On Tue, Jul 12, 2016 at 10:16 PM, David Jaša <djasa(a)redhat.com> wrote:
On Ne, 2016-07-10 at 10:27 +0300, Yedidyah Bar David wrote:
> On Sat, Jul 9, 2016 at 2:35 AM, Paul Dyer <pmdyermms(a)gmail.com> wrote:
> > Hi,
> >
> > back in 2015, with the first install of ovirt, I used a domain of
> >
xxxportal.com. Since the client has an
xxxcentral.com wildcard
> > certificate, I added changed the hostname and domainname, and added the
> > cert/cacert to the apache webpage.
> >
> > The pki on ovirt and vdsm (host) both still have the original
xxxportal.com
> > domain. I am looking for a way to wipe away the old domain.
If this ^^^^ is the requirement, then:
> >
> > Do I need to remove the host (not hosted engine), drop the
> > datacenter/cluster, and build from a clean db?
>
> Basically yes. See also:
>
>
https://www.ovirt.org/documentation/how-to/networking/changing-engine-hos...
>
> If you have lots of data in your engine (hosts, VMs etc), you might manage to
> keep most of it by something like this, didn't try that:
>
> 1. Shutdown all VMs and move all hosts to maintenance
> 2. Stop ovirt-engine service
> 3. mv /etc/pki/ovirt-engine /etc/pki/ovirt-engine-backup-before-recreation
> 4. yum reinstall ovirt-engine-backend, or copy back from above backup
> only these, without the files they hold (for directories), but keep
> owner/permissions:
> cacert.template.in certs cert.template.in keys openssl.conf
> private requests
> 5. engine-setup
> It will notice pki is removed and recreate it for you
> You might need to change admin password because it's encrypted with engine's
key
> 6. Connect to web admin, and per host:
> 6.1. Right click -> Enroll Certificate
> 6.2. You might need Right-Click -> Reinstall
> 6.3. Activate
>
> This should be enough, more-or-less. You might want, just in case,
> before step 6,
> to connect to all hosts and remove stuff under /etc/pki, but I didn't check
> what exactly.
>
> Best,
I'm wondering if all of these is necessary.
Yes, I think. If it's just to have the web admin interface use the new domain,
then ovirt-engine-rename should be enough.
I didn't do exactly this, I
however added a second mod_ssl instance to the apache on a different
port (with different certificates) and 3.6 worked for me without any
other changes (on both ports). 4.0 did not work on different port as AAA
refused to authenticate user.
Right.
Best,
--
Didi