This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--FplIUg6f4oTjf2uFF6d2cIwEkHoJ3XiFB
Content-Type: multipart/mixed; boundary="7L1K7tlmuTMbpGfdltWoF2kVahxXLS4w9";
protected-headers="v1"
From: ~Stack~ <i.am.stack(a)gmail.com>
To: users <users(a)ovirt.org>
Message-ID: <a8ae8ead-b6cc-c1d1-4dcb-785f4c41a57f(a)gmail.com>
Subject: Re: oVirt management has lost its SSL.
References: <4db29c1e-4031-aece-e736-855879c5c023(a)gmail.com>
<d0bca9f6-2251-f865-436e-9e82b24333b1(a)gmail.com>
In-Reply-To: <d0bca9f6-2251-f865-436e-9e82b24333b1(a)gmail.com>
--7L1K7tlmuTMbpGfdltWoF2kVahxXLS4w9
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Greetings,
I'm seriously just grasping at straws here. I took a spare hard drive,
tossed it in the management host, and did a fresh install. It did not
like me trying to add it into the existing infrastructure. Tried to dump
the DB from the old to the new, update the passwords, and pretty much
ended up in the same place.
I did check the .trustedkeystore and it has the same 1 key as my
original back up. So that isn't the issue.
Still poking at it. Would love some thoughts/feedback.
Thanks!
~Stack~
On 11/03/2017 09:30 AM, ~Stack~ wrote:
Greetings,
=20
Please, I would greatly appreciate some help/feedback. I'm not sure wha=
t
else to do.
=20
I reverted the .trustedstore to the only backup I have, and there is on=
e
key in it. That too gets flagged by oVirt as having been tampered
with
(I'm guessing oVirt added something that isn't there any more). The
password is correct as I can verify it from the oVirt config file on th=
e
command line.
=20
I'm out of ideas on fixing this. What happens to my oVirt hypervisors
and VM's if I rebuild the management engine host from scratch?
=20
Thanks!
~Stack~
On 11/02/2017 04:18 PM, ~Stack~ wrote:
> Greetings,
>
> OS: Scientific Linux 7.4
> oVirt: 4.1
> Everything fully updated.
>
> Everything was working great. I received my new network card today to
> upgrade my ovirt management node (physical node; not self-hosted), too=
k
> the machine down, swapped the card, and brought it up to many
many err=
ors.
>
> Here's the basic break-down of my discoveries.
>
> 1) My /etc/pki/ovirt-engine/.trustedstore was corrupt. I had lots of
> messages in my engine.log about it being corrupt. Restored from backup=
,
> and oVirt engine was really peeved for not having my domain cert
in it=
> (tons of messages in the engine.log file)...figured out how to
add my
> domain cert and it seemed OK. Which led me to...
>
> 2) My /etc/pki/ovirt-engine/keys/engine.p12 and
> /etc/pki/ovirt-engine/keys/apache.p12 are _gone_. Don't have them in m=
y
> backups either. This results in a massive java dump when I try to
star=
t
> the engine service.
>
> 3) I noticed that I had
> /etc/pki/ovirt-engine/keys/engine.p12.201711021302 which is a time sta=
mp
> corresponding to when I shut the node down. Then I noticed, that
I was=
> missing dang near EVERY file in /etc/pki/ovirt-engine but I had
an
> equivalent file with the ".201711021302" extension. So a touch of bash=
> and I copied all of my "*.201711021302" files with the
proper
> user/group/permissions into their base name. Hooray! No more errors in=
> the log files and all services start!!
>
> 4) I open my web browser and head to my management host...and I get th=
is
> error:
> Keystore was tampered with, or password was incorrect
>
> Well...yeah. I had to fix it in step one. :-/
>
> I'm not getting anything useful out of my Internet searching. I don't
> know what went wrong or why, but my SSL is just borked.
>
> Any suggestions? Thoughts? Ideas?
>
> Is there a way to just blow away and start over with the SSL _without_=
> destroying the VM's (which fortunately they all seem to still
be
> functional!)?
>
> Any help would be greatly appreciated.
> Thanks!
> ~Stack~
>
>
=20
=20
=20
--7L1K7tlmuTMbpGfdltWoF2kVahxXLS4w9--
--FplIUg6f4oTjf2uFF6d2cIwEkHoJ3XiFB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZ/KQwAAoJELkej+ysXJPm18YQALnXz8vN1Etj97pt+3Fcu5pj
FFHCNYNe2SKCH6ezSs230AfItckp0HExWN6v3aHArKZfWNAkBkrvbwhCC07hhqZ0
/jNjXuyqzgwBppS3HNFnWuzpXR4iEkyszww0jPwXTSHWUG1yMNLPKHrOCYVKtsO1
WbUSMiPgopo7l9iRts2+qqIRcz1kFtQXEl8KrBEX4InibQ3hK1yAeG/LEDwMH9yK
v6wkavcw/Xk0SXSs58DrLiyaOBXHggGPPwu5mgISD+YmDpQ2v3VsHQyW5gzNUfur
v7pbpfwVWZiARREctA+I5rEeSVUDgKca7HdtK9BswMHICgJDRtiawjVNDgGQwYNi
oiRSSwUQMQP2UZN40NsByWGOABi62Pj6T90plZEnymqKnyl5vmdmZ/GDD5K0wKd3
b0wgd7nc4owhzCv7D178fdhHHon72Gvt+OK0ZNs1BravC2qazNG3AHGVhsmzMxvJ
IMoix5wElxpJ1t936/PUR64k3Du60yZy5c25ymypN01KQIvwgG80MFloELTQjEUO
bA0PDf9ambKYVyWu+jbkdAzJ1l0RCEe2UrNEpFybLlx6RuNZ8LLpB6zToIbcDpac
PtKZOiJddeosh82tXuMqR6MQ/4gyZOehSYfwdyXwRUIdgeoTmQA+J78yRORJa1R8
21Fh48BMD5I1/p5a/BM2
=59U2
-----END PGP SIGNATURE-----
--FplIUg6f4oTjf2uFF6d2cIwEkHoJ3XiFB--