Using Scripts to Batch Update the One-Click Password Reset Plug-ins for Windows ECSs
Scenarios
The offline password reset depends on the one-click password reset plug-in. If the one-click password reset plug-in is updated for security purposes, you can update the plug-in for an individual ECS by referring to this section.
This section describes how to use a script to batch update the one-click password reset plug-ins for multiple Windows ECSs.
Prerequisites
- An executor ECS meeting the requirements in Constraints is available.
- You have obtained the IP addresses of the ECSs where plug-ins are to be batch installed, and the password of user Administrator.
- The executor ECS and the ECSs whose password reset plug-ins are to be updated must be in the same VPC.
- The EIP can be unbound only after you perform step 7.
Constraints

If the internal yum repository has been configured, the executor ECS does not require an EIP.
Procedure
- Log in to the executor ECS as user root.
- Install the required dependencies.
- Install epel.
yum install epel-release -y
- Install ansible.
yum install ansible -y --skip-broken
Run ansible --version to check whether Ansible is successfully installed.
If Ansible cannot be installed due to yum repository configuration issues, run the following commands to install Ansible:
yum install python3 python3-pip
pip3 install --upgrade pip
pip3 install ansible
- Install pip.
python3.6 -m pip install bcrypt==3.2.0 paramiko==3.3.1 cryptography==3.3.0 pywinrm PyYAML Jinja2 httplib2 six
If an error shown in Figure 1 is displayed, perform the following operations:
- Install epel.
- Download the one-click password reset plug-in CloudResetPwdAgent.zip for Windows ECSs in the corresponding region by referring to Table 1 and verify the plug-in integrity.
For example, to download the plug-in for Windows ECSs in the CN North-Beijing4 region, run the following command:
wget https://cn-north-4-cloud-reset-pwd.obs.cn-north-4.myhuaweicloud.com/windows/reset_pwd_agent/CloudResetPwdAgent.zip
wget https://cn-north-4-cloud-reset-pwd.obs.cn-north-4.myhuaweicloud.com/windows/reset_pwd_agent/CloudResetPwdAgent.zip.sha256
For details about how to verify the plug-in integrity, see 4 in Obtaining the One-Click Password Reset Plug-in and Verifying Its Integrity (Linux).
The password reset plug-in can be stored in any directory.
- Download the Windows installation package of the corresponding version and OS architecture to the root directory.
Note: Run the pwd command to check whether the current directory is root. If not, switch to the root directory.
- Download the batch execution script to the root directory.
curl URL > ~/batch_update_log4j_version_for_windows.py
URL is the address for downloading the batch execution script.
Select an address for downloading the script based on the region where the ECSs are located.
- CN North-Beijing1: https://cn-north-1-cloud-reset-pwd.obs.cn-north-1.myhuaweicloud.com/windows/batch_update_resetpwd/batch_update_log4j_version_for_windows.py
- CN North-Beijing4: https://cn-north-4-cloud-reset-pwd.obs.cn-north-4.myhuaweicloud.com/windows/batch_update_resetpwd/batch_update_log4j_version_for_windows.py
- CN East-Shanghai2: https://cn-east-2-cloud-reset-pwd.obs.cn-east-2.myhuaweicloud.com/windows/batch_update_resetpwd/batch_update_log4j_version_for_windows.py
- CN South-Guangzhou: https://cn-south-1-cloud-reset-pwd.obs.cn-south-1.myhuaweicloud.com/windows/batch_update_resetpwd/batch_update_log4j_version_for_windows.py
- CN-Hong Kong: https://ap-southeast-1-cloud-reset-pwd.obs.ap-southeast-1.myhuaweicloud.com/windows/batch_update_resetpwd/batch_update_log4j_version_for_windows.py
- AP-Bangkok: https://ap-southeast-2-cloud-reset-pwd.obs.ap-southeast-2.myhuaweicloud.com/windows/batch_update_resetpwd/batch_update_log4j_version_for_windows.py
- Download the plug-in update script to the root directory.
curl URL > ~/update_log4j_version_for_resetpwdagent_windows.bat
URL is the address for downloading the plug-in update script.
Select an address for downloading the script based on the region where the ECSs are located.
- CN North-Beijing1: https://cn-north-1-cloud-reset-pwd.obs.cn-north-1.myhuaweicloud.com/windows/batch_update_resetpwd/update_log4j_version_for_resetpwdagent_windows.bat
- CN North-Beijing4: https://cn-north-4-cloud-reset-pwd.obs.cn-north-4.myhuaweicloud.com/windows/batch_update_resetpwd/update_log4j_version_for_resetpwdagent_windows.bat
- CN East-Shanghai2: https://cn-east-2-cloud-reset-pwd.obs.cn-east-2.myhuaweicloud.com/windows/batch_update_resetpwd/update_log4j_version_for_resetpwdagent_windows.bat
- CN South-Guangzhou: https://cn-south-1-cloud-reset-pwd.obs.cn-south-1.myhuaweicloud.com/windows/batch_update_resetpwd/update_log4j_version_for_resetpwdagent_windows.bat
- CN-Hong Kong: https://ap-southeast-1-cloud-reset-pwd.obs.ap-southeast-1.myhuaweicloud.com/windows/batch_update_resetpwd/update_log4j_version_for_resetpwdagent_windows.bat
- AP-Bangkok: https://ap-southeast-2-cloud-reset-pwd.obs.ap-southeast-2.myhuaweicloud.com/windows/batch_update_resetpwd/update_log4j_version_for_resetpwdagent_windows.bat
- Check whether the following files are in the root directory:
- batch_update_log4j_version_for_windows.py
- update_log4j_version_for_resetpwdagent_windows.bat
- CloudResetPwdAgent.zip
- 7z*.exe
- Create host_list.txt and press i to enter editing mode.
vi host_list.txt
Enter the information of the target ECSs in the host_list.txt file.
In each line, enter the IP address and the password of the Administrator user and separate them with a comma (,).
For example:
192.168.1.10,'**********' 192.168.1.11,'**********'
- Add the Ansible configuration file.
touch /etc/ansible/ansible.cfg
- Execute the batch execution script batch_update_log4j_version_for_windows.py.
python3.6 batch_update_log4j_version_for_windows.pyFigure 2 Executing the script
- View the execution result log in the last line of /root/logs/exec_origin.log.
vim /root/logs/exec_origin.log
If the following information is displayed, the execution is successful.
Figure 3 Successful script execution
Follow-up Procedure
- After the one-click password reset plug-in is updated, you can add it to the startup items if it cannot automatically start upon ECS startup. For details, see What Do I Do If the One-Click Password Resetting Plug-In Failed to Start?
- After the one-click password reset plug-in is updated, do not delete the CloudResetPwdAgent process. Otherwise, one-click password reset will not be available.
- If you have updated the one-click password reset plug-in, newly created ECSs work in PIPE mode by default to prevent the plug-in from using service ports. Existing ECSs still work in AUTO mode, in which the plug-in selects an idle port with the smallest port number from 31000 to 32999.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot