Updating hostname. Is there a guide for updating the hostname from http://ec2-<someaddress>.amazonaws.com to https://prefix.domain.com. I'm getting error: {"title":"Not Found","status":404,"detail":"404 NOT_FOUND \"No Organization found for hostname 'analytics.domain.com'\"; nested exception is errorType=com.gooddata.tiger.common.exception.NotFoundException, message=No organization found for hostname analytics.domain.com","traceId":"c580741f770af54c"} i tried to PUT OIDC and got a 400 organization hostname cannot be changed.

There is a guide on this HERE, and you will want to ensure you have set up the OIDC. Can you please confirm that you have followed the correct steps in changing the hostname, and let us know if you face any issue?

If you're using kubernetes deployment, the hostname needs to be changed in Organization custom resource.

Thanks Robert using docker. I will attempt the guide above!

If you're using Docker, that's completely different story

@Robert Moucha is it possible to stop the docker, make the updates and restart to update hostname? I'm willing to forward traffic in AWS using an ELB/ route 53.

No, it's not possible by design, how Docker works. You can set env variable only in

docker run

command but not in

docker start

. It might be possible to stop and delete the old container, and run a new one with that updated env. If you have data stored on docker volume, this volume can be preserved and mounted to freshly started container. But I recommend creating dump of the whole organization layout first as a backup. One more thing to consider - even if you change hostname by the steps described above, the UI authentication won't work because redirect_url will not change. This limitation applies only if you use built-in OIDC provider (Dex). If you use external OIDC service, simply update redirect_url to match your new hostname in your Identity Provider client configuration.

So last thing I doubt before I talk to my engineers. It sounds like we should export the entire org layout which will save all of my data. Next I should decommission the entire docker container and now that we've finalize you as a solution and built out AWS name servers we should provision the new container with analytics.novelcx.com or against our existing SaaS. When I log in as demo I can create a new API key and use this key to PUT my old org layout back - updating the hostname now from the ec2address.to analytics.novelcx.com and then I would need to update auth0 for silent login in my current client?

1. You can make gooddata-cn-ce container to start with custom bootstrap API token (see this) 2. You can disable automatic creation of "demo" account (

-e GDCN_DISABLE_DEMO_USER=0

) My proposal on how to migrate to a new hostname and set up OICD follows: 1. export the full organization layout from the existing container (

GET /api/v1/layout/organization

). DataSource credentials will NOT be exported. So db passwords need to be added to the exported JSON file. User logins and passwords from the internal oidc will not be exported as well, but you don't need them, because you will use external oidc anyway. 2. stop the old container. I assume you have data stored in docker volume. To play safe, keep this volume until the final deployment works as expected. 3. run new container with new empty volume, all the env vars suggested above, including

-e GDCN_PUBLIC_URL=<https://analytics.novelcx.com>

(this is the hostname that resolves to your SSL-terminating proxy or loadbalancer, that sends traffic to your ec2 instance with gooddata) 4. using bootstrap token, upload Organization layout with data source passwords (

PUT /api/v1/layout/organization

). Since the organization still has internal oidc set up, ui logins won't work at this moment. 5. using bootstrap token, update Organization to use external OIDC (

PUT /api/v1/entities/admin/organizations/default

). 6. Create user mappings (or you may also update the existing ones) so the will have proper authenticationId attributes corresponding to your

sub

claim provided by your external OIDC - as described in docs. (The steps 5 and 6 may be done at once, if you prefill the organization layout json file with properly configured users). Rollback: If everything goes south, delete the new container and start the old one with the old preserved volume.