On Fri, Mar 5, 2021 at 10:18 AM Enrico Becchetti <enrico.becchetti(a)pg.infn.it&gt; wrote: > Dear all, > I'm using ovirt 4.3.2 with its engine on a virtual machine. The nodes > are all Centos 7.7. Is this a hosted-engine?

> Both engine and hypervisor systems work on a 10.0.0.0 private network. > Now I would like to let users access the ovirt web page (user portal) > and for this > I must necessarily add a second network interface to the engine by > inserting a public ip. I can't use NAT. > Can you give me any advice for this operation ? > Can I add the network interface and then run engine-setup ? > Will oVirt be accessible from both ip addresses at the end of this > operation ? Generally speaking: 1. You should be able to add an IP address to the existing NIC. If this is a hosted-engine, this might be simpler than adding a NIC. Of course, this might not be relevant in your case, depending on network topology, conf, etc. 2. The engine itself does not care at all about which IP addresses are used to connect to it. Neither is httpd that is running there as a frontend to it - it listens on all addresses. So just add the address somehow, perhaps restart httpd if needed (but I do not think so), and everything should work. 3. The engine _does_ care about the _name_. So make sure you use the existing name. For this, you'll have to change your DNS, or /etc/hosts, as applicable. 4. If it's complex for you to keep the existing name (e.g. because you want to make it work from both old and new addresses, etc.), you can also add another name that the engine will agree to be connected to, using SSO_ALTERNATE_ENGINE_FQDNS, see e.g. [1]. Best regards, [1] https://www.ovirt.org/develop/networking/changing-engine-hostname.html > Lots of thanks. > Enrico > > -- > _______________________________________________________________________ > > Enrico Becchetti Servizio di Calcolo e Reti > > Istituto Nazionale di Fisica Nucleare - Sezione di Perugia > Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY) > Phone:+39 075 5852777 Skype:enrico_becchetti > Mail: Enrico.Becchetti<at>pg.infn.it > ______________________________________________________________________ > _______________________________________________ > Users mailing list -- users(a)ovirt.org > To unsubscribe send an email to users-leave(a)ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ > List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZW2SGNYGA4M...

> On 23. 3. 2021, at 7:55, Enrico Becchetti > <enrico.becchetti(a)pg.infn.it <mailto:enrico.becchetti@pg.infn.it>> wrote: > > Hi, > > I've added a new ip public address and SSO_ALTERNATE_ENGINE_FQDNS, > after that I run engine-setup. and now ovirt can also be access with > a new name > but the last item is about X509 certificate. > How can I add a second certificate for this new url ? I think you’d have to use your own CA, the internal one doesn’t generate certificates with other names. or as Didi suggested modify your DNS to use same FQDN for both ways > Best regards. > Enrico > > Il 07/03/21 08:51, Yedidyah Bar David ha scritto: >> On Fri, Mar 5, 2021 at 10:18 AM Enrico Becchetti >> <enrico.becchetti(a)pg.infn.it <mailto:enrico.becchetti@pg.infn.it>> >> wrote: >>>   Dear all, >>> I'm using ovirt 4.3.2 with its engine on a virtual machine. The nodes >>> are all Centos 7.7. >> Is this a hosted-engine? > no >>> Both engine and hypervisor systems work on a 10.0.0.0 private network. >>> Now I would like to let users access the ovirt web page (user portal) >>> and for this >>> I must necessarily add a second network interface to the engine by >>> inserting a public ip. I can't use NAT. >>> Can you give me any advice for this operation ? >>> Can I add the network interface and then run engine-setup ? >>> Will oVirt be accessible from both ip addresses at the end of this >>> operation ? >> Generally speaking: >> >> 1. You should be able to add an IP address to the existing NIC. If this >> is a hosted-engine, this might be simpler than adding a NIC. Of course, >> this might not be relevant in your case, depending on network topology, >> conf, etc. >> >> 2. The engine itself does not care at all about which IP addresses are >> used to connect to it. Neither is httpd that is running there as a >> frontend >> to it - it listens on all addresses. So just add the address >> somehow, perhaps >> restart httpd if needed (but I do not think so), and everything >> should work. >> >> 3. The engine _does_ care about the _name_. So make sure you use the >> existing name. For this, you'll have to change your DNS, or /etc/hosts, >> as applicable. >> >> 4. If it's complex for you to keep the existing name (e.g. because >> you want >> to make it work from both old and new addresses, etc.), you can also add >> another name that the engine will agree to be connected to, using >> SSO_ALTERNATE_ENGINE_FQDNS, see e.g. [1]. >> >> Best regards, >> >> [1] >> https://www.ovirt.org/develop/networking/changing-engine-hostname.html >> <https://www.ovirt.org/develop/networking/changing-engine-hostname.html> >> >>> Lots of thanks. >>> Enrico >>> >>> -- >>> _______________________________________________________________________ >>> >>> Enrico Becchetti                    Servizio di Calcolo e Reti >>> >>> Istituto Nazionale di Fisica Nucleare - Sezione di Perugia >>> Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY) >>> Phone:+39 075 5852777 Skype:enrico_becchetti <Skype:enrico_becchetti> >>>               Mail: Enrico.Becchetti<at>pg.infn.it >>> ______________________________________________________________________ >>> _______________________________________________ >>> Users mailing list -- users(a)ovirt.org <mailto:users@ovirt.org> >>> To unsubscribe send an email to users-leave(a)ovirt.org >>> <mailto:users-leave@ovirt.org> >>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>> <https://www.ovirt.org/privacy-policy.html> >>> oVirt Code of Conduct: >>> https://www.ovirt.org/community/about/community-guidelines/ >>> <https://www.ovirt.org/community/about/community-guidelines/> >>> List Archives: >>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZW2SGNYGA4M... >>> <https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZW2SGNYGA4M... >> >> > > > -- > _______________________________________________________________________ > > Enrico Becchetti                    Servizio di Calcolo e Reti > > Istituto Nazionale di Fisica Nucleare - Sezione di Perugia > Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY) > Phone:+39 075 5852777Skype:enrico_becchetti <skype:enrico_becchetti> >             Mail: Enrico.Becchetti<at>pg.infn.it > ______________________________________________________________________ > _______________________________________________ > Users mailing list --users(a)ovirt.org <mailto:users@ovirt.org> > To unsubscribe send an email tousers-leave(a)ovirt.org > <mailto:users-leave@ovirt.org> > Privacy Statement:https://www.ovirt.org/privacy-policy.html > <https://www.ovirt.org/privacy-policy.html> > oVirt Code of > Conduct:https://www.ovirt.org/community/about/community-guidelines/ > <https://www.ovirt.org/community/about/community-guidelines/> > List > Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/MT... > <https://lists.ovirt.org/archives/list/users@ovirt.org/message/MTSY7BKGWKF...