How to reset opc os user password on OCI DBSystems when SSH keys lost

Create "Console Connection" to Node OS of DB System

1. Go to required DB System in Oracle Cloud Console
2. Select "Console Connections" tab and click button "Create Console Connection"

3. Upload SSH public key (existent or generate new) e.g. recovery_key.pub

4. Once console connection "State" became "Active" go to "..." and click "Copy SSH string" in popup-menu for the active console connection

5. Execute in a local terminal(putty/bash) copied SSH string:

# path/to/recovery_key - it is private key of your public key recovery_key.pub
ssh -i path/to/recovery_key -o ProxyCommand='ssh -W %h:%p -p 443 ocid1.instanceconsoleconnection...' ocid1.instance...

# if you do not add private key to /ssh/keys on host of your terminal then use next command
ssh -i path/to/recovery_key -o ProxyCommand='ssh -i path/to/recovery_key -W %h:%p -p 443 ocid1.instanceconsoleconnection...' ocid1.instance...

🛈 Note: The terminal may appear hanging or blank. This is normal. Do not press any key or Enter. Go to next step below

Reboot OS on "Node" of DB system

1. Go to "Nodes" tab of DB System in Oracle Cloud Console and navigate to "..." against of first "Available" node and click "Reboot" in popup-menu

2. Immediately switch focus to the terminal window with active console connection
3. As the node restarts, you will see BIOS output

🛈 Note: On reboot: Power down, press ESC repeatedly until you're get in to the Boot Manager. Please press ESC more intensively/often

4. Choose Boot manager > EFI Internal Shell

5. Press ESC to interrupt the UEFI startup process

then enter

Shell>
FS0:
cd EFI
cd redhat

You should see a user.cfg file:

FS0:\EFI\redhat>
ls

Remove user.cfg

FS0:\EFI\redhat> rm user.cfg

then exit from "EFI Internal Shell"

FS0:\EFI\redhat> 
exit

6. Press ESC to return into EFI "Main Menu"

7. Select "Continue" and press Enter to get to Linux kernels menu for boot

8. You will be back in Boot manager, choose a kernel "Oracle Linux" (or whichever is the first option) and press ESC repeatedly and press E

you should be able to proceed with the next steps:

• Locate the line starting with linux/linuxefi/vmlinuz or kernel. Scroll to the very end of this line and append the string: rw init=/bin/bash

  load_video
  set gfx_payload=keep
  insmod gzio
  linux ($root)/vmlinuz-5.4.17-2136.326.6.el8uek.x86_64 root=/dev/mapper/vg00-ro\
  ot ro LANG=en_US.UTF-8 audit=1 console=hvc0 console=tty0 console=ttyS0,9600n8 \
  crashkernel=auto  ipmi_si.tryacpi=0 ipmi_si.trydefaults=0 ipmi_si.trydmi=0 lib\
  iscsi.debug_libiscsi_eh=1 loglevel=3 net.ifnames=1 netroot=iscsi:169.128.0.2::\
  :1:iqn.2015-02.oracle.boot:uefi network-config=e2NvbmZpZzogZGlzYWJsZWR9Cg== no\
  modeset nvme_core.shutdown_timeout=10 rd.dm=0 rd.iscsi_param=node.session.time\
  o.replacement_timeout=6000 rd.luks=0 rd.lvm.lv=vg00 rd.md=0 vconsole.font=lata\
  rcyrheb-sun16 vconsole.keymap=us numa=off transparent_hugepage=madvise biosdev\
  name=1 rd_NO_DM PRODUCT=ORACLE_SERVER_X5-2 TYPE=X5_2_LITE_IAAS intremap=off rd\
  .net.timeout.dhcp=10 ip=dhcp,dhcp6 rw init=/bin/bash
  initrd  ($root)/initramfs-5.4.17-2136.326.6.el8uek.x86_64.img $tuned_initrd
      

• Press Ctrl + X to boot

Reset the opc os user password

[root@localhost /] passwd opc

1. Go to DB System "Nodes" tab in Oracle Cloud Console restart node

🛈 Navigate to "..." against of first "Available" node and click "Reboot" in popup-menu

2. Check opc password:

ssh opc@xxx.xxx.xxx.xxx
opc@xxx.xxx.xxx.xxx's password:

[opc@ ~]$

Clean *.aud files

    sudo -i
    su - oracle
    cd  /u01/app/oracle/admin/orcl/adump
    du -sh
    find. -name "*.aud" -mtime +30 -delete