Virtual Instances Guide

Red Hat Satellite 6.2

For Use with Red Hat Satellite 6.2

Red Hat Satellite Documentation Team

Abstract

This guide provides information on how to apply Virtual Data Center subscriptions, configure the virt-who service, and register virtual instances with Red Hat Satellite 6.2.

Chapter 1. Introduction

By default, Red Hat Enterprise Linux instances are registered to and obtain their content from the Customer Portal.

Red Hat Enterprise Linux instances under management with Red Hat Satellite Server 6 are instead registered to a Satellite Server, and obtain their content and Product subscriptions from it.

Modern IT infrastructure is a mix of physical and virtual hardware, with virtualization providing a level of flexibility and scalability not easily achieved with physical hardware. Red Hat’s subscription model applies to both physical and virtual servers.

A Red Hat subscription provides:

  • Access to support services
  • Content delivery and hosted repositories
  • Access to knowledgebases, forums, videos, and other resources

The Red Hat subscription model requires that for physical servers, subscriptions must cover the physical attributes of the machine, such as the number of sockets or cores. Subscriptions are always applied in sets of two to cover pairs of sockets or cores, and those subscription pairs must be attached to cover all sockets and cores. Subscriptions for virtual servers can also be purchased and applied according to their virtual CPU attributes, but there is another subscription type that might be more suitable - a Virtual Data Center (VDC) subscription, which is a host-based subscription. A host-based subscription is applied to a hypervisor and entitles the hypervisor to provide subscriptions to its virtual machines. With a host-based subscription, each guest requires one subscription, regardless of its virtual CPU configuration.

1.1. Supported Virtualization Platforms

Supported virtualization platforms to which a Virtual Data Center (VDC) subscription can be applied are:

  • Red Hat Virtualization (RHV)
  • Red Hat OpenStack Platform (RHOSP)
  • Red Hat Enterprise Linux hypervisors
  • VMware vSphere
  • Microsoft Hyper-V

    Note

    The virt-who daemon does not currently support Microsoft System Center 2012 R2 Virtual Machine Manager (SCVMM). There must be a virt-who configuration file for each Microsoft Hyper-V host to which virt-who is to connect.

A VDC subscription applies only to a hypervisor’s guest virtual machines, not the hypervisor itself. For all virtualization platforms which require a Red Hat Enterprise Linux hypervisor, the hypervisor requires its own subscription.

1.2. Choosing a Subscription

Red Hat recommends a subscription that allows virtual machines to inherit subscriptions, since this allows for flexibility when provisioning virtual machines. However the choice is yours, and should be made according to your requirements. If you are unsure which subscription best meets your needs, contact your Red Hat account manager for advice. For more details of the Red Hat subscription model, see Subscription Concepts and Workflows.

The following are example Red Hat subscriptions which provide inheritable subscriptions:

  • Red Hat Enterprise Linux for Virtual Datacenters
  • Red Hat Enterprise Linux with Smart Virtualization and Management

This guide uses a Red Hat Enterprise Linux for Virtual Datacenters (VDC) subscription in all examples. The workflow for all inheritable subscriptions is identical.

Confirming if virt-who is Required

To confirm if the virt-who daemon is required, either use the Red Hat Certificate Tool, or contact Red Hat Support. The command line Red Hat Certificate Tool (rct) reads a Subscription Manifest file and displays details of the manifest in plain text. The Red Hat Certificate Tool is available in subscription-manager-1.17.10 (or later) package, in either Red Hat Enterprise Linux 7.3 or Fedora 24.

Examining a Subscription Manifest with the Red Hat Certificate Tool

  1. Download the Subscription Manifest from the Customer Portal.
  2. Run the command line Red Hat Certificate Tool.

    # rct cat-manifest --no-content manifest_file.zip

    The following extract is from an OpenShift Container Platform, Premium (1-2 Sockets) subscription.

