<div dir="ltr">I am not having any luck. When I get to step 5 (engine-setup), the "PKI organization" still has the old domainname???<div><br></div><div><div> <font face="monospace, monospace" size="1"> --== CONFIGURATION PREVIEW ==--</font></div><div><font face="monospace, monospace" size="1"> </font></div><div><font face="monospace, monospace" size="1"> Update Firewall : False</font></div><div><font face="monospace, monospace" size="1"> Host FQDN : <a href="http://bacchus.xxxcentral.com">bacchus.xxxcentral.com</a></font></div><div><font face="monospace, monospace" size="1"> Engine database secured connection : False</font></div><div><font face="monospace, monospace" size="1"> Engine database host : localhost</font></div><div><font face="monospace, monospace" size="1"> Engine database user name : engine</font></div><div><font face="monospace, monospace" size="1"> Engine database name : engine</font></div><div><font face="monospace, monospace" size="1"> Engine database port : 5432</font></div><div><font face="monospace, monospace" size="1"> Engine database host name validation : False</font></div><div><font face="monospace, monospace" size="1"> DWH database secured connection : False</font></div><div><font face="monospace, monospace" size="1"> DWH database host : localhost</font></div><div><font face="monospace, monospace" size="1"> DWH database user name : ovirt_engine_history</font></div><div><font face="monospace, monospace" size="1"> DWH database name : ovirt_engine_history</font></div><div><font face="monospace, monospace" size="1"> DWH database port : 5432</font></div><div><font face="monospace, monospace" size="1"> DWH database host name validation : False</font></div><div><font face="monospace, monospace" size="1"> Engine installation : True</font></div><div><font face="monospace, monospace" size="1"> <b>PKI organization : <a href="http://xxxportal.com">xxxportal.com</a></b></font></div><div><font face="monospace, monospace" size="1"> DWH installation : True</font></div><div><font face="monospace, monospace" size="1"> Backup DWH database : True</font></div><div><font face="monospace, monospace" size="1"> Engine Host FQDN : <a href="http://bacchus.xxxcentral.com">bacchus.xxxcentral.com</a></font></div><div><font face="monospace, monospace" size="1"> Configure VMConsole Proxy : False</font></div><div><font face="monospace, monospace" size="1"> Configure WebSocket Proxy : False</font></div></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Jul 10, 2016 at 2:27 AM, Yedidyah Bar David <span dir="ltr"><<a href="mailto:didi@redhat.com" target="_blank">didi@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Sat, Jul 9, 2016 at 2:35 AM, Paul Dyer <<a href="mailto:pmdyermms@gmail.com">pmdyermms@gmail.com</a>> wrote:<br>
> Hi,<br>
><br>
> back in 2015, with the first install of ovirt, I used a domain of<br>
> <a href="http://xxxportal.com" rel="noreferrer" target="_blank">xxxportal.com</a>. Since the client has an <a href="http://xxxcentral.com" rel="noreferrer" target="_blank">xxxcentral.com</a> wildcard<br>
> certificate, I added changed the hostname and domainname, and added the<br>
> cert/cacert to the apache webpage.<br>
><br>
> The pki on ovirt and vdsm (host) both still have the original <a href="http://xxxportal.com" rel="noreferrer" target="_blank">xxxportal.com</a><br>
> domain. I am looking for a way to wipe away the old domain.<br>
><br>
> Do I need to remove the host (not hosted engine), drop the<br>
> datacenter/cluster, and build from a clean db?<br>
<br>
</span>Basically yes. See also:<br>
<br>
<a href="https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/" rel="noreferrer" target="_blank">https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/</a><br>
<br>
If you have lots of data in your engine (hosts, VMs etc), you might manage to<br>
keep most of it by something like this, didn't try that:<br>
<br>
1. Shutdown all VMs and move all hosts to maintenance<br>
2. Stop ovirt-engine service<br>
3. mv /etc/pki/ovirt-engine /etc/pki/ovirt-engine-backup-before-recreation<br>
4. yum reinstall ovirt-engine-backend, or copy back from above backup<br>
only these, without the files they hold (for directories), but keep<br>
owner/permissions:<br>
<a href="http://cacert.template.in" rel="noreferrer" target="_blank">cacert.template.in</a> certs <a href="http://cert.template.in" rel="noreferrer" target="_blank">cert.template.in</a> keys openssl.conf<br>
private requests<br>
5. engine-setup<br>
It will notice pki is removed and recreate it for you<br>
You might need to change admin password because it's encrypted with engine's key<br>
6. Connect to web admin, and per host:<br>
6.1. Right click -> Enroll Certificate<br>
6.2. You might need Right-Click -> Reinstall<br>
6.3. Activate<br>
<br>
This should be enough, more-or-less. You might want, just in case,<br>
before step 6,<br>
to connect to all hosts and remove stuff under /etc/pki, but I didn't check<br>
what exactly.<br>
<br>
Best,<br>
<span class="HOEnZb"><font color="#888888">--<br>
Didi<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Paul Dyer,<br>Mercury Consulting Group, RHCE<br>504-302-8750</div>
</div>