If you used a short hostname on the MN, then your SSL credentials should be
ok. The xCAT CA key should only have a short hostname in it.
You can double check /etc/xcat/cert/server-cred.pem and look at the
following lines
Issuer: CN=xCAT CA
Validity
Not Before: Nov 28 13:01:18 2011 GMT
Not After : Nov 23 13:01:18 2031 GMT
Subject: CN=hpcrhmn <---- short hostname
If you have a fully qualified name for the MN, after you change the MN
domain, run
xcatconfig -c and it will regenerated the credentials. Then follow the
instructions in man xcatconfig for the -c flag, you will have to resend the
credentials to the SNs ( if you have them) and run makeconservercf.
The compute nodes do not talk to the daemon, nor do we distribute the SSl
credential to the CNs.
We suggest using only short hostnames. If this was done then your ssh
keys, known_hosts files will not contain the old domain name. Probably
running makedhcp -a and makedns -n will be needed.
Other setup like syslog on the compute nodes might be wrong, so after the
change on the MN and SNs, running updatenode <noderange> -P to rerun the
postscripts probably is needed.
You could help us by sending us the process needed to change the domain to
add to our documentation.
Thanks!
Lissa K. Valletta
2-3/T12
Poughkeepsie, NY 12601
(tie 293) 433-3102
From: Christopher Samuel <[email protected]>
To: [email protected]
Date: 01/03/2012 12:24 AM
Subject: [xcat-user] Changing the "domain" in the site table
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi folks,
When I first set up xCAT I was a complete novice with no help and no
real guidance, so I set up the domain to be the same as our domain
(vlsci.unimelb.edu.au).
Now I'm regretting that and we have a small opportunity to fix it up, so
I'm wondering what do I need to watch out for if I change that (adding
an extra component to it) ?
Things I've noticed are:
1) ssh_known_hosts files
2) /etc/hosts
3) dhcp
4) DNS
5) xCAT CA key
The last one worries me the most, will changing the domain cause clients
to refuse to talk to the daemon due to the change of hostname in the CN ?
cheers,
Chris
- --
Christopher Samuel - Senior Systems Administrator
VLSCI - Victorian Life Sciences Computation Initiative
Email: [email protected] Phone: +61 (0)3 903 55545
http://www.vlsci.unimelb.edu.au/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8CkF4ACgkQO2KABBYQAh851gCePmhBMRvb1sW2s8WJMmcvs69j
gRcAnjO70xadidf37oiHyUzHzbZcuUs7
=NwQK
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
