[ovirt-users] Re: Management Engine IP change

2020-07-30 Thread Alex K
On Thu, Jul 30, 2020 at 2:45 PM Yedidyah Bar David  wrote:

> On Thu, Jul 30, 2020 at 1:47 PM Alex K  wrote:
>
>>
>>
>> On Thu, Jul 30, 2020 at 1:30 PM Yedidyah Bar David 
>> wrote:
>>
>>> On Thu, Jul 30, 2020 at 1:20 PM Alex K  wrote:
>>> >
>>> >
>>> >
>>> > On Thu, Jul 30, 2020 at 12:56 PM Yedidyah Bar David 
>>> wrote:
>>> >>
>>> >> On Thu, Jul 30, 2020 at 12:42 PM Alex K 
>>> wrote:
>>> >> >
>>> >> >
>>> >> >
>>> >> > On Thu, Jul 30, 2020 at 12:01 PM Yedidyah Bar David <
>>> d...@redhat.com> wrote:
>>> >> >>
>>> >> >> On Thu, Jul 30, 2020 at 11:30 AM Alex K 
>>> wrote:
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>> On Tue, Jul 28, 2020 at 11:51 AM Anton Louw via Users <
>>> users@ovirt.org> wrote:
>>> >> 
>>> >> 
>>> >> 
>>> >>  Hi All,
>>> >> 
>>> >> 
>>> >> 
>>> >>  Does somebody perhaps know the process of changing the Hosted
>>> Engine IP address? I see that it is possible, I am just not sure if it is a
>>> straight forward process using ‘nmtui’ or editing the network config file.
>>> I have also ensured that everything was configured using the FQDN.
>>> >> >>>
>>> >> >>> Since the FQDN is not changing you should not have issues just
>>> updating your DNS then changing manually the engine IP from the ifcfg-ethx
>>> files then restart networking.
>>> >> >>> What i find difficult and perhaps impossible is to change engine
>>> FQDN, as one will need to regenerate all certs from scratch (otherwise you
>>> will have issues with several services: imageio proxy, OVN, etc) and there
>>> is no such procedure documented/or supported.
>>> >> >>
>>> >> >>
>>> >> >> I wonder - how/what did you search for, that led you to this
>>> conclusion? Or perhaps you even found it explicitly written somewhere?
>>> >> >
>>> >> > Searching around and testing in LAB. I am testing 4.3 though not
>>> 4.4. I used engine-rename tool and although was able to change fqdn for
>>> hosts and engine, I observed that some certificates were left out (for
>>> example OVN was still complaining about certificate issue with subject name
>>> not agreeing with the new FQDN - checking/downloading the relevant cert was
>>> still showing the previous FQDN). I do not deem successful the renaming of
>>> not all services are functional.
>>> >>
>>> >> Very well.
>>> >>
>>> >> I'd find your above statement less puzzling if you wrote instead "...
>>> >> and the procedure for doing this is buggy/broken/incomplete"...
>>> >
>>> > I'm sorry for the confusion.
>>>
>>> No problem :-)
>>>
>>> >>
>>> >>
>>> >> >>
>>> >> >>
>>> >> >> There actually is:
>>> >> >>
>>> >> >>
>>> >> >>
>>> https://www.ovirt.org/documentation/administration_guide/#sect-The_oVirt_Engine_Rename_Tool
>>> >> >
>>> >> >
>>> >> > At this same link it reads:
>>> >> > While the ovirt-engine-rename command creates a new certificate for
>>> the web server on which the Engine runs, it does not affect the certificate
>>> for the Engine or the certificate authority. Due to this, there is some
>>> risk involved in using the ovirt-engine-rename command, particularly in
>>> environments that have been upgraded from Red Hat Enterprise Virtualization
>>> 3.2 and earlier. Therefore, changing the fully qualified domain name of the
>>> Engine by running engine-cleanup and engine-setup is recommended where
>>> possible.
>>> >> > explaining my above findings from the tests.
>>> >>
>>> >> No. These are two different things:
>>> >>
>>> >> 1. Bugs. All software has bugs. Hopefully we fix them over time. If
>>> >> you find one, please file it.
>>> >>
>>> >> 2. Inherent design (or other) problems - the software works as
>>> >> intended, but that's not what you want...
>>> >
>>> > I do not intend to blame anyone. I really appreciate the work you all
>>> are doing with this great project and understand that the community stream
>>> may have bugs and rough edges or simply I might not be well informed.
>>> >>
>>> >>
>>> >> See also:
>>> >>
>>> >>
>>> https://www.ovirt.org/develop/networking/changing-engine-hostname.html
>>> >>
>>> >> >>
>>> >> >>
>>> >> >> That said, it indeed was somewhat broken for some time now - some
>>> fixed were only added quite recently, and are available only in current 4.4:
>>> >> >
>>> >> > This is interesting and needed for migration scenarios.
>>> >>
>>> >> Can you please elaborate?
>>> >
>>> > I am thinking about a scenario where one will need to migrate a DC
>>> from one FQDN to a completely new one (say I currently have
>>> host1.domain1.com, host2.domain1.com, engine.domain1.com and want to
>>> switch to host1.domain2.com, host2.domain2.com, engine.domain2.com) I
>>> am currently facing one such need. I need to migrate existing DC from
>>> domain1.com to domain2.com. Tried the engine-rename tool and changed
>>> IPs of engine and hosts but observed the OVN certificate issue with 4.3. In
>>> case this is sorted with 4.4 then I will see if this resolves my issue.
>>>
>>> These are _names_, for the same machines, right? I'd call it a rename,
>>> then, 

[ovirt-users] Re: Management Engine IP change

2020-07-30 Thread Yedidyah Bar David
On Thu, Jul 30, 2020 at 1:20 PM Alex K  wrote:
>
>
>
> On Thu, Jul 30, 2020 at 12:56 PM Yedidyah Bar David  wrote:
>>
>> On Thu, Jul 30, 2020 at 12:42 PM Alex K  wrote:
>> >
>> >
>> >
>> > On Thu, Jul 30, 2020 at 12:01 PM Yedidyah Bar David  
>> > wrote:
>> >>
>> >> On Thu, Jul 30, 2020 at 11:30 AM Alex K  wrote:
>> >>>
>> >>>
>> >>>
>> >>> On Tue, Jul 28, 2020 at 11:51 AM Anton Louw via Users  
>> >>> wrote:
>> 
>> 
>> 
>>  Hi All,
>> 
>> 
>> 
>>  Does somebody perhaps know the process of changing the Hosted Engine IP 
>>  address? I see that it is possible, I am just not sure if it is a 
>>  straight forward process using ‘nmtui’ or editing the network config 
>>  file. I have also ensured that everything was configured using the FQDN.
>> >>>
>> >>> Since the FQDN is not changing you should not have issues just updating 
>> >>> your DNS then changing manually the engine IP from the ifcfg-ethx files 
>> >>> then restart networking.
>> >>> What i find difficult and perhaps impossible is to change engine FQDN, 
>> >>> as one will need to regenerate all certs from scratch (otherwise you 
>> >>> will have issues with several services: imageio proxy, OVN, etc) and 
>> >>> there is no such procedure documented/or supported.
>> >>
>> >>
>> >> I wonder - how/what did you search for, that led you to this conclusion? 
>> >> Or perhaps you even found it explicitly written somewhere?
>> >
>> > Searching around and testing in LAB. I am testing 4.3 though not 4.4. I 
>> > used engine-rename tool and although was able to change fqdn for hosts and 
>> > engine, I observed that some certificates were left out (for example OVN 
>> > was still complaining about certificate issue with subject name not 
>> > agreeing with the new FQDN - checking/downloading the relevant cert was 
>> > still showing the previous FQDN). I do not deem successful the renaming of 
>> > not all services are functional.
>>
>> Very well.
>>
>> I'd find your above statement less puzzling if you wrote instead "...
>> and the procedure for doing this is buggy/broken/incomplete"...
>
> I'm sorry for the confusion.

No problem :-)

>>
>>
>> >>
>> >>
>> >> There actually is:
>> >>
>> >>
>> >> https://www.ovirt.org/documentation/administration_guide/#sect-The_oVirt_Engine_Rename_Tool
>> >
>> >
>> > At this same link it reads:
>> > While the ovirt-engine-rename command creates a new certificate for the 
>> > web server on which the Engine runs, it does not affect the certificate 
>> > for the Engine or the certificate authority. Due to this, there is some 
>> > risk involved in using the ovirt-engine-rename command, particularly in 
>> > environments that have been upgraded from Red Hat Enterprise 
>> > Virtualization 3.2 and earlier. Therefore, changing the fully qualified 
>> > domain name of the Engine by running engine-cleanup and engine-setup is 
>> > recommended where possible.
>> > explaining my above findings from the tests.
>>
>> No. These are two different things:
>>
>> 1. Bugs. All software has bugs. Hopefully we fix them over time. If
>> you find one, please file it.
>>
>> 2. Inherent design (or other) problems - the software works as
>> intended, but that's not what you want...
>
> I do not intend to blame anyone. I really appreciate the work you all are 
> doing with this great project and understand that the community stream may 
> have bugs and rough edges or simply I might not be well informed.
>>
>>
>> See also:
>>
>> https://www.ovirt.org/develop/networking/changing-engine-hostname.html
>>
>> >>
>> >>
>> >> That said, it indeed was somewhat broken for some time now - some fixed 
>> >> were only added quite recently, and are available only in current 4.4:
>> >
>> > This is interesting and needed for migration scenarios.
>>
>> Can you please elaborate?
>
> I am thinking about a scenario where one will need to migrate a DC from one 
> FQDN to a completely new one (say I currently have host1.domain1.com, 
> host2.domain1.com, engine.domain1.com and want to switch to 
> host1.domain2.com, host2.domain2.com, engine.domain2.com) I am currently 
> facing one such need. I need to migrate existing DC from domain1.com to 
> domain2.com. Tried the engine-rename tool and changed IPs of engine and hosts 
> but observed the OVN certificate issue with 4.3. In case this is sorted with 
> 4.4 then I will see if this resolves my issue.

These are _names_, for the same machines, right? I'd call it a rename,
then, not a migration.

If it's migration (you have two sets of physical machines, and want to
migrate the VMs from one set to the other), indeed using storage
import is simpler (perhaps using the DR tool/doc).

>>
>>
>> If it's DR migration, perhaps you want storage export/import, as is
>> done using the DR tool:
>>
>> https://www.ovirt.org/documentation/disaster-recovery-guide/disaster-recovery-guide.html
>>
>> If you just want to use a new name, but do not need to completely
>> forget the old one, you can add 

[ovirt-users] Re: Management Engine IP change

2020-07-30 Thread Alex K
On Thu, Jul 30, 2020 at 11:15 AM Alex K  wrote:

>
>
> On Tue, Jul 28, 2020 at 11:51 AM Anton Louw via Users 
> wrote:
>
>>
>>
>> Hi All,
>>
>>
>>
>> Does somebody perhaps know the process of changing the Hosted Engine IP
>> address? I see that it is possible, I am just not sure if it is a straight
>> forward process using ‘nmtui’ or editing the network config file. I have
>> also ensured that everything was configured using the FQDN.
>>
> Since the FQDN is not changing you should not have issues just updating
> your DNS then changing manually the engine IP from the ifcfg-ethx files
> then restart networking.
> What i find difficult and perhaps impossible is to change engine FQDN, as
> one will need to regenerate all certs from scratch (otherwise you will have
> issues with several services: imageio proxy, OVN, etc) and there is no such
> procedure documented/or supported.
> I might be able to soon test this engine IP change in a virtual
> environment and let you know.
>

I followed the following steps to change engine IP and had no issues:
1. enable global maintenance
2. update your DNS or /etc/hosts settings to reflect new engine IP
3. change engine network configuration to reflect new IP. restart
networking. (not need to reboot engine)
4. at engine: systemctl restart ovirt-engine, systemctl restart
ovirt-imageio-proxy.service (might not be needed)
5. disable global maintenance
6. login at GUI using the same engine fqdn.

Afterwards I confirmed that imageIO proxy and OVN was ok by testing their
connection through GUI, confirming that there is no certificate or other
issue. Also observed for a while engine logs about any error and found
none.

Hope this helps.



