On Tue, Jul 12, 2016 at 10:16 PM, David Jaša <[email protected]> wrote: > On Ne, 2016-07-10 at 10:27 +0300, Yedidyah Bar David wrote: >> On Sat, Jul 9, 2016 at 2:35 AM, Paul Dyer <[email protected]> wrote: >> > Hi, >> > >> > back in 2015, with the first install of ovirt, I used a domain of >> > xxxportal.com. Since the client has an xxxcentral.com wildcard >> > certificate, I added changed the hostname and domainname, and added the >> > cert/cacert to the apache webpage. >> > >> > The pki on ovirt and vdsm (host) both still have the original xxxportal.com >> > domain. I am looking for a way to wipe away the old domain.
If this ^^^^ is the requirement, then: >> > >> > Do I need to remove the host (not hosted engine), drop the >> > datacenter/cluster, and build from a clean db? >> >> Basically yes. See also: >> >> https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/ >> >> If you have lots of data in your engine (hosts, VMs etc), you might manage to >> keep most of it by something like this, didn't try that: >> >> 1. Shutdown all VMs and move all hosts to maintenance >> 2. Stop ovirt-engine service >> 3. mv /etc/pki/ovirt-engine /etc/pki/ovirt-engine-backup-before-recreation >> 4. yum reinstall ovirt-engine-backend, or copy back from above backup >> only these, without the files they hold (for directories), but keep >> owner/permissions: >> cacert.template.in certs cert.template.in keys openssl.conf >> private requests >> 5. engine-setup >> It will notice pki is removed and recreate it for you >> You might need to change admin password because it's encrypted with engine's >> key >> 6. Connect to web admin, and per host: >> 6.1. Right click -> Enroll Certificate >> 6.2. You might need Right-Click -> Reinstall >> 6.3. Activate >> >> This should be enough, more-or-less. You might want, just in case, >> before step 6, >> to connect to all hosts and remove stuff under /etc/pki, but I didn't check >> what exactly. >> >> Best, > > I'm wondering if all of these is necessary. Yes, I think. If it's just to have the web admin interface use the new domain, then ovirt-engine-rename should be enough. > I didn't do exactly this, I > however added a second mod_ssl instance to the apache on a different > port (with different certificates) and 3.6 worked for me without any > other changes (on both ports). 4.0 did not work on different port as AAA > refused to authenticate user. Right. Best, -- Didi _______________________________________________ Devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/devel
