[ovirt-users] Info on changing IPA server hostname in oVirt

Gianluca Cecchi gianluca.cecchi at gmail.com
Wed Dec 10 22:10:43 UTC 2014 

On Wed, Dec 10, 2014 at 10:30 PM, Alon Bar-Lev <alonbl at redhat.com> wrote:

>
>
>
> better to use startTLS over ldaps.
> so yes, the above is the right setting.
> you should import the ca certificate, see instructions here[1]
>
> Alon
>
> [1]
> http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=HEAD#l141



I've done it this way:

copied /etc/ipa/ca.crt on engine server renaming it ipa_ca.crt

keytool -importcert -noprompt -trustcacerts -alias iparootca -file
/root/ipa_ca.crt -keystore ipaca.jks -storepass mysecret

put  ipaca.jks in /etc/ovirt-engine/aaa/

ldap1.properties now has

# Create keystore, import certificate chain and uncomment
# if using ssl/tls.
pool.default.ssl.startTLS = true
#pool.default.ssl.truststore.file =
${local:_basedir}/${global:vars.server}.jks
pool.default.ssl.truststore.file = /etc/ovirt-engine/aaa/ipaca.jks
pool.default.ssl.truststore.password = mysecret

and restarted ovirt engine but it seems all conenctions are still through
389 port....

java    1586 ovirt  300u  IPv4             395136      0t0     TCP
ovirtmgr.localdomain.local:34263->c7serv
er.localdomain.local:389 (ESTABLISHED)
java    1586 ovirt  301u  IPv4             395137      0t0     TCP
ovirtmgr.localdomain.local:34264->c7server.localdomain.local:389
(ESTABLISHED)
java    1586 ovirt  302u  IPv4             395138      0t0     TCP
ovirtmgr.localdomain.local:34265->c7server.localdomain.local:389
(ESTABLISHED)
java    1586 ovirt  303u  IPv4             395139      0t0     TCP
ovirtmgr.localdomain.local:34266->c7server.localdomain.local:389
(ESTABLISHED)
java    1586 ovirt  304u  IPv4             395140      0t0     UDP *:55673
java    1586 ovirt  305u  IPv4             395141      0t0     TCP
ovirtmgr.localdomain.local:34267->c7server.localdomain.local:389
(ESTABLISHED)
java    1586 ovirt  306u  IPv4             395142      0t0     TCP
ovirtmgr.localdomain.local:34268->c7server.localdomain.local:389
(ESTABLISHED)
java    1586 ovirt  307u  IPv4             395143      0t0     TCP
ovirtmgr.localdomain.local:34269->c7server.localdomain.local:389
(ESTABLISHED)
java    1586 ovirt  308u  IPv4             395144      0t0     TCP
ovirtmgr.localdomain.local:34270->c7server.localdomain.local:389
(ESTABLISHED)
java    1586 ovirt  309u  IPv4             395145      0t0     UDP *:49690
java    1586 ovirt  310u  IPv4             395146      0t0     TCP
ovirtmgr.localdomain.local:34271->c7server.localdomain.local:389
(ESTABLISHED)
java    1586 ovirt  311u  IPv4             395147      0t0     TCP
ovirtmgr.localdomain.local:34272->c7server.localdomain.local:389
(ESTABLISHED)
java    1586 ovirt  312u  IPv4             395148      0t0     TCP
ovirtmgr.localdomain.local:34273->c7server.localdomain.local:389
(ESTABLISHED)
java    1586 ovirt  313u  IPv4             395149      0t0     TCP
ovirtmgr.localdomain.local:34274->c7server.localdomain.local:389
(ESTABLISHED)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20141210/5e57dec0/attachment-0001.html>

More information about the Users mailing list