    Subscription:
        Name: OpenShift Container Platform, Premium (1-2 Sockets)
        Quantity: 50
        Created: 2017-09-16T01:47:59.000+0000
        Start Date: 2017-07-04T04:00:00.000+0000
        End Date: 2018-07-04T03:59:59.000+0000
        .
        .
        .
        Virt Limit: unlimited
        Requires Virt-who: True

The virt-who daemon is required if the rct output includes Virt Limit: unlimited, Requires Virt-who: True, or both. In this example, both are included, confirming that the virt-who daemon is required.

1.3. Applying Virtual Guest Subscriptions

A Virtual Data Center (VDC) subscription is one type of host-based subscription offered by Red Hat. Host-based subscriptions are applied to a host and inherited by its guests. Host-based subscriptions consist of two parts, a pool attached to the virtualization manager or hypervisor, and a pool from which virtual guests inherit their subscription. It is important to note that the virtualization manager or hypervisor’s subscription does not provide entitlement to product content.

To successfully provision virtual machines, and ensure they inherit host subscriptions, you must do the following:

  1. Ensure that a manifest including a VDC subscription has been uploaded to Satellite Server. See Importing a Subscription Manifest into the Satellite Server in the Content Management Guide.
  2. Install and configure the virt-who service. See Chapter 5, Configuration and Services.
  3. Attach a VDC subscription to the hypervisor. To attach a VDC subscription to a hypervisor using the web UI, click Hosts → Content Hosts, select a host, and click Subscriptions → Subscriptions. Click Add, select the desired subscription, and click Add Selected.
  4. Restart the virt-who service so that the hypervisor and virtual machine mapping information is sent back to Satellite.
  5. Register virtual machines with an activation key that has auto-attach enabled and no subscriptions attached. This way, the virtual machines will inherit the VDC subscription from the hypervisor.

1.3.1. Confirming a VDC Subscription

To confirm that the VDC subscription and its associated subscription pool are available, open the Satellite web UI and navigate to ContentRed Hat Subscriptions. For example, if you have a single virtualization manager or hypervisor registered with a VDC subscription, its subscription pool would be listed as follows:

Red Hat Enterprise Linux for Virtual Datacenters, Standard

1 out of 1 Physical

The subscriptions pool will be listed under the VDC subscription as follows:

Red Hat Enterprise Linux for Virtual Datacenters, Standard (DERIVED SKU)

1 out of unlimited Guests of vmhost1.example.com

In this example, one virtual machine has been subscribed and inherited its subscription from the hypervisor vmhost1.example.com. To confirm which virtual machines are subscribed, click on the subscriptions count (in this example, 1 out of unlimited), and from the Activation Key drop-down list select Content Hosts.

1.4. Virtual Machine Subscription Process

Virtual Machine Subscription Process

The process of registering a virtual machine is as follows:

  1. A virtual machine is provisioned using Satellite.
  2. The virtual machine requests a subscription from the Satellite Server.
  3. As the subscription manager doesn’t yet know to which host the virtual machine belongs, a temporary subscription is granted, valid for a maximum 24 hours.
  4. The virt-who daemon connects to the virtualization manager or hypervisor and requests details of the guest virtual machines. By default, this request is made every hour, but the interval is configurable. Red Hat recommends this value remain at the default unless requested by Red Hat Support.
  5. The virtualization manager or hypervisor returns to virt-who the list of guest virtual machines, including each UUID.
  6. The virt-who daemon reports to the Satellite Server the list of guest virtual machines.
  7. The Satellite Server then reconciles the subscriptions required by the virtual machines with those available. If the required subscriptions are available, they are assigned to the virtual machine and its subscription is complete.

1.5. Subscription Status

A registered host, virtual or physical, has a subscription status based on its installed Products and attached subscriptions.

To verify the status of a virtual machine’s subscription in the Satellite web UI:

  1. Open the Satellite web UI and navigate to Hosts > Content Hosts.
  2. Click on the host’s name.
  3. Check the content of the Subscription Status column. Each host’s subscription status is indicated by colour: green, yellow or red, and its status in text.

Subscription Status Meanings

  • Red

    • The host has Products installed that valid subscriptions do not cover. Hosts in a Red status cannot access content for Products not covered by subscriptions. Manual intervention is required to resolve a subscription with this status.
  • Yellow

    • Either the host has insufficient subscriptions or an incorrect quantity of subscriptions is attached (for example, a 2-socket subscription is attached to a 4-socket host), or Satellite does not know which virtualization manager or hypervisor hosts the virtual machine and has assigned a temporary subscription. Insufficient subscriptions must be resolved manually. Temporary subscriptions will be automatically resolved by Satellite, providing there are enough subscriptions available.
  • Green

    • The host is correctly subscribed.
Note

Hypervisors always appear in the Satellite web UI as correctly subscribed, regardless of their actual status.

1.5.1. Temporary Subscriptions

When a virtual machine is first registered, Satellite does not know with which virtualization manager or hypervisor the virtual machine is associated and so cannot assign a subscription. In this case a temporary subscription is granted, valid for a maximum period of 24 hours. When the virt-who daemon next runs and identifies the virtual machine’s host, a permanent subscription is applied, provided the host has available subscriptions of the right type. If a permanent subscription is granted, the virtual machine’s subscription status is changed to Subscribed. A virtual machine that has been granted a temporary subscription might, after the 24-hour period, automatically select a subscription intended for a physical host and so restrict the number of subscriptions available. When the 24-hour period expires, the host’s status is changed to Not subscribed if it has been unable to request a suitable subscription.

When a virtual machine is granted a temporary subscription, you have several options available:

  • Install virt-who and wait

    If virt-who has not already been installed and configured, do so, then wait for virt-who to identify the virtualization manager or hypervisor hosting the virtual machine, in which case the subscription will be automatically selected from those available.

  • Manually assign a subscription

    If you do not want to wait for up to 24 hours to pass, or you want to assign a specific subscription, install and configure virt-who, then manually assign the desired subscription.

  • Do nothing

    This situation should be avoided as it results in more subscriptions being consumed than would otherwise be consumed. A virtual machine assigned a temporary subscription might be assigned subscriptions intended for physical hosts. For example, a virtual machine with 2 CPUs might be granted two subscriptions instead of a single VDC subscription.

1.5.2. Virtual Machine Migration

When a virtual machine is migrated either automatically or manually to another hypervisor that is registered to Red Hat Satellite, one of the following virtual machine subscription behaviors can occur:

  • If the virtual machine has been reported via virt-who, and the hypervisor has a valid VDC subscription, the virtual machine will consume the virtual guest pool that already exists for the hypervisor. Ideally, all hypervisors that could be hosting the virtual machine should have a valid VDC subscription.
  • If the virtual machine has been reported via virt-who, and there are sufficient subscriptions in Red Hat Satellite, but the hypervisor does not yet have a valid VDC subscription attached, a VDC subscription will get automatically attached to the hypervisor and be inherited by the virtual machine.
  • If there are sufficient subscriptions in Red Hat Satellite, but the virtual machine has not been reported via virt-who, the virtual machine will consume a physical subscription.
  • If the hypervisor does not have a valid VDC subscription attached, and there are insufficient subscriptions in Red Hat Satellite, the virtual machine will not have a valid subscription and lose access to content.

Chapter 2. Installation and Configuration Overview

For a virtual Red Hat Enterprise Linux server to request and be granted a VDC subscription, the virt-who daemon must be configured to connect to each virtualization manager or hypervisor and report hosted virtual machines to Red Hat Satellite Server 6. To establish these connections, complete the following tasks in order:

  1. Decide on a configuration that suits your environment.
  2. Review the virt-who daemon’s prerequisites and ensure that all have been met.
  3. If the virt-who daemon is not to be installed on either the Satellite Server or an external Capsule Server, install an instance of Red Hat Enterprise Linux for the purpose.
  4. Install the virt-who daemon.
  5. Establish connections between the virt-who daemon and your hypervisors.

