Table of Contents
Password Recovery on BIG-IP 11.x–14.0
Applies to: BIG-IP 11.x, 12.x, 13.x, 14.0
Bootloader: GRUB 0.97 or GRUB2
Reboot into Single-User Mode
- Reboot the system via console.
- At the GRUB menu:
- GRUB2 platforms: highlight your kernel entry, press e, append
single(orsingle fastbootto skip fsck), then Ctrl-x to boot. - GRUB0.97 platforms: press e twice to edit the
kernelline, appendsingle, then press b to boot.
- GRUB2 platforms: highlight your kernel entry, press e, append
Note: If you’re uncertain which GRUB version your appliance uses, refer to F5’s K14658 KB article.
Reset the Root Password
Once you reach a prompt like switch_root:/#:
shell
mount -a
passwd rootmount -aensures all filesystems from/etc/fstabare mounted (including/as read-write).passwd rootinvokes the password-set utility—enter and confirm your new strong password.- Type
exitorrebootto continue normal boot.
After reboot, you can log in with your new root password.
Password Recovery on BIG-IP 14.0 and Later
F5 revised its architecture in 14.x, leveraging RD.BREAK to interrupt the boot process more cleanly.
Enter RD.BREAK Mode
- Reboot and, at the GRUB menu, highlight the kernel entry.
- Press e to edit; on the kernel line, append
rd.break. - Press Ctrl-x (or b) to boot into the minimal shell.
Identify Your Logical Volumes
shell
mount | grep /dev/mapper/vg–db
Typical output:
bash
/dev/mapper/vg–db–sda-set.2.root on /sysroot
/dev/mapper/vg–db–sda-set.2._usr on /sysroot/usrIf you see
vdainstead ofsda, substitute accordingly.
Remount Filesystems Read-Write
shell
mount -o remount,rw /sysroot
mount -o remount,rw /sysroot/usrMount Config & Var Volumes
Based on your “set” number (e.g., set.2):
shell
mount /dev/mapper/vg–db–sda-set.2._config /sysroot/config
mount /dev/mapper/vg–db–sda-set.2._var /sysroot/varVerify all are rw:
shell
mount | grep /dev/mapper/vg–dbChroot & Reset
shell
chroot /sysroot
passwd rootSet your new root password when prompted.
Ensure SELinux Relabeling
shell
touch /.autorelabelThis flags the filesystem for relabel on next boot.
Exit & Reboot
shell
exit # from chroot
exit # from switch_root shellSystem boots normally, and you can log in as root with your new password.
VIPRION Multi-Blade Note: On chassis with multiple blades, repeat the password change on the primary blade. After reboot, log into secondary and SSH via
ssh primary(key-auth) to propagate the change.
Special Cases & Considerations
RAID vs. Non-RAID on 14.1.0+
- Non-RAID platforms (14.1+): refer to KB K35811337.
- RAID-capable platforms (14.1+): refer to KB K23220345.
These outline slight variations in volume mappings when using hardware RAID controllers.
vCMP Guests
For BIG-IP instances running as vCMP guests, follow KB K14581 for single-user mode nuances.
Skipping FSCK
If forced filesystem checks prompt for passwords, append single fastboot instead of single for GRUB2 boots to skip checks.
Admin/User Password Recovery on rSeries
On F5 rSeries appliances (F5OS), “root” and “admin” reside in separate partitions and use a systemd-based boot:
- Reboot to the F5OS bootloader; at the boot menu, press e on the default image.
- On the
linuxefiline, appendrd.break. - Press Ctrl-x to continue into the maintenance shell.
- Remount overlays as read-write: bash
mount -o remount,rw /sysroot && mount -o remount,rw /sysroot/sysroot
chroot /sysroot
- Change the
admin(orroot) password:
passwd admin # or passwd root
- Reload SELinux policy & restore contexts:
load_policy -i
restorecon -v /etc/shadow- Update shadow tracker if needed (rSeries-specific):
awk -F: '/^admin:/{print "admin admin", $2, $3}' /etc/shadow >> /etc/libnss-udr/shadow.tracker
- Exit twice to continue boot; log in with your new credentials.
Comments