Hi,

thanks, changing 20-setup-ovrit-post.conf fixed the PKI Organization in engine-setup.

after engine-setup completed, I was not able to login to the webportal.   I needed to copy the  /etc/pki/ovirt-engine-backup-before-recreation back to ovirt-engine in order to login.   The errors on the webportal were about PKI something.   I didn't get a picture of it. sorry.





On Thu, Jul 14, 2016 at 1:02 AM, Yedidyah Bar David <didi@redhat.com> wrote:
On Thu, Jul 14, 2016 at 2:58 AM, Paul Dyer <pmdyermms@gmail.com> wrote:
> I am not having any luck.   When I get to step 5 (engine-setup), the "PKI
> organization" still has the old domainname???

You can try editing /etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf
and delete the line with 'OVESETUP_PKI/organization', then try engine-setup
again.

Best,

>
>           --== CONFIGURATION PREVIEW ==--
>
>           Update Firewall                         : False
>           Host FQDN                               : bacchus.xxxcentral.com
>           Engine database secured connection      : False
>           Engine database host                    : localhost
>           Engine database user name               : engine
>           Engine database name                    : engine
>           Engine database port                    : 5432
>           Engine database host name validation    : False
>           DWH database secured connection         : False
>           DWH database host                       : localhost
>           DWH database user name                  : ovirt_engine_history
>           DWH database name                       : ovirt_engine_history
>           DWH database port                       : 5432
>           DWH database host name validation       : False
>           Engine installation                     : True
>           PKI organization                        : xxxportal.com
>           DWH installation                        : True
>           Backup DWH database                     : True
>           Engine Host FQDN                        : bacchus.xxxcentral.com
>           Configure VMConsole Proxy               : False
>           Configure WebSocket Proxy               : False
>
>
> On Sun, Jul 10, 2016 at 2:27 AM, Yedidyah Bar David <didi@redhat.com> wrote:
>>
>> On Sat, Jul 9, 2016 at 2:35 AM, Paul Dyer <pmdyermms@gmail.com> wrote:
>> > Hi,
>> >
>> > back in 2015, with the first install of ovirt, I used a domain of
>> > xxxportal.com.   Since the client has an xxxcentral.com wildcard
>> > certificate, I added changed the hostname and domainname, and added the
>> > cert/cacert to the apache webpage.
>> >
>> > The pki on ovirt and vdsm (host) both still have the original
>> > xxxportal.com
>> > domain.   I am looking for a way to wipe away the old domain.
>> >
>> > Do I need to remove the host (not hosted engine), drop the
>> > datacenter/cluster, and build from a clean db?
>>
>> Basically yes. See also:
>>
>>
>> https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/
>>
>> If you have lots of data in your engine (hosts, VMs etc), you might manage
>> to
>> keep most of it by something like this, didn't try that:
>>
>> 1. Shutdown all VMs and move all hosts to maintenance
>> 2. Stop ovirt-engine service
>> 3. mv /etc/pki/ovirt-engine /etc/pki/ovirt-engine-backup-before-recreation
>> 4. yum reinstall ovirt-engine-backend, or copy back from above backup
>> only these, without the files they hold (for directories), but keep
>> owner/permissions:
>> cacert.template.in  certs  cert.template.in  keys  openssl.conf
>> private  requests
>> 5. engine-setup
>> It will notice pki is removed and recreate it for you
>> You might need to change admin password because it's encrypted with
>> engine's key
>> 6. Connect to web admin, and per host:
>> 6.1. Right click -> Enroll Certificate
>> 6.2. You might need Right-Click -> Reinstall
>> 6.3. Activate
>>
>> This should be enough, more-or-less. You might want, just in case,
>> before step 6,
>> to connect to all hosts and remove stuff under /etc/pki, but I didn't
>> check
>> what exactly.
>>
>> Best,
>> --
>> Didi
>
>
>
>
> --
> Paul Dyer,
> Mercury Consulting Group, RHCE
> 504-302-8750



--
Didi



--
Paul Dyer,
Mercury Consulting Group, RHCE
504-302-8750