On Friday, November 3, 2017 1:15:27 PM EDT ~Stack~ wrote: > Greetings, > > I'm seriously just grasping at straws here. I took a spare hard drive, > tossed it in the management host, and did a fresh install. It did not > like me trying to add it into the existing infrastructure. Tried to dump > the DB from the old to the new, update the passwords, and pretty much > ended up in the same place. > > I did check the .trustedkeystore and it has the same 1 key as my > original back up. So that isn't the issue. > > Still poking at it. Would love some thoughts/feedback. > > Thanks! > ~Stack~ >
Running engine-setup on the engine machine should re-generate the keys. > On 11/03/2017 09:30 AM, ~Stack~ wrote: > > Greetings, > > > > Please, I would greatly appreciate some help/feedback. I'm not sure what > > else to do. > > > > I reverted the .trustedstore to the only backup I have, and there is one > > key in it. That too gets flagged by oVirt as having been tampered with > > (I'm guessing oVirt added something that isn't there any more). The > > password is correct as I can verify it from the oVirt config file on the > > command line. > > > > I'm out of ideas on fixing this. What happens to my oVirt hypervisors > > and VM's if I rebuild the management engine host from scratch? > > > > Thanks! > > ~Stack~ > > > > On 11/02/2017 04:18 PM, ~Stack~ wrote: > >> Greetings, > >> > >> OS: Scientific Linux 7.4 > >> oVirt: 4.1 > >> Everything fully updated. > >> > >> Everything was working great. I received my new network card today to > >> upgrade my ovirt management node (physical node; not self-hosted), took > >> the machine down, swapped the card, and brought it up to many many > >> errors. > >> > >> Here's the basic break-down of my discoveries. > >> > >> 1) My /etc/pki/ovirt-engine/.trustedstore was corrupt. I had lots of > >> messages in my engine.log about it being corrupt. Restored from backup, > >> and oVirt engine was really peeved for not having my domain cert in it > >> (tons of messages in the engine.log file)...figured out how to add my > >> domain cert and it seemed OK. Which led me to... > >> > >> 2) My /etc/pki/ovirt-engine/keys/engine.p12 and > >> /etc/pki/ovirt-engine/keys/apache.p12 are _gone_. Don't have them in my > >> backups either. This results in a massive java dump when I try to start > >> the engine service. > >> > >> 3) I noticed that I had > >> /etc/pki/ovirt-engine/keys/engine.p12.201711021302 which is a time stamp > >> corresponding to when I shut the node down. Then I noticed, that I was > >> missing dang near EVERY file in /etc/pki/ovirt-engine but I had an > >> equivalent file with the ".201711021302" extension. So a touch of bash > >> and I copied all of my "*.201711021302" files with the proper > >> user/group/permissions into their base name. Hooray! No more errors in > >> the log files and all services start!! > >> > >> 4) I open my web browser and head to my management host...and I get this > >> error: > >> Keystore was tampered with, or password was incorrect > >> > >> Well...yeah. I had to fix it in step one. :-/ > >> > >> I'm not getting anything useful out of my Internet searching. I don't > >> know what went wrong or why, but my SSL is just borked. > >> > >> Any suggestions? Thoughts? Ideas? > >> > >> Is there a way to just blow away and start over with the SSL _without_ > >> destroying the VM's (which fortunately they all seem to still be > >> functional!)? > >> > >> Any help would be greatly appreciated. > >> Thanks! > >> ~Stack~ _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
