This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --jqakiCaOmFP9f4FpGI29oNeauWoOxF3aM Content-Type: multipart/mixed; boundary="66cCtMpFhTKBqqwQAsjplKCPdvE5mwege"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: users <users@ovirt.org> Message-ID: <4db29c1e-4031-aece-e736-855879c5c023@gmail.com> Subject: oVirt management has lost its SSL. --66cCtMpFhTKBqqwQAsjplKCPdvE5mwege Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Greetings, OS: Scientific Linux 7.4 oVirt: 4.1 Everything fully updated. Everything was working great. I received my new network card today to upgrade my ovirt management node (physical node; not self-hosted), took the machine down, swapped the card, and brought it up to many many errors= =2E Here's the basic break-down of my discoveries. 1) My /etc/pki/ovirt-engine/.trustedstore was corrupt. I had lots of messages in my engine.log about it being corrupt. Restored from backup, and oVirt engine was really peeved for not having my domain cert in it (tons of messages in the engine.log file)...figured out how to add my domain cert and it seemed OK. Which led me to... 2) My /etc/pki/ovirt-engine/keys/engine.p12 and /etc/pki/ovirt-engine/keys/apache.p12 are _gone_. Don't have them in my backups either. This results in a massive java dump when I try to start the engine service. 3) I noticed that I had /etc/pki/ovirt-engine/keys/engine.p12.201711021302 which is a time stamp corresponding to when I shut the node down. Then I noticed, that I was missing dang near EVERY file in /etc/pki/ovirt-engine but I had an equivalent file with the ".201711021302" extension. So a touch of bash and I copied all of my "*.201711021302" files with the proper user/group/permissions into their base name. Hooray! No more errors in the log files and all services start!! 4) I open my web browser and head to my management host...and I get this error: Keystore was tampered with, or password was incorrect Well...yeah. I had to fix it in step one. :-/ I'm not getting anything useful out of my Internet searching. I don't know what went wrong or why, but my SSL is just borked. Any suggestions? Thoughts? Ideas? Is there a way to just blow away and start over with the SSL _without_ destroying the VM's (which fortunately they all seem to still be functional!)? Any help would be greatly appreciated. Thanks! ~Stack~ --66cCtMpFhTKBqqwQAsjplKCPdvE5mwege-- --jqakiCaOmFP9f4FpGI29oNeauWoOxF3aM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZ+4ufAAoJELkej+ysXJPm/QwQAJYRG5YCzxLDvvMtr252oMP2 2NzNF1hSscm/rDe2LnmDygdeJNrnMf/E2KrGUcfIly5HsESMnY3qfcbDzzzLhF8P jMyRszzdPIo3z1OOlhK67q90kOI9KKuyf8/t/a5WCqyBUFfVGWr5t/UvkIg3gS1j hisokLAbBKRZmRj/ncjZFQJ8roNExamwedYe/5hnZnX5/yxmsBYUHB6aQ3rt/p7f Ic9Oqvt6RVbAvZ/69fFNcUK+/KQUdPDLqqKLepwlkb9nvvSYLtYKw3/0rqxCs0S3 AWsLi1ZV2Vfgn/Gx27x/wpXOLxYUWr8GhyE7++iTv6ujxNfP4MPm8ijgzl2RvgfA NVzHHf6WUOTGD3TPsgd45oa4IoKJ44pkKa/llqn1rrGeqhvoioBtE1NMaq5nexo6 t8bHOghcM+0SHclUenZJ5Yv19f0bYNN0GBjevmIy9W/LXQaS2knNnPPOZGsZFZlF e7M9phTEWo6jlv0k21rp98+ZlLszdo6zXQ6Bj72FS/HE2xGQkzrN3M/xFSrJl2Wv lbK2R2/Jg8jsriCOBQaNHTj/JbGPKPIbeZaa9ThmDC0htsfOqqN6Zj7OGUmq92+i yH8Iw+jyHmai99ssEi8zM7b3Nv01WWZYwPKEusuDsczJ5UTejy5SbbBxjQwFyZrM +TRNf+h1rWwrJC+Fetse =gPCS -----END PGP SIGNATURE----- --jqakiCaOmFP9f4FpGI29oNeauWoOxF3aM--