>>
>> Thanks
>>
>> *Anton Louw*
>> *Cloud Engineer: Storage and Virtualization* at *Vox*
>> --
>> *T:*  087 805  | *D:* 087 805 1572
>> *M:* N/A
>> *E:* anton.l...@voxtelecom.co.za
>> *A:* Rutherford Estate, 1 Scott Street, Waverley, Johannesburg
>> www.vox.co.za
>>
>> [image: F] 
>> [image: T] 
>> [image: I] 
>> [image: L] 
>> [image: Y] 
>>
>> [image: #VoxBrand]
>> 
>> *Disclaimer*
>>
>> The contents of this email are confidential to the sender and the
>> intended recipient. Unless the contents are clearly and entirely of a
>> personal nature, they are subject to copyright in favour of the holding
>> company of the Vox group of companies. Any recipient who receives this
>> email in error should immediately report the error to the sender and
>> permanently delete this email from all storage devices.
>>
>> This email has been scanned for viruses and malware, and may have been
>> automatically archived by *Mimecast Ltd*, an innovator in Software as a
>> Service (SaaS) for business. Providing a *safer* and *more useful* place
>> for your human generated data. Specializing in; Security, archiving and
>> compliance. To find out more Click Here
>> .
>>
>>
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/EZPTYSINJMOIOR3QOG4KL3M5ZFHPHPQD/
>>
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/QYUUKE3LDNGL75ZR43T46LUUEXVX2GGI/


[ovirt-users] Re: Management Engine IP change

2020-07-30 Thread Alex K
On Thu, Jul 30, 2020 at 12:56 PM Yedidyah Bar David  wrote:

> On Thu, Jul 30, 2020 at 12:42 PM Alex K  wrote:
> >
> >
> >
> > On Thu, Jul 30, 2020 at 12:01 PM Yedidyah Bar David 
> wrote:
> >>
> >> On Thu, Jul 30, 2020 at 11:30 AM Alex K 
> wrote:
> >>>
> >>>
> >>>
> >>> On Tue, Jul 28, 2020 at 11:51 AM Anton Louw via Users 
> wrote:
> 
> 
> 
>  Hi All,
> 
> 
> 
>  Does somebody perhaps know the process of changing the Hosted Engine
> IP address? I see that it is possible, I am just not sure if it is a
> straight forward process using ‘nmtui’ or editing the network config file.
> I have also ensured that everything was configured using the FQDN.
> >>>
> >>> Since the FQDN is not changing you should not have issues just
> updating your DNS then changing manually the engine IP from the ifcfg-ethx
> files then restart networking.
> >>> What i find difficult and perhaps impossible is to change engine FQDN,
> as one will need to regenerate all certs from scratch (otherwise you will
> have issues with several services: imageio proxy, OVN, etc) and there is no
> such procedure documented/or supported.
> >>
> >>
> >> I wonder - how/what did you search for, that led you to this
> conclusion? Or perhaps you even found it explicitly written somewhere?
> >
> > Searching around and testing in LAB. I am testing 4.3 though not 4.4. I
> used engine-rename tool and although was able to change fqdn for hosts and
> engine, I observed that some certificates were left out (for example OVN
> was still complaining about certificate issue with subject name not
> agreeing with the new FQDN - checking/downloading the relevant cert was
> still showing the previous FQDN). I do not deem successful the renaming of
> not all services are functional.
>
> Very well.
>
> I'd find your above statement less puzzling if you wrote instead "...
> and the procedure for doing this is buggy/broken/incomplete"...
>
I'm sorry for the confusion.

>
> >>
> >>
> >> There actually is:
> >>
> >>
> >>
> https://www.ovirt.org/documentation/administration_guide/#sect-The_oVirt_Engine_Rename_Tool
> >
> >
> > At this same link it reads:
> > While the ovirt-engine-rename command creates a new certificate for the
> web server on which the Engine runs, it does not affect the certificate for
> the Engine or the certificate authority. Due to this, there is some risk
> involved in using the ovirt-engine-rename command, particularly in
> environments that have been upgraded from Red Hat Enterprise Virtualization
> 3.2 and earlier. Therefore, changing the fully qualified domain name of the
> Engine by running engine-cleanup and engine-setup is recommended where
> possible.
> > explaining my above findings from the tests.
>
> No. These are two different things:
>
> 1. Bugs. All software has bugs. Hopefully we fix them over time. If
> you find one, please file it.
>
> 2. Inherent design (or other) problems - the software works as
> intended, but that's not what you want...
>
I do not intend to blame anyone. I really appreciate the work you all are
doing with this great project and understand that the community stream may
have bugs and rough edges or simply I might not be well informed.

