Logging in

Accessing the console requires a username and password.

If you are an administrator setting up the console or accessing it for the first time, use the username and password you chose when you installed the console. Otherwise, get credentials from your site's administrator.

Because the console is the main point of control for your infrastructure, it is a good idea to prohibit your browser from storing the login credentials.

Generate a user password reset token

When users forget passwords or lock themselves out of the console by attempting to log in with incorrect credentials too many times, you need to generate a password reset token.

  1. In the console, on the Access control page, click the Users tab.
  2. Click the name of the user who needs a password reset token.
  3. Click Generate password reset. Copy the link provided in the message and send it to the user.

Reset the console administrator password

If you're unable to log in to the console as admin, you can change the password from the command line of the node running console services.

Log in as root to the node running console services (usually your primary server) and reset the console admin password:
puppet infrastructure console_password --password=<MY_PASSWORD>

Troubleshooting login to the PE admin account

If your directory contains multiple users with a login name of "admin," the PE admin account is unable to log in.

If you are locked out of PE as the admin user and there are no other users with administrator access who you can ask to reset the access control settings in the console, SSH into the box and use curl commands to reset the directory service settings.

For a box named centos7 the curl call looks like this:

type_header='Content-Type: application/json'
cert="$(puppet config print hostcert)"
cacert="$(puppet config print localcacert)"
key="$(puppet config print hostprivkey)"
uri="https://$(puppet config print server):4433/rbac-api/v1/ds"
data='{}'

curl --header "$type_header" --cert "$cert" --cacert "$cacert" --key "$key" --request PUT "$uri" --data "$data"

See Usage notes for curl examples for information about forming curl commands.

Create a custom login disclaimer

Add a custom banner users see on the login page when accessing the console. For example, add a disclaimer about authorized or unauthorized use of private information that is accessible in the console.

  1. Create a disclaimer.txt file containing the disclaimer content.
  2. Add the document to /etc/puppetlabs/console-services
    Note: You can use the console to change the path for the disclaimer file by configuring the puppet_enterprise::profile::console::disclaimer_content_path.
  3. Log in to the console to view the new banner.