On Sat, Jul 9, 2016 at 2:35 AM, Paul Dyer <pmdyermms(a)gmail.com&gt; wrote: > Hi, > > back in 2015, with the first install of ovirt, I used a domain of > xxxportal.com. Since the client has an xxxcentral.com wildcard > certificate, I added changed the hostname and domainname, and added the > cert/cacert to the apache webpage. > > The pki on ovirt and vdsm (host) both still have the original xxxportal.com > domain. I am looking for a way to wipe away the old domain. > > Do I need to remove the host (not hosted engine), drop the > datacenter/cluster, and build from a clean db? Basically yes. See also: https://www.ovirt.org/documentation/how-to/networking/changing-engine-hos... If you have lots of data in your engine (hosts, VMs etc), you might manage to keep most of it by something like this, didn't try that: 1. Shutdown all VMs and move all hosts to maintenance 2. Stop ovirt-engine service 3. mv /etc/pki/ovirt-engine /etc/pki/ovirt-engine-backup-before-recreation 4. yum reinstall ovirt-engine-backend, or copy back from above backup only these, without the files they hold (for directories), but keep owner/permissions: cacert.template.in certs cert.template.in keys openssl.conf private requests 5. engine-setup It will notice pki is removed and recreate it for you You might need to change admin password because it's encrypted with engine's key 6. Connect to web admin, and per host: 6.1. Right click -> Enroll Certificate 6.2. You might need Right-Click -> Reinstall 6.3. Activate This should be enough, more-or-less. You might want, just in case, before step 6, to connect to all hosts and remove stuff under /etc/pki, but I didn't check what exactly. Best,

On Sat, Jul 9, 2016 at 2:35 AM, Paul Dyer <pmdyermms(a)gmail.com&gt; wrote: > Hi, > > back in 2015, with the first install of ovirt, I used a domain of > xxxportal.com. Since the client has an xxxcentral.com wildcard > certificate, I added changed the hostname and domainname, and added the > cert/cacert to the apache webpage. > > The pki on ovirt and vdsm (host) both still have the original xxxportal.com > domain. I am looking for a way to wipe away the old domain. > > Do I need to remove the host (not hosted engine), drop the > datacenter/cluster, and build from a clean db? Basically yes. See also: https://www.ovirt.org/documentation/how-to/networking/changing-engine-hos... If you have lots of data in your engine (hosts, VMs etc), you might manage to keep most of it by something like this, didn't try that: 1. Shutdown all VMs and move all hosts to maintenance 2. Stop ovirt-engine service 3. mv /etc/pki/ovirt-engine /etc/pki/ovirt-engine-backup-before-recreation 4. yum reinstall ovirt-engine-backend, or copy back from above backup only these, without the files they hold (for directories), but keep owner/permissions: cacert.template.in certs cert.template.in keys openssl.conf private requests 5. engine-setup It will notice pki is removed and recreate it for you You might need to change admin password because it's encrypted with engine's key 6. Connect to web admin, and per host: 6.1. Right click -> Enroll Certificate 6.2. You might need Right-Click -> Reinstall 6.3. Activate This should be enough, more-or-less. You might want, just in case, before step 6, to connect to all hosts and remove stuff under /etc/pki, but I didn't check what exactly. Best, -- Didi

On Thu, Jul 14, 2016 at 2:58 AM, Paul Dyer <pmdyermms(a)gmail.com&gt; wrote: > I am not having any luck. When I get to step 5 (engine-setup), the "PKI > organization" still has the old domainname??? You can try editing /etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf and delete the line with 'OVESETUP_PKI/organization', then try engine-setup again. Best, > > --== CONFIGURATION PREVIEW ==-- > > Update Firewall : False > Host FQDN : bacchus.xxxcentral.com > Engine database secured connection : False > Engine database host : localhost > Engine database user name : engine > Engine database name : engine > Engine database port : 5432 > Engine database host name validation : False > DWH database secured connection : False > DWH database host : localhost > DWH database user name : ovirt_engine_history > DWH database name : ovirt_engine_history > DWH database port : 5432 > DWH database host name validation : False > Engine installation : True > PKI organization : xxxportal.com > DWH installation : True > Backup DWH database : True > Engine Host FQDN : bacchus.xxxcentral.com > Configure VMConsole Proxy : False > Configure WebSocket Proxy : False > > > On Sun, Jul 10, 2016 at 2:27 AM, Yedidyah Bar David <didi(a)redhat.com&gt; wrote: >> >> On Sat, Jul 9, 2016 at 2:35 AM, Paul Dyer <pmdyermms(a)gmail.com&gt; wrote: >> > Hi, >> > >> > back in 2015, with the first install of ovirt, I used a domain of >> > xxxportal.com. Since the client has an xxxcentral.com wildcard >> > certificate, I added changed the hostname and domainname, and added the >> > cert/cacert to the apache webpage. >> > >> > The pki on ovirt and vdsm (host) both still have the original >> > xxxportal.com >> > domain. I am looking for a way to wipe away the old domain. >> > >> > Do I need to remove the host (not hosted engine), drop the >> > datacenter/cluster, and build from a clean db? >> >> Basically yes. See also: >> >> >> https://www.ovirt.org/documentation/how-to/networking/changing-engine-hos... >> >> If you have lots of data in your engine (hosts, VMs etc), you might manage >> to >> keep most of it by something like this, didn't try that: >> >> 1. Shutdown all VMs and move all hosts to maintenance >> 2. Stop ovirt-engine service >> 3. mv /etc/pki/ovirt-engine /etc/pki/ovirt-engine-backup-before-recreation >> 4. yum reinstall ovirt-engine-backend, or copy back from above backup >> only these, without the files they hold (for directories), but keep >> owner/permissions: >> cacert.template.in certs cert.template.in keys openssl.conf >> private requests >> 5. engine-setup >> It will notice pki is removed and recreate it for you >> You might need to change admin password because it's encrypted with >> engine's key >> 6. Connect to web admin, and per host: >> 6.1. Right click -> Enroll Certificate >> 6.2. You might need Right-Click -> Reinstall >> 6.3. Activate >> >> This should be enough, more-or-less. You might want, just in case, >> before step 6, >> to connect to all hosts and remove stuff under /etc/pki, but I didn't >> check >> what exactly. >> >> Best, >> -- >> Didi > > > > > -- > Paul Dyer, > Mercury Consulting Group, RHCE > 504-302-8750 -- Didi

