[ovirt-users] oVirt management has lost its SSL.

~Stack~ i.am.stack at gmail.com
Fri Nov 3 14:30:02 UTC 2017


Greetings,

Please, I would greatly appreciate some help/feedback. I'm not sure what
else to do.

I reverted the .trustedstore to the only backup I have, and there is one
key in it. That too gets flagged by oVirt as having been tampered with
(I'm guessing oVirt added something that isn't there any more). The
password is correct as I can verify it from the oVirt config file on the
command line.

I'm out of ideas on fixing this. What happens to my oVirt hypervisors
and VM's if I rebuild the management engine host from scratch?

Thanks!
~Stack~
On 11/02/2017 04:18 PM, ~Stack~ wrote:
> Greetings,
> 
> OS: Scientific Linux 7.4
> oVirt: 4.1
> Everything fully updated.
> 
> Everything was working great. I received my new network card today to
> upgrade my ovirt management node (physical node; not self-hosted), took
> the machine down, swapped the card, and brought it up to many many errors.
> 
> Here's the basic break-down of my discoveries.
> 
> 1) My /etc/pki/ovirt-engine/.trustedstore was corrupt. I had lots of
> messages in my engine.log about it being corrupt. Restored from backup,
> and oVirt engine was really peeved for not having my domain cert in it
> (tons of messages in the engine.log file)...figured out how to add my
> domain cert and it seemed OK. Which led me to...
> 
> 2) My /etc/pki/ovirt-engine/keys/engine.p12 and
> /etc/pki/ovirt-engine/keys/apache.p12 are _gone_. Don't have them in my
> backups either. This results in a massive java dump when I try to start
> the engine service.
> 
> 3) I noticed that I had
> /etc/pki/ovirt-engine/keys/engine.p12.201711021302 which is a time stamp
> corresponding to when I shut the node down. Then I noticed, that I was
> missing dang near EVERY file in /etc/pki/ovirt-engine but I had an
> equivalent file with the ".201711021302" extension. So a touch of bash
> and I copied all of my "*.201711021302" files with the proper
> user/group/permissions into their base name. Hooray! No more errors in
> the log files and all services start!!
> 
> 4) I open my web browser and head to my management host...and I get this
> error:
> Keystore was tampered with, or password was incorrect
> 
> Well...yeah. I had to fix it in step one. :-/
> 
> I'm not getting anything useful out of my Internet searching. I don't
> know what went wrong or why, but my SSL is just borked.
> 
> Any suggestions? Thoughts? Ideas?
> 
> Is there a way to just blow away and start over with the SSL _without_
> destroying the VM's (which fortunately they all seem to still be
> functional!)?
> 
> Any help would be greatly appreciated.
> Thanks!
> ~Stack~
> 
> 



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ovirt.org/pipermail/users/attachments/20171103/9ee41327/attachment.sig>


More information about the Users mailing list