Chapter 3. Configuration Options

The simplest configuration requiring virt-who consists of one hypervisor or virtualization manager, one organization and one hypervisor technology, with the virt-who instance reporting directly to the Satellite Server. Since most organizations are more complex than this, the installation and configuration of virt-who can be adapted to accommodate the following variables:

  • Multiple organizations in Satellite
  • Multiple hypervisors
  • Multiple hypervisor technologies
  • HTTP proxy

3.1. Multiple Organizations

A single virt-who instance can report to the Satellite Server virtual machines which are associated with multiple organizations. Individual configuration files are recommended for each organization.

3.2. Multiple Hypervisors

A single virt-who instance can connect to multiple hypervisors and report the virtual machines hosted by each. Individual configuration files are recommended for each hypervisor or virtualization manager as it makes troubleshooting easier. For example, if you suspect a hypervisor is causing a problem, you can move that hypervisor’s configuration file to another directory, stopping virt-who from querying it and so eliminating it from the problem’s scope.

If you have multiple hypervisors, virt-who queries each in parallel. This reduces the chance of virt-who’s queries being stopped or delayed because of an unresponsive hypervisor.

3.3. Multiple Hypervisor Technologies

A single virt-who instance can connect to virtualization platforms of multiple supported technologies. Individual configuration files are recommended for each platform.

3.4. HTTP Proxy

If you use HTTP proxy servers in your environment, additional configuration is required to use virt-who with HTTP proxy:

Chapter 4. Prerequisites

Before proceeding to install virt-who, ensure the following prerequisites are met.

4.1. Authentication Requirements

Create an account on each virtualization manager, such as VMware vCenter and Red Hat Virtualization Manager, or individual hypervisors so the virt-who agent can retrieve the list of guest virtual machines. Each connection is separate, so you can use different accounts for each connection if required. Each account, generally known as a service account, should be dedicated to this purpose, have read-only access, and have a non-expiring password.

4.2. Software Requirements

The virt-who daemon must be installed on Red Hat Enterprise Linux, version 7 (recommended) or 6. For Red Hat Enterprise Linux hypervisors, the virt-who daemon must be installed on the hypervisor. For all other hypervisors, the virt-who daemon can be installed on the Satellite Server, an external Capsule Server, or a dedicated instance of Red Hat Enterprise Linux. Except for Red Hat Enterprise Linux hypervisors, Red Hat recommends installing virt-who on the Satellite Server, because it simplifies the network configuration and provides maximum availability. If you install virt-who on a dedicated instance of Red Hat Enterprise Linux, this host does not have to be registered to the Satellite Server.

4.3. Subscriptions

Subscriptions are specific to organizations. Although you can configure the virt-who daemon to support multiple organizations, you cannot share subscriptions across organizations.

Note

You must have one virtual data center subscription for each organization and for each hypervisor.

4.4. Preparing the virt-who Host

Note

Skip this procedure if virt-who is to be installed on the Satellite Server, an external Capsule Server, or a Red Hat Enterprise Linux hypervisor.

Before installing the virt-who daemon, a Red Hat Enterprise Linux instance must be installed and configured as follows.

  1. Install Red Hat Enterprise Linux, version 7 (recommended) or 6.

    Only a CLI environment is required. For help with this step, see the Red Hat Enterprise Linux 7 Installation Guide or the Red Hat Enterprise Linux 6 Installation Guide.

  2. Install the Satellite Server’s CA certificate:

    # rpm -ivh http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm
  3. Register the Red Hat Enterprise Linux server to the Satellite Server:

    # subscription-manager register --username=admin --password=p@sswd \
    --org=organization_label --auto-attach
  4. Open a network port for HTTPS:

    To enable virt-who to communicate with the subscription service, TCP port 443 must be opened.

    On Red Hat Enterprise Linux 7:

    # firewall-cmd --add-port="443/tcp"
    # firewall-cmd --add-port="443/tcp" --permanent

    On Red Hat Enterprise Linux 6:

    # iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
    # service iptables save

4.5. Installing virt-who

  1. Subscribe to the Satellite Tools repository for 6.2.

    On Red Hat Enterprise Linux 7:

    # subscription-manager repos --enable=rhel-7-server-satellite-tools-6.2-rpms

    On Red Hat Enterprise Linux 6:

    # subscription-manager repos --enable=rhel-6-server-satellite-tools-6.2-rpms
  2. Verify that the server is subscribed to the Satellite Tools repository for 6.2.