On Fri, Jul 15, 2016 at 3:43 AM, Paul Dyer <pmdyermms(a)gmail.com&gt; wrote: > Hi, > > thanks, changing 20-setup-ovrit-post.conf fixed the PKI Organization in > engine-setup. > > after engine-setup completed, I was not able to login to the webportal. I With what user? admin@internal or some external directory user (or something else)? Did you get an error message? Do you still have logs you can/want to share? > needed to copy the /etc/pki/ovirt-engine-backup-before-recreation back to > ovirt-engine in order to login. But didn't this partially revert your rename? > The errors on the webportal were about PKI > something. I didn't get a picture of it. sorry. Quite likely it's still possible to find in the logs. > > > > > > On Thu, Jul 14, 2016 at 1:02 AM, Yedidyah Bar David <didi(a)redhat.com&gt; wrote: >> >> On Thu, Jul 14, 2016 at 2:58 AM, Paul Dyer <pmdyermms(a)gmail.com&gt; wrote: >> > I am not having any luck. When I get to step 5 (engine-setup), the >> > "PKI >> > organization" still has the old domainname??? >> >> You can try editing >> /etc/ovirt-engine-setup.conf.d/20-setup-ovirt-post.conf >> and delete the line with 'OVESETUP_PKI/organization', then try >> engine-setup >> again. >> >> Best, >> >> > >> > --== CONFIGURATION PREVIEW ==-- >> > >> > Update Firewall : False >> > Host FQDN : >> > bacchus.xxxcentral.com >> > Engine database secured connection : False >> > Engine database host : localhost >> > Engine database user name : engine >> > Engine database name : engine >> > Engine database port : 5432 >> > Engine database host name validation : False >> > DWH database secured connection : False >> > DWH database host : localhost >> > DWH database user name : ovirt_engine_history >> > DWH database name : ovirt_engine_history >> > DWH database port : 5432 >> > DWH database host name validation : False >> > Engine installation : True >> > PKI organization : xxxportal.com >> > DWH installation : True >> > Backup DWH database : True >> > Engine Host FQDN : >> > bacchus.xxxcentral.com >> > Configure VMConsole Proxy : False >> > Configure WebSocket Proxy : False >> > >> > >> > On Sun, Jul 10, 2016 at 2:27 AM, Yedidyah Bar David <didi(a)redhat.com&gt; >> > wrote: >> >> >> >> On Sat, Jul 9, 2016 at 2:35 AM, Paul Dyer <pmdyermms(a)gmail.com&gt; wrote: >> >> > Hi, >> >> > >> >> > back in 2015, with the first install of ovirt, I used a domain of >> >> > xxxportal.com. Since the client has an xxxcentral.com wildcard >> >> > certificate, I added changed the hostname and domainname, and added >> >> > the >> >> > cert/cacert to the apache webpage. >> >> > >> >> > The pki on ovirt and vdsm (host) both still have the original >> >> > xxxportal.com >> >> > domain. I am looking for a way to wipe away the old domain. >> >> > >> >> > Do I need to remove the host (not hosted engine), drop the >> >> > datacenter/cluster, and build from a clean db? >> >> >> >> Basically yes. See also: >> >> >> >> >> >> >> >> https://www.ovirt.org/documentation/how-to/networking/changing-engine-hos... >> >> >> >> If you have lots of data in your engine (hosts, VMs etc), you might >> >> manage >> >> to >> >> keep most of it by something like this, didn't try that: >> >> >> >> 1. Shutdown all VMs and move all hosts to maintenance >> >> 2. Stop ovirt-engine service >> >> 3. mv /etc/pki/ovirt-engine >> >> /etc/pki/ovirt-engine-backup-before-recreation >> >> 4. yum reinstall ovirt-engine-backend, or copy back from above backup >> >> only these, without the files they hold (for directories), but keep >> >> owner/permissions: >> >> cacert.template.in certs cert.template.in keys openssl.conf >> >> private requests >> >> 5. engine-setup >> >> It will notice pki is removed and recreate it for you >> >> You might need to change admin password because it's encrypted with >> >> engine's key Did you change admin password? Best, >> >> 6. Connect to web admin, and per host: >> >> 6.1. Right click -> Enroll Certificate >> >> 6.2. You might need Right-Click -> Reinstall >> >> 6.3. Activate >> >> >> >> This should be enough, more-or-less. You might want, just in case, >> >> before step 6, >> >> to connect to all hosts and remove stuff under /etc/pki, but I didn't >> >> check >> >> what exactly. >> >> >> >> Best, >> >> -- >> >> Didi >> > >> > >> > >> > >> > -- >> > Paul Dyer, >> > Mercury Consulting Group, RHCE >> > 504-302-8750 >> >> >> >> -- >> Didi > > > > > -- > Paul Dyer, > Mercury Consulting Group, RHCE > 504-302-8750 -- Didi