On 23. 3. 2021, at 7:55, Enrico Becchetti <enrico.becchetti@pg.infn.it> wrote:

Hi,

I've added a new ip public address and SSO_ALTERNATE_ENGINE_FQDNS,
after that I run engine-setup. and now ovirt can also be access with a new name
but the last item is about X509 certificate.
How can I add a second certificate for this new url ?

I think you’d have to use your own CA, the internal one doesn’t generate certificates with other names.
or as Didi suggested modify your DNS to use same FQDN for both ways


Best regards.
Enrico

Il 07/03/21 08:51, Yedidyah Bar David ha scritto:
On Fri, Mar 5, 2021 at 10:18 AM Enrico Becchetti
<enrico.becchetti@pg.infn.it> wrote:
  Dear all,
I'm using ovirt 4.3.2 with its engine on a virtual machine. The nodes
are all Centos 7.7.
Is this a hosted-engine?
no
Both engine and hypervisor systems work on a 10.0.0.0 private network.
Now I would like to let users access the ovirt web page (user portal)
and for this
I must necessarily add a second network interface to the engine by
inserting a public ip. I can't use NAT.
Can you give me any advice for this operation ?
Can I add the network interface and then run engine-setup ?
Will oVirt be accessible from both ip addresses at the end of this
operation ?
Generally speaking:

1. You should be able to add an IP address to the existing NIC. If this
is a hosted-engine, this might be simpler than adding a NIC. Of course,
this might not be relevant in your case, depending on network topology,
conf, etc.

2. The engine itself does not care at all about which IP addresses are
used to connect to it. Neither is httpd that is running there as a frontend
to it - it listens on all addresses. So just add the address somehow, perhaps
restart httpd if needed (but I do not think so), and everything should work.

3. The engine _does_ care about the _name_. So make sure you use the
existing name. For this, you'll have to change your DNS, or /etc/hosts,
as applicable.

4. If it's complex for you to keep the existing name (e.g. because you want
to make it work from both old and new addresses, etc.), you can also add
another name that the engine will agree to be connected to, using
SSO_ALTERNATE_ENGINE_FQDNS, see e.g. [1].

Best regards,

[1] https://www.ovirt.org/develop/networking/changing-engine-hostname.html

Lots of thanks.
Enrico

--
_______________________________________________________________________

Enrico Becchetti                    Servizio di Calcolo e Reti

Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
Phone:+39 075 5852777                   Skype:enrico_becchetti
              Mail: Enrico.Becchetti<at>pg.infn.it
______________________________________________________________________
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZW2SGNYGA4MEGUCA2ONQ3RVBRWIYMUJZ/




-- 
_______________________________________________________________________

Enrico Becchetti                    Servizio di Calcolo e Reti

Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
Phone:+39 075 5852777  Skype:enrico_becchetti
            Mail: Enrico.Becchetti<at>pg.infn.it
______________________________________________________________________
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MTSY7BKGWKFGBQXREFO4IBZESB62ESWG/