TABLE OF CONTENTS

• Versa Director Default Accounts and Credentials
• Versa Analytics Default Accounts and Credentials
• Versa Device Default Accounts and Credentials

Versa Director Default Accounts and Credentials

The Versa Director has several built in user accounts, default UNIX passwords that  should be changed, namely:

• admin (local management administrator account/last-resort fallback account)
• versa (service account used by the Versa daemons/processes/CLI)
• aaaadmin (local account built for AAA authentication)
• aaauser (local account built for AAA authentication)

How to Change?

admin

admin@director1:~$ passwd

Changing password for admin.
(current) UNIX password:
New password:
Retype new password:
passwd: password updated successfully

versa

admin@director1:~$ sudo su versa
versa@director1:/home/admin$ passwd

Changing password for versa.
(current) UNIX password:
New password:
Retype new password:                                                                                                           
passwd: password updated successfully
versa@director1:/home/admin$ exit

aaaadmin

admin@director1:~$ sudo su aaaadmin
[aaaadmin@director1 admin] # passwd

Changing password for aaaadmin.
(current) UNIX password:
New password:
Retype new password:
passwd: password updated successfully

aaauser

admin@director1:~$ sudo su aaauser
[aaauser@director1 admin] # passwd

Changing password for aaauser.
(current) UNIX password:
New password:
Retype new password:
passwd: password updated successfully

Administrator

admin@director1:~$ sudo su Administrator
[Administrator @director1 admin] # passwd

Changing password for Administrator.
(current) UNIX password:
New password:
Retype new password:
passwd: password updated successfully

Change passwords in default.conf

PG Password:

Step 01:

vsh status is good check that. 

sudo -u postgres psql -d vnms

ALTER USER vnms WITH PASSWORD 'SecurityIsAwesome!';

Step 02:

Change PG_PASSWORD in /var/versa/vnms/data/conf/default.conf

Step 03:

Change password in /var/versa/vnms/data/conf/application.properties

change this one spring.datasource.password

change this one netbox.datasource.password

Step 04:

vsh restart 

ZTP and Encryption Password:

For ZTP/Encryption password, change it on the file.

[Administrator@versa-director-2: ~] $ cat /var/versa/vnms/data/conf/default.conf

#Tue Aug 07 03:35:40 UTC 2018

PG_USERNAME=vnms
PG_PASSWORD=Versa@123

PG_DATABASE=vnms
BACKUP_ENCRYPT_KEY=pviQMdsp.c12viiGsMWC@

KEYSTORE_PASSWORD=versa123

PRIVATE_KEY_PASSWORD=versa123

auth_truststore_password=versa123

ZTP_URL_PASSWORD=versa123versa123

ENCRYPTION_UTIL_KEY=versa123versa123

CONFD_API_USER=restuser

CONFD_API_PASSWORD=versa123

PG_IPAM_DB=netbox
NETBOX_API_TOKEN=ae5140c21feaf81cfef386ff96b24041f48f995c
NETBOX_SECRET_KEY=r8OwDznj!!dciP9ghmRfdu1Ysxm0AiPeDCQhKE+N_rClfWNj

[Administrator@versa-director-2: ~] $

ConfD passwd:

For confd password change it on the default.conf file and then on each VOS device run this:

[admin@sys10-vm22-cli: ~] $ vsh allow-cli 

[admin@sys10-vm22-cli: ~] $cli

admin@sys10-vm22-cli>configure

admin@sys10-vm22-cli(config)% unhide debug

Password: ****** ß “secret”

[ok][2021-01-26 19:44:13]

set aaa authentication users user restuser password <>

commit

Then do a ‘synch from appliance’ from VD.