>
> See also:
>
> https://www.ovirt.org/develop/networking/changing-engine-hostname.html
>
> >>
> >>
> >> That said, it indeed was somewhat broken for some time now - some fixed
> were only added quite recently, and are available only in current 4.4:
> >
> > This is interesting and needed for migration scenarios.
>
> Can you please elaborate?
>
I am thinking about a scenario where one will need to migrate a DC from one
FQDN to a completely new one (say I currently have host1.domain1.com,
host2.domain1.com, engine.domain1.com and want to switch to
host1.domain2.com, host2.domain2.com, engine.domain2.com) I am currently
facing one such need. I need to migrate existing DC from domain1.com to
domain2.com. Tried the engine-rename tool and changed IPs of engine and
hosts but observed the OVN certificate issue with 4.3. In case this is
sorted with 4.4 then I will see if this resolves my issue.

>
> If it's DR migration, perhaps you want storage export/import, as is
> done using the DR tool:
>
>
> https://www.ovirt.org/documentation/disaster-recovery-guide/disaster-recovery-guide.html
>
> If you just want to use a new name, but do not need to completely
> forget the old one, you can add it using SSO_ALTERNATE_ENGINE_FQDNS.
>
I need to wipe out completely any reference to the old domain/FQDN.

>
> > Also I am wondering if I can change in some way the management network
> and make from untagged to VLAN tagged.
>
> Sorry, no idea. Perhaps start a different thread about this.
>
I will. thanx.

>
> Best regards,
>
> >>
> >>
> >>
> https://github.com/oVirt/ovirt-engine/commits/master/packaging/setup/plugins/ovirt-engine-rename
> >>
> >> I do not think I am aware of currently still-open bugs. If you find
> one, please file it in bugzilla. Thanks!
> >>
> >>>
> >>> I 

[ovirt-users] Re: Management Engine IP change

2020-07-30 Thread Yedidyah Bar David
On Thu, Jul 30, 2020 at 12:42 PM Alex K  wrote:
>
>
>
> On Thu, Jul 30, 2020 at 12:01 PM Yedidyah Bar David  wrote:
>>
>> On Thu, Jul 30, 2020 at 11:30 AM Alex K  wrote:
>>>
>>>
>>>
>>> On Tue, Jul 28, 2020 at 11:51 AM Anton Louw via Users  
>>> wrote:



 Hi All,



 Does somebody perhaps know the process of changing the Hosted Engine IP 
 address? I see that it is possible, I am just not sure if it is a straight 
 forward process using ‘nmtui’ or editing the network config file. I have 
 also ensured that everything was configured using the FQDN.
>>>
>>> Since the FQDN is not changing you should not have issues just updating 
>>> your DNS then changing manually the engine IP from the ifcfg-ethx files 
>>> then restart networking.
>>> What i find difficult and perhaps impossible is to change engine FQDN, as 
>>> one will need to regenerate all certs from scratch (otherwise you will have 
>>> issues with several services: imageio proxy, OVN, etc) and there is no such 
>>> procedure documented/or supported.
>>
>>
>> I wonder - how/what did you search for, that led you to this conclusion? Or 
>> perhaps you even found it explicitly written somewhere?
>
> Searching around and testing in LAB. I am testing 4.3 though not 4.4. I used 
> engine-rename tool and although was able to change fqdn for hosts and engine, 
> I observed that some certificates were left out (for example OVN was still 
> complaining about certificate issue with subject name not agreeing with the 
> new FQDN - checking/downloading the relevant cert was still showing the 
> previous FQDN). I do not deem successful the renaming of not all services are 
> functional.

Very well.

I'd find your above statement less puzzling if you wrote instead "...
and the procedure for doing this is buggy/broken/incomplete"...

