Expiration Interval
To set the password expiration interval, use the following command:
set user USERNAME password-expiration PASSWORD-EXPIRATION
For example, the following command sets the password expiration interval to 120 days:
set user admin password-expiration 120
Remove the Admin Password Expiration Interval
To remove password expiration, use the following command:
clear user USERNAME password-expiration
For example:
clear user admin password-expiration
To verify:
nsx-mgr-1> clear user admin password-expiration
nsx-mgr-1> get user admin password-expiration
Password expiration not configured for this user
Update the Password for NSX Edge Nodes
To update the NSX Edge Node password, perform the following actions on each NSX Edge Node.
Note: Unlike the NSX-T Manager nodes, you must update the password or password interval on each Edge Node.
Enable SSH
SSH on the Edge Node is deactivated by default. You must activate SSH on the Edge Node using the Console from vSphere.
start service ssh
set service ssh start-on-boot
SSH to the NSX Edge Node
For example:
ssh [email protected]
Get the Password Expiration Interval for the Edge Node
For example:
nsx-edge> get user admin password-expiration
Password expires 90 days after last change
Update the User Password for the Edge Node
For example:
nsx-edge> set user admin password my-new-pwd old-password my-old-pwd
Set the Password Expiration Interval
For example, the following command sets the password expiration interval to 120 days:
nsx-edge> set user admin password-expiration 120
Remove the Password Expiration Interval
For example:
NSX CLI (Edge 3.0.0.0.0.15946012). Press ? for command list or enter: help
nsx-edge-2> get user admin password-expiration
Password expires 90 days after last change. Current password will expire in 7 days.
nsx-edge-2> clear user admin password-expiration
nsx-edge-2> get user admin password-expiration
Password expiration not configured for this user
Next Step
Once you have completed the installation of NSX-T v3.0, return to the TKGI installation workflow and proceed with the next phase of the process. See Install Tanzu Kubernetes Grid Integrated Edition on vSphere with NSX-T Using Ops Manager.
