SSL Certificates update procedure after ovirt-engine-rename does not update the WebSocketProxy configuration key
Issue
In the documentation it's clearly stated that:
The ovirt-engine-rename command does not update SSL certificates, such as imageio-proxy or websocket-proxy. These must be updated manually, after running ovirt-engine-rename. See Updating SSL Certificates below.
To update SSL Certificates there is the following procedure described in the session "Updating SSL Certificates":
Run the following commands after the `ovirt-engine-rename` command to update the SSL certificates:
1. # names="websocket-proxy imageio-proxy"
2. # subject="$(\
openssl x509 \
-in /etc/pki/ovirt-engine/certs/apache.cer \
-noout \
-subject | \
sed \
's;subject= \(.*\);\1;'
)"
3. # . /usr/share/ovirt-engine/bin/engine-prolog.sh
4. # for name in $names; do
/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh \
--name="${name}" \
--password=mypass \
--subject="${subject}" \
--keep-key \
--san=DNS:"${ENGINE_FQDN}"
done
This procedure does not modify the WebSocketProxy
configuration key of the engine-config
.
Running engine-config -g WebSocketProxy
returns the old FQDN
[root@mgr01 ~]# engine-config -g WebSocketProxy
WebSocketProxy: <old_mgr_FQDN>:6100 version: general
This causes a failure when the customer tries to open the console of any VM with the "Console Option" set to noVNC, from the Admin GUI.
When "console" button is pressed it opens a new tab pointing to the wrong URL:
https://<new_mgr_FQDN/ovirt-engine/services/novnc-main.jsp?host=<old_mgr_FQDN>&port=6100&title=<VM_FQDN>%20-%20noVNC
Environment
Red Hat Virtualization (RHV) 4.3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.