<div dir="ltr">I have lost track of this during the last week. I will get some downtime and start over ( following your email from before ) and keep track of what happens.<div><br></div><div>Paul</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Jul 17, 2016 at 12:48 AM, Yedidyah Bar David <span dir="ltr"><<a href="mailto:didi@redhat.com" target="_blank">didi@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Fri, Jul 15, 2016 at 3:43 AM, Paul Dyer <<a href="mailto:pmdyermms@gmail.com">pmdyermms@gmail.com</a>> wrote:<br>
> Hi,<br>
><br>
</span><span class="">> thanks, changing 20-setup-ovrit-post.conf fixed the PKI Organization in<br>
> engine-setup.<br>
><br>
> after engine-setup completed, I was not able to login to the webportal. I<br>
<br>
</span>With what user? admin@internal or some external directory user (or something<br>
else)?<br>
<br>
Did you get an error message?<br>
<br>
Do you still have logs you can/want to share?<br>
<span class=""><br>
> needed to copy the /etc/pki/ovirt-engine-backup-before-recreation back to<br>
> ovirt-engine in order to login.<br>
<br>
</span>But didn't this partially revert your rename?<br>
<span class=""><br>
> The errors on the webportal were about PKI<br>
> something. I didn't get a picture of it. sorry.<br>
<br>
</span>Quite likely it's still possible to find in the logs.<br>
<div><div class="h5"><br>
><br>
><br>
><br>
><br>
><br>
> On Thu, Jul 14, 2016 at 1:02 AM, Yedidyah Bar David <<a href="mailto:didi@redhat.com">didi@redhat.com</a>> wrote:<br>
>><br>
>> On Thu, Jul 14, 2016 at 2:58 AM, Paul Dyer <<a href="mailto:pmdyermms@gmail.com">pmdyermms@gmail.com</a>> wrote:<br>
>> > I am not having any luck. When I get to step 5 (engine-setup), the<br>
>> > "PKI<br>
>> > organization" still has the old domainname???<br>
>><br>
>> You can try editing<br>
>> /etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf<br>
>> and delete the line with 'OVESETUP_PKI/organization', then try<br>
>> engine-setup<br>
>> again.<br>
>><br>
>> Best,<br>
>><br>
>> ><br>
>> > --== CONFIGURATION PREVIEW ==--<br>
>> ><br>
>> > Update Firewall : False<br>
>> > Host FQDN :<br>
>> > <a href="http://bacchus.xxxcentral.com" rel="noreferrer" target="_blank">bacchus.xxxcentral.com</a><br>
>> > Engine database secured connection : False<br>
>> > Engine database host : localhost<br>
>> > Engine database user name : engine<br>
>> > Engine database name : engine<br>
>> > Engine database port : 5432<br>
>> > Engine database host name validation : False<br>
>> > DWH database secured connection : False<br>
>> > DWH database host : localhost<br>
>> > DWH database user name : ovirt_engine_history<br>
>> > DWH database name : ovirt_engine_history<br>
>> > DWH database port : 5432<br>
>> > DWH database host name validation : False<br>
>> > Engine installation : True<br>
>> > PKI organization : <a href="http://xxxportal.com" rel="noreferrer" target="_blank">xxxportal.com</a><br>
>> > DWH installation : True<br>
>> > Backup DWH database : True<br>
>> > Engine Host FQDN :<br>
>> > <a href="http://bacchus.xxxcentral.com" rel="noreferrer" target="_blank">bacchus.xxxcentral.com</a><br>
>> > Configure VMConsole Proxy : False<br>
>> > Configure WebSocket Proxy : False<br>
>> ><br>
>> ><br>
>> > On Sun, Jul 10, 2016 at 2:27 AM, Yedidyah Bar David <<a href="mailto:didi@redhat.com">didi@redhat.com</a>><br>
>> > wrote:<br>
>> >><br>
>> >> On Sat, Jul 9, 2016 at 2:35 AM, Paul Dyer <<a href="mailto:pmdyermms@gmail.com">pmdyermms@gmail.com</a>> wrote:<br>
>> >> > Hi,<br>
>> >> ><br>
>> >> > back in 2015, with the first install of ovirt, I used a domain of<br>
>> >> > <a href="http://xxxportal.com" rel="noreferrer" target="_blank">xxxportal.com</a>. Since the client has an <a href="http://xxxcentral.com" rel="noreferrer" target="_blank">xxxcentral.com</a> wildcard<br>
>> >> > certificate, I added changed the hostname and domainname, and added<br>
>> >> > the<br>
>> >> > cert/cacert to the apache webpage.<br>
>> >> ><br>
>> >> > The pki on ovirt and vdsm (host) both still have the original<br>
>> >> > <a href="http://xxxportal.com" rel="noreferrer" target="_blank">xxxportal.com</a><br>
>> >> > domain. I am looking for a way to wipe away the old domain.<br>
>> >> ><br>
>> >> > Do I need to remove the host (not hosted engine), drop the<br>
>> >> > datacenter/cluster, and build from a clean db?<br>
>> >><br>
>> >> Basically yes. See also:<br>
>> >><br>
>> >><br>
>> >><br>
>> >> <a href="https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/" rel="noreferrer" target="_blank">https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/</a><br>
>> >><br>
>> >> If you have lots of data in your engine (hosts, VMs etc), you might<br>
>> >> manage<br>
>> >> to<br>
>> >> keep most of it by something like this, didn't try that:<br>
>> >><br>
>> >> 1. Shutdown all VMs and move all hosts to maintenance<br>
>> >> 2. Stop ovirt-engine service<br>
>> >> 3. mv /etc/pki/ovirt-engine<br>
>> >> /etc/pki/ovirt-engine-backup-before-recreation<br>
>> >> 4. yum reinstall ovirt-engine-backend, or copy back from above backup<br>
>> >> only these, without the files they hold (for directories), but keep<br>
>> >> owner/permissions:<br>
>> >> <a href="http://cacert.template.in" rel="noreferrer" target="_blank">cacert.template.in</a> certs <a href="http://cert.template.in" rel="noreferrer" target="_blank">cert.template.in</a> keys openssl.conf<br>
>> >> private requests<br>
>> >> 5. engine-setup<br>
>> >> It will notice pki is removed and recreate it for you<br>
>> >> You might need to change admin password because it's encrypted with<br>
>> >> engine's key<br>
<br>
</div></div>Did you change admin password?<br>
<br>
Best,<br>
<div class="HOEnZb"><div class="h5"><br>
>> >> 6. Connect to web admin, and per host:<br>
>> >> 6.1. Right click -> Enroll Certificate<br>
>> >> 6.2. You might need Right-Click -> Reinstall<br>
>> >> 6.3. Activate<br>
>> >><br>
>> >> This should be enough, more-or-less. You might want, just in case,<br>
>> >> before step 6,<br>
>> >> to connect to all hosts and remove stuff under /etc/pki, but I didn't<br>
>> >> check<br>
>> >> what exactly.<br>
>> >><br>
>> >> Best,<br>
>> >> --<br>
>> >> Didi<br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> > --<br>
>> > Paul Dyer,<br>
>> > Mercury Consulting Group, RHCE<br>
>> > 504-302-8750<br>
>><br>
>><br>
>><br>
>> --<br>
>> Didi<br>
><br>
><br>
><br>
><br>
> --<br>
> Paul Dyer,<br>
> Mercury Consulting Group, RHCE<br>
> 504-302-8750<br>
<br>
<br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
Didi<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Paul Dyer,<br>Mercury Consulting Group, RHCE<br>504-302-8750</div>
</div>