[ovirt-users] Re: Management Engine IP change

On Thu, Jul 30, 2020 at 12:56 PM Yedidyah Bar David <didi(a)redhat.com&gt; wrote: > > On Thu, Jul 30, 2020 at 12:42 PM Alex K <rightkicktech(a)gmail.com&gt; wrote: > > > > > > > > On Thu, Jul 30, 2020 at 12:01 PM Yedidyah Bar David <didi(a)redhat.com&gt; wrote: > >> > >> On Thu, Jul 30, 2020 at 11:30 AM Alex K <rightkicktech(a)gmail.com&gt; wrote: > >>> > >>> > >>> > >>> On Tue, Jul 28, 2020 at 11:51 AM Anton Louw via Users <users(a)ovirt.org&gt; wrote: > >>>> > >>>> > >>>> > >>>> Hi All, > >>>> > >>>> > >>>> > >>>> Does somebody perhaps know the process of changing the Hosted Engine IP address? I see that it is possible, I am just not sure if it is a straight forward process using ‘nmtui’ or editing the network config file. I have also ensured that everything was configured using the FQDN. > >>> > >>> Since the FQDN is not changing you should not have issues just updating your DNS then changing manually the engine IP from the ifcfg-ethx files then restart networking. > >>> What i find difficult and perhaps impossible is to change engine FQDN, as one will need to regenerate all certs from scratch (otherwise you will have issues with several services: imageio proxy, OVN, etc) and there is no such procedure documented/or supported. > >> > >> > >> I wonder - how/what did you search for, that led you to this conclusion? Or perhaps you even found it explicitly written somewhere? > > > > Searching around and testing in LAB. I am testing 4.3 though not 4.4. I used engine-rename tool and although was able to change fqdn for hosts and engine, I observed that some certificates were left out (for example OVN was still complaining about certificate issue with subject name not agreeing with the new FQDN - checking/downloading the relevant cert was still showing the previous FQDN). I do not deem successful the renaming of not all services are functional. > > Very well. > > I'd find your above statement less puzzling if you wrote instead "... > and the procedure for doing this is buggy/broken/incomplete"... I'm sorry for the confusion.

> > > >> > >> > >> There actually is: > >> > >> > >> https://www.ovirt.org/documentation/administration_guide/#sect-The_oVirt_... > > > > > > At this same link it reads: > > While the ovirt-engine-rename command creates a new certificate for the web server on which the Engine runs, it does not affect the certificate for the Engine or the certificate authority. Due to this, there is some risk involved in using the ovirt-engine-rename command, particularly in environments that have been upgraded from Red Hat Enterprise Virtualization 3.2 and earlier. Therefore, changing the fully qualified domain name of the Engine by running engine-cleanup and engine-setup is recommended where possible. > > explaining my above findings from the tests. > > No. These are two different things: > > 1. Bugs. All software has bugs. Hopefully we fix them over time. If > you find one, please file it. > > 2. Inherent design (or other) problems - the software works as > intended, but that's not what you want... I do not intend to blame anyone. I really appreciate the work you all are doing with this great project and understand that the community stream may have bugs and rough edges or simply I might not be well informed. > > > See also: > > https://www.ovirt.org/develop/networking/changing-engine-hostname.html > > >> > >> > >> That said, it indeed was somewhat broken for some time now - some fixed were only added quite recently, and are available only in current 4.4: > > > > This is interesting and needed for migration scenarios. > > Can you please elaborate? I am thinking about a scenario where one will need to migrate a DC from one FQDN to a completely new one (say I currently have host1.domain1.com, host2.domain1.com, engine.domain1.com and want to switch to host1.domain2.com, host2.domain2.com, engine.domain2.com) I am currently facing one such need. I need to migrate existing DC from domain1.com to domain2.com. Tried the engine-rename tool and changed IPs of engine and hosts but observed the OVN certificate issue with 4.3. In case this is sorted with 4.4 then I will see if this resolves my issue.

> > > If it's DR migration, perhaps you want storage export/import, as is > done using the DR tool: > > https://www.ovirt.org/documentation/disaster-recovery-guide/disaster-reco... > > If you just want to use a new name, but do not need to completely > forget the old one, you can add it using SSO_ALTERNATE_ENGINE_FQDNS. I need to wipe out completely any reference to the old domain/FQDN.

> > > > Also I am wondering if I can change in some way the management network and make from untagged to VLAN tagged. > > Sorry, no idea. Perhaps start a different thread about this. I will. thanx. > > > Best regards, > > >> > >> > >> https://github.com/oVirt/ovirt-engine/commits/master/packaging/setup/plug... > >> > >> I do not think I am aware of currently still-open bugs. If you find one, please file it in bugzilla. Thanks! > >> > >>> > >>> I might be able to soon test this engine IP change in a virtual environment and let you know. > >> > >> > >> Thanks and good luck! > >> -- > >> Didi > > > > _______________________________________________ > > Users mailing list -- users(a)ovirt.org > > To unsubscribe send an email to users-leave(a)ovirt.org > > Privacy Statement: https://www.ovirt.org/privacy-policy.html > > oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ > > List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/R5ZWCNEL3HP... > > > > -- > Didi > _______________________________________________ Users mailing list -- users(a)ovirt.org To unsubscribe send an email to users-leave(a)ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/4KX4WAZR3CH...