[ovirt-devel] changing engine domain name

Yedidyah Bar David didi at redhat.com
Wed Jul 13 07:59:26 UTC 2016


On Tue, Jul 12, 2016 at 10:16 PM, David Jaša <djasa at redhat.com> wrote:
> On Ne, 2016-07-10 at 10:27 +0300, Yedidyah Bar David wrote:
>> On Sat, Jul 9, 2016 at 2:35 AM, Paul Dyer <pmdyermms at gmail.com> wrote:
>> > Hi,
>> >
>> > back in 2015, with the first install of ovirt, I used a domain of
>> > xxxportal.com.   Since the client has an xxxcentral.com wildcard
>> > certificate, I added changed the hostname and domainname, and added the
>> > cert/cacert to the apache webpage.
>> >
>> > The pki on ovirt and vdsm (host) both still have the original xxxportal.com
>> > domain.   I am looking for a way to wipe away the old domain.

If this ^^^^ is the requirement, then:

>> >
>> > Do I need to remove the host (not hosted engine), drop the
>> > datacenter/cluster, and build from a clean db?
>>
>> Basically yes. See also:
>>
>> https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/
>>
>> If you have lots of data in your engine (hosts, VMs etc), you might manage to
>> keep most of it by something like this, didn't try that:
>>
>> 1. Shutdown all VMs and move all hosts to maintenance
>> 2. Stop ovirt-engine service
>> 3. mv /etc/pki/ovirt-engine /etc/pki/ovirt-engine-backup-before-recreation
>> 4. yum reinstall ovirt-engine-backend, or copy back from above backup
>> only these, without the files they hold (for directories), but keep
>> owner/permissions:
>> cacert.template.in  certs  cert.template.in  keys  openssl.conf
>> private  requests
>> 5. engine-setup
>> It will notice pki is removed and recreate it for you
>> You might need to change admin password because it's encrypted with engine's key
>> 6. Connect to web admin, and per host:
>> 6.1. Right click -> Enroll Certificate
>> 6.2. You might need Right-Click -> Reinstall
>> 6.3. Activate
>>
>> This should be enough, more-or-less. You might want, just in case,
>> before step 6,
>> to connect to all hosts and remove stuff under /etc/pki, but I didn't check
>> what exactly.
>>
>> Best,
>
> I'm wondering if all of these is necessary.

Yes, I think. If it's just to have the web admin interface use the new domain,
then ovirt-engine-rename should be enough.

> I didn't do exactly this, I
> however added a second mod_ssl instance to the apache on a different
> port (with different certificates) and 3.6 worked for me without any
> other changes (on both ports). 4.0 did not work on different port as AAA
> refused to authenticate user.

Right.

Best,
-- 
Didi



More information about the Devel mailing list