This topic describes how to configure NSX passwords after you have installed NSX for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI).
Before completing this section, make sure you have completed the following sections:
The default NSX-T password expiration interval is 90 days. After this period, the NSX-T passwords will expire on all NSX-T Manager Nodes and all NSX-T Edge Nodes. To avoid this, you can extend or remove the password expiration interval, or change the password if needed.
Note: For existing Tanzu Kubernetes Grid Integrated Edition deployments, anytime the NSX-T password is changed you must update the BOSH and PKS tiles with the new passwords. See Adding Infrastructure Password Changes to the Tanzu Kubernetes Grid Integrated Edition Tile for more information.
To update the NSX Manager password, perform the following actions on one of the NSX Manager nodes. The changes will be propagated to all NSX Manager nodes.
To manage user password expiration, you use the CLI on one of the NSX Manager nodes.
To access a NSX Manager node, from Unix hosts use the command ssh USERNAME@IP_ADDRESS_OF_NSX_MANAGER
.
For example:
ssh [email protected]
On Windows, use Putty and provide the IP address for NSX Manager. Enter the user name and password that you defined during the installation of NSX-T.
To retrieve the password expiration interval, use the following command:
get user USERNAME password-expiration
For example:
NSX CLI (Manager, Policy, Controller 3.0.0.0.0.15946739). Press ? for cost or enter: help
nsx-mgr-1> get user admin password-expiration
Password expires 90 days after last change
To update the user password, use the following command:
set user USERNAME password NEW-PASSWORD old-password OLD-PASSWORD
For example:
set user admin password my-new-pwd old-password my-old-pwd
To set the password expiration interval, use the following command:
set user USERNAME password-expiration PASSWORD-EXPIRATION
For example, the following command sets the password expiration interval to 120 days:
set user admin password-expiration 120
To remove password expiration, use the following command:
clear user USERNAME password-expiration
For example:
clear user admin password-expiration
To verify:
nsx-mgr-1> clear user admin password-expiration
nsx-mgr-1> get user admin password-expiration
Password expiration not configured for this user
To update the NSX Edge Node password, perform the following actions on each NSX Edge Node.
Note: Unlike the NSX-T Manager nodes, you must update the password or password interval on each Edge Node.
SSH on the Edge Node is deactivated by default. You must activate SSH on the Edge Node using the Console from vSphere.
start service ssh
set service ssh start-on-boot
For example:
ssh [email protected]
For example:
nsx-edge> get user admin password-expiration
Password expires 90 days after last change
For example:
nsx-edge> set user admin password my-new-pwd old-password my-old-pwd
For example, the following command sets the password expiration interval to 120 days:
nsx-edge> set user admin password-expiration 120
For example:
NSX CLI (Edge 3.0.0.0.0.15946012). Press ? for command list or enter: help
nsx-edge-2> get user admin password-expiration
Password expires 90 days after last change. Current password will expire in 7 days.
nsx-edge-2> clear user admin password-expiration
nsx-edge-2> get user admin password-expiration
Password expiration not configured for this user
Once you have completed the installation of NSX-T v3.0, return to the TKGI installation workflow and proceed with the next phase of the process. See Install Tanzu Kubernetes Grid Integrated Edition on vSphere with NSX-T Using Ops Manager.