In addition, if needed you can use xcatconfig -k to regenerated the root ssh keys that get distributed to the nodes and xcatconfig -s to regenerate the ssh host keys that get distributed to the nodes. You can then use updatenode <noderange> -k to update these keys on your compute and service nodes. It will also update the SSL credentials on the Service Nodes. Again, check the xcatconfig man page for these options and additional work that will have to be done, if these keys are changed.
Lissa K. Valletta 2-3/T12 Poughkeepsie, NY 12601 (tie 293) 433-3102 From: Lissa Valletta/Poughkeepsie/IBM@IBMUS To: xCAT Users Mailing list <[email protected]> Cc: [email protected] Date: 01/03/2012 09:38 AM Subject: Re: [xcat-user] Changing the "domain" in the site table If you used a short hostname on the MN, then your SSL credentials should be ok. The xCAT CA key should only have a short hostname in it. You can double check /etc/xcat/cert/server-cred.pem and look at the following lines Issuer: CN=xCAT CA Validity Not Before: Nov 28 13:01:18 2011 GMT Not After : Nov 23 13:01:18 2031 GMT Subject: CN=hpcrhmn <---- short hostname If you have a fully qualified name for the MN, after you change the MN domain, run xcatconfig -c and it will regenerated the credentials. Then follow the instructions in man xcatconfig for the -c flag, you will have to resend the credentials to the SNs ( if you have them) and run makeconservercf. The compute nodes do not talk to the daemon, nor do we distribute the SSl credential to the CNs. We suggest using only short hostnames. If this was done then your ssh keys, known_hosts files will not contain the old domain name. Probably running makedhcp -a and makedns -n will be needed. Other setup like syslog on the compute nodes might be wrong, so after the change on the MN and SNs, running updatenode <noderange> -P to rerun the postscripts probably is needed. You could help us by sending us the process needed to change the domain to add to our documentation. Thanks! Lissa K. Valletta 2-3/T12 Poughkeepsie, NY 12601 (tie 293) 433-3102 From: Christopher Samuel <[email protected]> To: [email protected] Date: 01/03/2012 12:24 AM Subject: [xcat-user] Changing the "domain" in the site table -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks, When I first set up xCAT I was a complete novice with no help and no real guidance, so I set up the domain to be the same as our domain (vlsci.unimelb.edu.au). Now I'm regretting that and we have a small opportunity to fix it up, so I'm wondering what do I need to watch out for if I change that (adding an extra component to it) ? Things I've noticed are: 1) ssh_known_hosts files 2) /etc/hosts 3) dhcp 4) DNS 5) xCAT CA key The last one worries me the most, will changing the domain cause clients to refuse to talk to the daemon due to the change of hostname in the CN ? cheers, Chris - -- Christopher Samuel - Senior Systems Administrator VLSCI - Victorian Life Sciences Computation Initiative Email: [email protected] Phone: +61 (0)3 903 55545 http://www.vlsci.unimelb.edu.au/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8CkF4ACgkQO2KABBYQAh851gCePmhBMRvb1sW2s8WJMmcvs69j gRcAnjO70xadidf37oiHyUzHzbZcuUs7 =NwQK -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