>>
>>
>> There actually is:
>>
>>
>> https://www.ovirt.org/documentation/administration_guide/#sect-The_oVirt_Engine_Rename_Tool
>
>
> At this same link it reads:
> While the ovirt-engine-rename command creates a new certificate for the web 
> server on which the Engine runs, it does not affect the certificate for the 
> Engine or the certificate authority. Due to this, there is some risk involved 
> in using the ovirt-engine-rename command, particularly in environments that 
> have been upgraded from Red Hat Enterprise Virtualization 3.2 and earlier. 
> Therefore, changing the fully qualified domain name of the Engine by running 
> engine-cleanup and engine-setup is recommended where possible.
> explaining my above findings from the tests.

No. These are two different things:

1. Bugs. All software has bugs. Hopefully we fix them over time. If
you find one, please file it.

2. Inherent design (or other) problems - the software works as
intended, but that's not what you want...

See also:

https://www.ovirt.org/develop/networking/changing-engine-hostname.html

>>
>>
>> That said, it indeed was somewhat broken for some time now - some fixed were 
>> only added quite recently, and are available only in current 4.4:
>
> This is interesting and needed for migration scenarios.

Can you please elaborate?

If it's DR migration, perhaps you want storage export/import, as is
done using the DR tool:

https://www.ovirt.org/documentation/disaster-recovery-guide/disaster-recovery-guide.html

If you just want to use a new name, but do not need to completely
forget the old one, you can add it using SSO_ALTERNATE_ENGINE_FQDNS.

> Also I am wondering if I can change in some way the management network and 
> make from untagged to VLAN tagged.

Sorry, no idea. Perhaps start a different thread about this.

Best regards,

>>
>>
>> https://github.com/oVirt/ovirt-engine/commits/master/packaging/setup/plugins/ovirt-engine-rename
>>
>> I do not think I am aware of currently still-open bugs. If you find one, 
>> please file it in bugzilla. Thanks!
>>
>>>
>>> I might be able to soon test this engine IP change in a virtual environment 
>>> and let you know.
>>
>>
>> Thanks and good luck!
>> --
>> Didi
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/R5ZWCNEL3HPK5VGTTR6TJ7HMIJ5YCV4M/



-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HADIKTQLYKFFA5K3AE6LP2G7I3SDJMF6/


[ovirt-users] Re: Management Engine IP change

2020-07-30 Thread Alex K
On Thu, Jul 30, 2020 at 12:01 PM Yedidyah Bar David  wrote:

> On Thu, Jul 30, 2020 at 11:30 AM Alex K  wrote:
>
>>
>>
>> On Tue, Jul 28, 2020 at 11:51 AM Anton Louw via Users 
>> wrote:
>>
>>>
>>>
>>> Hi All,
>>>
>>>
>>>
>>> Does somebody perhaps know the process of changing the Hosted Engine IP
>>> address? I see that it is possible, I am just not sure if it is a straight
>>> forward process using ‘nmtui’ or editing the network config file. I have
>>> also ensured that everything was configured using the FQDN.
>>>
>> Since the FQDN is not changing you should not have issues just updating
>> your DNS then changing manually the engine IP from the ifcfg-ethx files
>> then restart networking.
>> What i find difficult and perhaps impossible is to change engine FQDN, as
>> one will need to regenerate all certs from scratch (otherwise you will have
>> issues with several services: imageio proxy, OVN, etc) and there is no such
>> procedure documented/or supported.
>>
>
> I wonder - how/what did you search for, that led you to this conclusion?
> Or perhaps you even found it explicitly written somewhere?
>
Searching around and testing in LAB. I am testing 4.3 though not 4.4. I
used engine-rename tool and although was able to change fqdn for hosts and
engine, I observed that some certificates were left out (for example OVN
was still complaining about certificate issue with subject name not
agreeing with the new FQDN - checking/downloading the relevant cert was
still showing the previous FQDN). I do not deem successful the renaming of
not all services are functional.

>
> There actually is:
>
>
https://www.ovirt.org/documentation/administration_guide/#sect-The_oVirt_Engine_Rename_Tool
>

At this same link it reads:
While the ovirt-engine-rename command creates a new certificate for the web
server on which the Engine runs, it does not affect the certificate for the
Engine or the certificate authority. Due to this, there is some risk
involved in using the ovirt-engine-rename command, particularly in
environments that have been upgraded from Red Hat Enterprise Virtualization
3.2 and earlier. Therefore, changing the fully qualified domain name of the
Engine by running engine-cleanup and engine-setup is recommended where
possible.
explaining my above findings from the tests.

