It’s not a common occurrence, but occasionally (perhaps due to the departure of a previous administrator) you may find yourself effectively locked out of an Opsview Monitor instance -- prevented from making administrative-level changes because you don’t have the administrative password. In such cases, the following three tips will let you hash a new password and insert the hash into the Opsview Monitor MySQL configuration database, re-enabling login.
Hash a Password, Opsview-Style
Passwords can be validated against their hashes, but hashes can’t (at least not easily) be used to determine passwords. So storing a hash instead of a corresponding password improves system security. Opsview uses standard Apache password hashing for this purpose. To create a new, Opsview-compatible password hash, install the htpasswd utility on any Linux system:
$ sudo apt-get install apache2-utils
Then use the following command with your admin username and new password to generate a hash expression. Typically, as shown here, the username will be ‘admin’:
$ htpasswd -nb admin <password>
Example output: admin:$apr1$8DTIlTxs$Z3xI4nOYU5N3VKCnCSuHa1
The hash expression you need is the portion of text after the username and colon (‘:’). The hash expression combines the encryption method used and the ‘salt’ (random data used to prevent dictionary-table attacks against hashed passwords), separated from the hash itself by $ signs. You want everything after the ‘:’.
Access Opsview’s MySQL Database
There are several reasons why an administrator might want to access Opsview Monitor’s MySQL database. The simplest way to do this is to ssh to the Opsview master node, switch to the opsview user (e.g., with sudo su opsview) and execute this built-in script, using ‘opsview’ as the argument. That will start the MySQL client and log you in.
$ /opt/opsview/coreutils/utils/cx opsview
Insert the Password Hash into the DB
Finally, you can select the ‘opsview’ database, and insert the password hash into the database’s “contacts” table, using the following SQL expression:
mysql>update opsview.contacts set encrypted_password = <hash expression> where cname = "admin";
Once done, you should be able to log into the Opsview Monitor WebUI as ‘admin,’ with your new password.