<div dir="ltr">Hi,<div><br></div><div>thanks, changing 20-setup-ovrit-post.conf fixed the PKI Organization in engine-setup.</div><div><br></div><div>after engine-setup completed, I was not able to login to the webportal. I needed to copy the <span style="font-size:12.8px">/etc/pki/ovirt-engine-backup-</span><span style="font-size:12.8px">before-recreation back to ovirt-engine in order to login. The errors on the webportal were about PKI something. I didn't get a picture of it. sorry.</span></div><div><span style="font-size:12.8px"><br></span></div><div><br></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jul 14, 2016 at 1:02 AM, Yedidyah Bar David <span dir="ltr"><<a href="mailto:didi@redhat.com" target="_blank">didi@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Thu, Jul 14, 2016 at 2:58 AM, Paul Dyer <<a href="mailto:pmdyermms@gmail.com">pmdyermms@gmail.com</a>> wrote:<br>
> I am not having any luck. When I get to step 5 (engine-setup), the "PKI<br>
> organization" still has the old domainname???<br>
<br>
</span>You can try editing /etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf<br>
and delete the line with 'OVESETUP_PKI/organization', then try engine-setup<br>
again.<br>
<br>
Best,<br>
<div class="HOEnZb"><div class="h5"><br>
><br>
> --== CONFIGURATION PREVIEW ==--<br>
><br>
> Update Firewall : False<br>
> Host FQDN : <a href="http://bacchus.xxxcentral.com" rel="noreferrer" target="_blank">bacchus.xxxcentral.com</a><br>
> Engine database secured connection : False<br>
> Engine database host : localhost<br>
> Engine database user name : engine<br>
> Engine database name : engine<br>
> Engine database port : 5432<br>
> Engine database host name validation : False<br>
> DWH database secured connection : False<br>
> DWH database host : localhost<br>
> DWH database user name : ovirt_engine_history<br>
> DWH database name : ovirt_engine_history<br>
> DWH database port : 5432<br>
> DWH database host name validation : False<br>
> Engine installation : True<br>
> PKI organization : <a href="http://xxxportal.com" rel="noreferrer" target="_blank">xxxportal.com</a><br>
> DWH installation : True<br>
> Backup DWH database : True<br>
> Engine Host FQDN : <a href="http://bacchus.xxxcentral.com" rel="noreferrer" target="_blank">bacchus.xxxcentral.com</a><br>
> Configure VMConsole Proxy : False<br>
> Configure WebSocket Proxy : False<br>
><br>
><br>
> On Sun, Jul 10, 2016 at 2:27 AM, Yedidyah Bar David <<a href="mailto:didi@redhat.com">didi@redhat.com</a>> wrote:<br>
>><br>
>> On Sat, Jul 9, 2016 at 2:35 AM, Paul Dyer <<a href="mailto:pmdyermms@gmail.com">pmdyermms@gmail.com</a>> wrote:<br>
>> > Hi,<br>
>> ><br>
>> > back in 2015, with the first install of ovirt, I used a domain of<br>
>> > <a href="http://xxxportal.com" rel="noreferrer" target="_blank">xxxportal.com</a>. Since the client has an <a href="http://xxxcentral.com" rel="noreferrer" target="_blank">xxxcentral.com</a> wildcard<br>
>> > certificate, I added changed the hostname and domainname, and added the<br>
>> > cert/cacert to the apache webpage.<br>
>> ><br>
>> > The pki on ovirt and vdsm (host) both still have the original<br>
>> > <a href="http://xxxportal.com" rel="noreferrer" target="_blank">xxxportal.com</a><br>
>> > domain. I am looking for a way to wipe away the old domain.<br>
>> ><br>
>> > Do I need to remove the host (not hosted engine), drop the<br>
>> > datacenter/cluster, and build from a clean db?<br>
>><br>
>> Basically yes. See also:<br>
>><br>
>><br>
>> <a href="https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/" rel="noreferrer" target="_blank">https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/</a><br>
>><br>
>> If you have lots of data in your engine (hosts, VMs etc), you might manage<br>
>> to<br>
>> keep most of it by something like this, didn't try that:<br>
>><br>
>> 1. Shutdown all VMs and move all hosts to maintenance<br>
>> 2. Stop ovirt-engine service<br>
>> 3. mv /etc/pki/ovirt-engine /etc/pki/ovirt-engine-backup-before-recreation<br>
>> 4. yum reinstall ovirt-engine-backend, or copy back from above backup<br>
>> only these, without the files they hold (for directories), but keep<br>
>> owner/permissions:<br>
>> <a href="http://cacert.template.in" rel="noreferrer" target="_blank">cacert.template.in</a> certs <a href="http://cert.template.in" rel="noreferrer" target="_blank">cert.template.in</a> keys openssl.conf<br>
>> private requests<br>
>> 5. engine-setup<br>
>> It will notice pki is removed and recreate it for you<br>
>> You might need to change admin password because it's encrypted with<br>
>> engine's key<br>
>> 6. Connect to web admin, and per host:<br>
>> 6.1. Right click -> Enroll Certificate<br>
>> 6.2. You might need Right-Click -> Reinstall<br>
>> 6.3. Activate<br>
>><br>
>> This should be enough, more-or-less. You might want, just in case,<br>
>> before step 6,<br>
>> to connect to all hosts and remove stuff under /etc/pki, but I didn't<br>
>> check<br>
>> what exactly.<br>
>><br>
>> Best,<br>
>> --<br>
>> Didi<br>
><br>
><br>
><br>
><br>
> --<br>
> Paul Dyer,<br>
> Mercury Consulting Group, RHCE<br>
> 504-302-8750<br>
<br>
<br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
Didi<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Paul Dyer,<br>Mercury Consulting Group, RHCE<br>504-302-8750</div>
</div>