>
> That said, it indeed was somewhat broken for some time now - some fixed
> were only added quite recently, and are available only in current 4.4:
>
This is interesting and needed for migration scenarios. Also I am wondering
if I can change in some way the management network and make from untagged
to VLAN tagged.

>
>
> https://github.com/oVirt/ovirt-engine/commits/master/packaging/setup/plugins/ovirt-engine-rename
>
> I do not think I am aware of currently still-open bugs. If you find one,
> please file it in bugzilla. Thanks!
>
>
>> I might be able to soon test this engine IP change in a virtual
>> environment and let you know.
>>
>
> Thanks and good luck!
> --
> Didi
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/R5ZWCNEL3HPK5VGTTR6TJ7HMIJ5YCV4M/


[ovirt-users] Re: Management Engine IP change

2020-07-30 Thread Yedidyah Bar David
On Thu, Jul 30, 2020 at 11:30 AM Alex K  wrote:

>
>
> On Tue, Jul 28, 2020 at 11:51 AM Anton Louw via Users 
> wrote:
>
>>
>>
>> Hi All,
>>
>>
>>
>> Does somebody perhaps know the process of changing the Hosted Engine IP
>> address? I see that it is possible, I am just not sure if it is a straight
>> forward process using ‘nmtui’ or editing the network config file. I have
>> also ensured that everything was configured using the FQDN.
>>
> Since the FQDN is not changing you should not have issues just updating
> your DNS then changing manually the engine IP from the ifcfg-ethx files
> then restart networking.
> What i find difficult and perhaps impossible is to change engine FQDN, as
> one will need to regenerate all certs from scratch (otherwise you will have
> issues with several services: imageio proxy, OVN, etc) and there is no such
> procedure documented/or supported.
>

I wonder - how/what did you search for, that led you to this conclusion? Or
perhaps you even found it explicitly written somewhere?

There actually is:

https://www.ovirt.org/documentation/administration_guide/#sect-The_oVirt_Engine_Rename_Tool

That said, it indeed was somewhat broken for some time now - some fixed
were only added quite recently, and are available only in current 4.4:

https://github.com/oVirt/ovirt-engine/commits/master/packaging/setup/plugins/ovirt-engine-rename

I do not think I am aware of currently still-open bugs. If you find one,
please file it in bugzilla. Thanks!


> I might be able to soon test this engine IP change in a virtual
> environment and let you know.
>

Thanks and good luck!
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/A2KVHS5CKLMZV5MYISXJEZBTFPQNOH2Z/


[ovirt-users] Re: Management Engine IP change

2020-07-30 Thread Alex K
On Tue, Jul 28, 2020 at 11:51 AM Anton Louw via Users 
wrote:

>
>
> Hi All,
>
>
>
> Does somebody perhaps know the process of changing the Hosted Engine IP
> address? I see that it is possible, I am just not sure if it is a straight
> forward process using ‘nmtui’ or editing the network config file. I have
> also ensured that everything was configured using the FQDN.
>
Since the FQDN is not changing you should not have issues just updating
your DNS then changing manually the engine IP from the ifcfg-ethx files
then restart networking.
What i find difficult and perhaps impossible is to change engine FQDN, as
one will need to regenerate all certs from scratch (otherwise you will have
issues with several services: imageio proxy, OVN, etc) and there is no such
procedure documented/or supported.
I might be able to soon test this engine IP change in a virtual environment
and let you know.

>
>
> Thanks
>
> *Anton Louw*
> *Cloud Engineer: Storage and Virtualization* at *Vox*
> --
> *T:*  087 805  | *D:* 087 805 1572
> *M:* N/A
> *E:* anton.l...@voxtelecom.co.za
> *A:* Rutherford Estate, 1 Scott Street, Waverley, Johannesburg
> www.vox.co.za
>
> [image: F] 
> [image: T] 
> [image: I] 
> [image: L] 
> [image: Y] 
>
> [image: #VoxBrand]
> 
> *Disclaimer*
>
> The contents of this email are confidential to the sender and the intended
> recipient. Unless the contents are clearly and entirely of a personal
> nature, they are subject to copyright in favour of the holding company of
> the Vox group of companies. Any recipient who receives this email in error
> should immediately report the error to the sender and permanently delete
> this email from all storage devices.
>
> This email has been scanned for viruses and malware, and may have been
> automatically archived by *Mimecast Ltd*, an innovator in Software as a
> Service (SaaS) for business. Providing a *safer* and *more useful* place
> for your human generated data. Specializing in; Security, archiving and
> compliance. To find out more Click Here
> .
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/EZPTYSINJMOIOR3QOG4KL3M5ZFHPHPQD/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6XWDYTWTQIWO44FOS25R7TEQOVSCIZCR/


