Initial Login

The default Heimdall server username is “admin” and the password is:

“heimdall”.

In AWS and GCP and similar environments (such as OpenStack), the Cloud instance ID is the default password. For Oracle cloud, it is the instance ocid. For Azure, it is the subscription ID.

If the password is not set to “heimdall” please see the server log (/var/log/heimdallserver.out.log or /opt/heimdall/log/heimdall.log) and look for a line such as:

2016-12-11 20:10:32,516 5153 [INFO] [http-nio-8087-exec-1] Initializing access control, user=admin, 
password=i-0aa1234a1a1a12abc

Note: It doesn't matter what install method you use--if in a cloud provider, as long as the software can detect the instance ID, it will default to the instance ID for the password. The following sources will be used to attempt to detect a cloud instance ID:

  • http://169.254.169.254/latest/meta-data/instance-id (AWS & compatible environments)
  • http://169.254.169.254/metadata/instance/compute/subscriptionId?api-version=2020-09-01&format=text (Azure)
  • http://169.254.169.254/computeMetadata/v1/instance/id (GCP)
  • http://169.254.169.254/opc/v2/instance/id (Oracle Cloud)

Note: As Azure doesn't expose the vmID to users easily, the subscription ID is used instead

User Reset

The default username and password for a server can be controlled explicitly by creating a file /etc/heimdall.conf prior to the server being first run, and add the lines:

  • hduser={username}
  • hdpassword={password}

For more details of a file /etc/heimdall.conf, please see heimdall.conf configuration.

When the http query “http://169.254.169.254/latest/meta-data/instance-id” returns a value, this value is used as the default password if no configuration is set in the /etc/heimdall.conf. This will happen in AWS instances, and some other cloud environments. This value can be obtained with:

echo `curl -s http://169.254.169.254/latest/meta-data/instance-id`

In the event the passwords need to be deleted from a current configuration, the following steps can be used to delete the configured accounts:

  1. Open the file $heimdallhome/config/heimdall.conf (the default install directory is /opt/heimdall/) in an editor (notepad, vi, etc)

  2. Remove the json array values for the “address” variable, i.e. replace:

    “addresses”:[{“enabled”:true,”file”:”config/admin_1.conf”,”name”:”admin”,”version”:1}]

With

“addresses”:[]

Once saved, if all accounts are removed, then the default admin account will be re-initialized once the Heimdall server is restarted.

To automate the password reset process you can do the following:

jq 'del(.addresses[])' < /opt/heimdall/config/heimdall.conf > /opt/heimdall/config/heimdall.conf.out
mv -f /opt/heimdall/config/heimdall.conf.out /opt/heimdall/config/heimdall.conf
service heimdall restart

Note: newer installs should include jq by default, but older will not, and will need to use the distribution's package installer to install jq.

File Base User Reset

The default username and password for a server can be reset by creating a file /etc/heimdall_reset_password. This operation will only change the credentials for an admin user, the default admin account will be re-initialized once the Heimdall server is restarted. When this operation succeed the file will be deleted.

Insecure connection

In case of an insecure connection, a warning 'You are using an insecure connection. Switch to HTTPS for secure access' appears, with a clickable 'HTTPS' link, which enables users to easily switch to a secure HTTPS protocol.