Versa Analytics Default Accounts and Credentials

The Versa Analytics platform contains the following built in user accounts that will need the default passwords changed:

• versa (local shell management user)
• web UI “Administrator”
• web UI “admin”
• SSL datastore cache

You would basically just need to execute the AdminManager.sh script as below to change the default password

[versa@us-poc-analytics-1: van-security] $ 

[versa@us-poc-analytics-1: van-security] $ sudo /opt/versa/scripts/van-scripts/AdminManager.sh

Versa Analytics Admin Users Manager

Passwords for all local UI users need to be changed

Please enter password for user:admin

Password ?

Re-enter password ?

Please enter password for user:Administrator

Password ?

Re-enter password ?

Login credentials for all users have been changed

[versa@us-poc-analytics-1: van-security] $

<Below procedure was being used in 16.1, it's deprecated>

Note 1: All director commands will be in blue and are to be executed on the primary director only

Note 2: All analytics commands will be in purple and are to be ran on all analytics nodes unless otherwise noted 

Note 3: This process will require a restart of Versa services on all Analytics Nodes

1. On the Versa Analytics:  Change to the /opt/versa/scripts/van-security directory

[versa@analytics1: ~] $ cd /opt/versa/scripts/van-security/

1. On the Versa Analytics: Modify the Versa Analytics system passwords by issuing the   -s command:

[versa@analytics1: van-security] $ sudo ./analytics_securemode.sh -s

Do you want to change the shell login system password (y/N) : y

Please enter username:versa

versa exists... changing password.

New password: <new password>

Retype new password: <new password>

passwd: password updated successfully

Password is successfully changed for user: versa

1. On the Versa Analytics: Modify the Versa Analytics application passwords by issuing the analytics_securemode.sh -a command:

[versa@analytics1: van-security] $ sudo ./analytics_securemode.sh -a

Do you want to change the Analytics UI local authentication administration password (y/N): y

Versa Analytics Admin Users Manager

Username ? Administrator

Password ? <new password>

Re-enter password ? <new password>

Match found

Admin credentials successfully replaced

Password is successfully changed

Do you want to change the SSL and Tomcat Certificate passwords (y/N): y

Modifying Tomcat passwords ...

Change the Tomcat Password if your certificate passwords have changed

Please re-confirm (y/N): y

Enter NEW  Password: <new password>

ReEnter NEW Password: <new password>

Modifying self-signed certificate passwords ...

Modifying Analytics-Director certificate passwords ...

This password should match the password in Director's vd-van-import-cert.sh file

Do you want to change the Analytics-Director certificate password (y/N): y

Enter NEW  Password: <new password>

ReEnter NEW Password: <new password>

Please regenerate the certificates for this change to take effect

Regenerate certificate file using: van-import-cert.sh script

You will need to re-import certificates to Versa Director and re-register Director in Analytics

To ensure Analytics-Director communication certificates are changed with non-default passwords

Delete the TrustStore at: /opt/versa/var/van-app/certificates/versa_director_truststore.ts

Re-import by running: /opt/versa/scripts/van-scripts/van-vd-cert-install.sh

[versa@analytics1: van-security] $

Update second web UI “admin” account credentials:

[versa@analytics1: van-security] $ sudo ./analytics_securemode.sh -a

Do you want to change the Analytics UI local authentication administration password (y/N): y

Versa Analytics Admin Users Manager

Username ? admin

Password ? <new password>

Re-enter password ? <new password>

Match found

Admin credentials successfully replaced

Password is successfully changed

Do you want to change the SSL and Tomcat Certificate passwords (y/N): n

1. On the Versa Analytics:  Delete the versa_analytics trust store

[versa@analytics1: van-security] $ sudo rm /opt/versa/var/van-app/certificates/versa_analytics.jks

1. On the Versa Analytics:  Delete the versa_director trust store

[versa@analytics1: van-security] $ sudo rm /opt/versa/var/van-app/certificates/versa_director_truststore.ts

1. On the Versa Analytics: Re-import the Versa Analytics Certificate

sudo /opt/versa/scripts/van-scripts/van-import-cert.sh \

--key <path to private key file> \

--cert <path to signed certificate file> \

--keypass <certificate password> \

--cafile <path to CA certificate file>

1. On the Versa Director: Copy the director certificate to the Analytics Cluster

admin@director1:/opt/versa/vnms/scripts$ cd /var/versa/vnms/data/certs

admin@director1:/var/versa/vnms/data/certs$ 

scp versa_director_client.cer versa@<analytics node IP>:/opt/versa/var/van-app/certificate

1. On the Versa Analytics: Re-import the Versa Director Certificate

[versa@analytics1: certs] $ cd /opt/versa/var/van-app/certificates/

[versa@analytics1: certificates] $ sudo /opt/versa/scripts/van-scripts/van-vd-cert-install.sh versa_director_client.cer <Director Hostname>

1. Validation: 

• Check Administrator’s Analytics tab to ensure it loads with no errors. 
• Test web UI credentials by logging into https://ANALYTICS:8443 with both accounts.
• Run the following entering new password when prompted, should run with no errors:

[versa@analytics1: van-security] $ sudo /usr/lib/jvm/jre1.8.0_241/bin/keytool -list -keystore /opt/versa/var/van-app/certificates/versa_analytics.jks -v

[versa@analytics1: van-security] $ sudo /usr/lib/jvm/jre1.8.0_241/bin/keytool -list -keystore /opt/versa/var/van-app/certificates/versa_director_truststore.ts -v

1. Repeat Steps 7-9 for every analytics node in the cluster

Change Solr and Cassandra passwords

On each search node

[versa@analytics1: van-security] $ sudo ./analytics_securemode.sh -b

On Analytics node, change the Cassandra password on application properties file (/opt/versa/var/van-app/properties/application.properties). 

The password is db.search.password on this file.

For Cassandra do following on one Analytics node as root:

cqlsh -u cassandra -p cassandra --ssl

ALTER USER cassandra WITH PASSWORD ‘NEWPASSWORD’;

quit

change db.analytics.password on all nodes on file:

/opt/versa/var/van-app/properties/application.properties

Finally, ‘vsh restart’ 

Change Tomcat password

vi /opt/versa/scripts/van-install/tomcat/server.xml

 cp /opt/versa/var/van-app/certificates/versa_analytics.jks /opt/versa_van/apps/apache-tomcat/conf/versa_analytics.jks 

(Initial prompt password would be ‘versa123’)

/usr/lib/jvm/jre1.8.0_271/bin/keytool -storepasswd -alias vanserver -keystore /opt/versa_van/apps/apache-tomcat-9.0.39/conf/versa_analytics.jks

/usr/lib/jvm/jre1.8.0_271/bin/keytool -keypasswd -alias vanserver -keystore /opt/versa_van/apps/apache-tomcat-9.0.39/conf/versa_analytics.jks

Finally ‘vsh restart’.

Versa Device Default Accounts and Credentials

The Versa Device has several built in user accounts that the default UNIX passwords should be change, namely:

• admin (local management administrator account/last-resort fallback account)
• versa (service account used by the Versa daemons/processes/CLI)
• aaaadmin (local account built for AAA authentication)
• aaauser (local account built for AAA authentication)
• deploy  (You can delete this account)
• webuser (You can delete this account)

How to Change?

admin@controller1:~$ passwd

Changing password for admin.

(current) UNIX password:

New password:

Retype new password:

passwd: password updated successfully

admin@ controller1:~$ sudo su versa

versa@ controller1:/home/admin$ passwd

Changing password for versa.

(current) UNIX password:

New password:

Retype new password:                                                                                                           

passwd: password updated successfully

versa@ controller1:/home/admin$ exit

admin@ controller1:~$ sudo su aaaadmin

[aaaadmin@ controller1admin] # passwd

Changing password for aaaadmin.

(current) UNIX password:

New password:

Retype new password:

passwd: password updated successfully

admin@ controller1:~$ sudo su aaauser

[aaauser@ controller1admin] # passwd

Changing password for aaauser.

(current) UNIX password:

New password:

Retype new password:

passwd: password updated successfully