[ovirt-users] Re: Management Engine IP change

2020-07-30 Thread Yedidyah Bar David
On Thu, Jul 30, 2020 at 12:07 AM  wrote:
>
> I honestly don't know, because I have not tried myself, so you might just 
> want to stop reading right here.

Same here :-)

>
> But from what I understand about the design philosophy of oVirt, it should be 
> ok to change it, while nobody probably ever tested it and everybody would 
> tell you it's a bad idea to do so, unless you're willing to rebuild from 
> scratch.
>
> The reason it *should* be ok is that the nodes don't care about the 
> management engine.
> They care only about the information on the shared cluster storage.
> How that gets there, who changes it: They couldn't care less.

I mostly agree.

I am not sure about OVS/OVN. If you do use it, pay extra attention in
your tests, before trying this on your production setup.

>
> Yet, I believe I have seen events being reported back to the management 
> engine via REST API calls, referring to the management engine via URIs that 
> should have been using FQDN only. So there is some biliateral communication 
> going on, mostly asynchronous as far as I can see and not using IPs.

Indeed.

If you see anything accessing the engine machine using its IP address
directly, not through its FQDN, I'd consider it a bug. If such a bug
exists in any part of oVirt, please file one. Thanks!

As mentioned, not sure about OVS/OVN. If it's indeed so, I'd still
consider it a bug, but perhaps it won't be fixed (I am not a
networking expert, not sure). I can also see why people might claim
that OVS/OVN requires such an exception, even in principle (even if
technically you can change it to use names and rely on name
resolution).

>
> What I can tell you, is that /etc/sysconfig/network-scripts/ifcfg-eth0 has 
> NM_CONTROLLED=no inside, so nmtui won't go near it. You can change that, 
> delete the line, edit the config... and hopefully it will live.

I assume you refer to the appliance, on hosted-engine.

In a standalone engine, we do not really care - it's up to the admin
to configure networking etc.
Generally speaking, you should follow OS docs. I think that with
NM_CONTROLLED=no, you can simply edit the file (or update DHCP), and
restart networking (or just reboot).

>
> And in case things go seriously wrong, you should be able to fix it with 
> hosted-engine --console
>
> But, again, I never tried it myself.
>
> But I use DHCP on two out of four farms...

In any case: Please test carefully before doing this on production.

Good luck and best regards,
-- 
Didi
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ET5UV2LZ4SWLB4LCM3QVZQDZFMMPAJ7U/


[ovirt-users] Re: Management Engine IP change

2020-07-29 Thread thomas
I honestly don't know, because I have not tried myself, so you might just want 
to stop reading right here.

But from what I understand about the design philosophy of oVirt, it should be 
ok to change it, while nobody probably ever tested it and everybody would tell 
you it's a bad idea to do so, unless you're willing to rebuild from scratch.

The reason it *should* be ok is that the nodes don't care about the management 
engine.
They care only about the information on the shared cluster storage.
How that gets there, who changes it: They couldn't care less.

Yet, I believe I have seen events being reported back to the management engine 
via REST API calls, referring to the management engine via URIs that should 
have been using FQDN only. So there is some biliateral communication going on, 
mostly asynchronous as far as I can see and not using IPs.

What I can tell you, is that /etc/sysconfig/network-scripts/ifcfg-eth0 has 
NM_CONTROLLED=no inside, so nmtui won't go near it. You can change that, delete 
the line, edit the config... and hopefully it will live.

And in case things go seriously wrong, you should be able to fix it with 
hosted-engine --console

But, again, I never tried it myself.

But I use DHCP on two out of four farms...
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JGIDCFQGTEO4NTS45OLXWSL6POP4ZD5T/