[ovirt-users] oVirt management has lost its SSL.

~Stack~ i.am.stack at gmail.com
Thu Nov 2 21:18:22 UTC 2017 

Greetings,

OS: Scientific Linux 7.4
oVirt: 4.1
Everything fully updated.

Everything was working great. I received my new network card today to
upgrade my ovirt management node (physical node; not self-hosted), took
the machine down, swapped the card, and brought it up to many many errors.

Here's the basic break-down of my discoveries.

1) My /etc/pki/ovirt-engine/.trustedstore was corrupt. I had lots of
messages in my engine.log about it being corrupt. Restored from backup,
and oVirt engine was really peeved for not having my domain cert in it
(tons of messages in the engine.log file)...figured out how to add my
domain cert and it seemed OK. Which led me to...

2) My /etc/pki/ovirt-engine/keys/engine.p12 and
/etc/pki/ovirt-engine/keys/apache.p12 are _gone_. Don't have them in my
backups either. This results in a massive java dump when I try to start
the engine service.

3) I noticed that I had
/etc/pki/ovirt-engine/keys/engine.p12.201711021302 which is a time stamp
corresponding to when I shut the node down. Then I noticed, that I was
missing dang near EVERY file in /etc/pki/ovirt-engine but I had an
equivalent file with the ".201711021302" extension. So a touch of bash
and I copied all of my "*.201711021302" files with the proper
user/group/permissions into their base name. Hooray! No more errors in
the log files and all services start!!

4) I open my web browser and head to my management host...and I get this
error:
Keystore was tampered with, or password was incorrect

Well...yeah. I had to fix it in step one. :-/

I'm not getting anything useful out of my Internet searching. I don't
know what went wrong or why, but my SSL is just borked.

Any suggestions? Thoughts? Ideas?

Is there a way to just blow away and start over with the SSL _without_
destroying the VM's (which fortunately they all seem to still be
functional!)?

Any help would be greatly appreciated.
Thanks!
~Stack~


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ovirt.org/pipermail/users/attachments/20171102/6ba51cb2/attachment.sig>

More information about the Users mailing list