    # subscription-manager repos --list-enabled

    If the output of this command lists the Satellite Tools repository for 6.2 then the subscription has been successful.

    Note

    The virt-who package is available both from the Red Hat Satellite Tools and the Red Hat Enterprise Linux repository. The latest version of the package will be installed by the yum utility.

  3. Install the virt-who package.

    # yum install virt-who

Chapter 5. Configuration and Services

5.1. Virt-who Configuration Files

The virt-who service requires a minimum of two configuration files:

  • a global configuration file, /etc/sysconfig/virt-who, contains settings which apply to all virt-who connections from that host.
  • an individual configuration file for each hypervisor or virtualization manager to which Satellite is to be connected. These must be stored in the /etc/virt-who.d/ directory.
Note
  • The individual configuration files, stored in the /etc/virt-who.d/ directory, must have the .conf suffix when the version of virt-who is virt-who-0.19 or higher.
  • If you add or remove virtualization managers or hypervisors you must update the virt-who daemon’s configuration.
  • When a username is added in the virt-who configuration file before the option rhsm_username, the user must have access to log in to Satellite 6. Users of third-party applications such as Active Directory and IDM might not have access that permits them to log in to Satellite 6.

The following is an extract from the example individual configuration file provided with virt-who. The configuration options for each connection are contained in a stanza. The title of each configuration stanza must be unique. It is recommended, but not required, that the individual configuration files are given the same name as the hypervisor.

#[config name]
#type=               ; insert one of libvirt/esx/hyperv/rhevm/vdsm/fake
#server=             ; insert hostname or ip address of the server to connect to
#username=           ; username for server authentication
#password=           ; password for server authentication
#encrypted_password= ; password encrypted using virt-who-password utility
#owner=              ; owner for use with SAM, Customer Portal, or Satellite 6
#env=                ; environment for use with SAM, Customer Portal, or Satellite 6
#hypervisor_id=      ; how will be the hypervisor identified, one of: uuid, hostname, hwuuid
Note

It is possible, and supported, to combine the global configuration and the hypervisor connections' configuration files into a single file: /etc/sysconfig/virt-who. However, this method will be deprecated in the future. Separating the global and individual configuration files allows for easier troubleshooting.

5.1.1. Limiting the Scope of virt-who Access

If you run a hybrid environment, with virtual machines running Red Hat Enterprise Linux and other operating systems, you might want to limit the scope of virt-who’s access to hosts. For example, if some hypervisors host only Microsoft Windows Server instances, there is no benefit in having those hypervisors reported by the virt-who agent.

To limit virt-who’s access to hosts (hypervisors), use one or both of the following methods. Both methods achieve the same objective, but the include or exclude method should be considered the default since it is a native feature of virt-who.

  • List hosts to be included or excluded.
  • Limit access to only a subset of hosts.

5.1.1.1. List Hosts to be Included or Excluded

To either include or exclude hosts being reported by the virt-who daemon, list them in the virt-who configuration file, separated by commas. If a host’s name contains special characters, enclose it in quotation marks. To include hosts, use the filter_hosts parameter. To exclude hosts, use the exclude_hosts parameter. Only one of these methods can be used in each virt-who configuration file.

The method of identifying hosts to be included or excluded must match the method you specified to have them identified in the Satellite web UI. If you specified hypervisor_id=hostname, then you must list the hosts' names. If you specified hypervisor_id=uuid, or hypervisor_id=hwuuid, then you must list the hosts' UUID or HWUUID respectively.

Note

The filtering parameters filter_host_uuids and exclude_host_uuids have been deprecated.

Example of excluding hosts from virt-who

[vcenterhost1]
type=esx
server=_vsphere.example.com_
username=_test_
password=_test_
owner=_default_organization_
env=Library
hypervisor_id=_hostname_
exclude_hosts=host1.redhat.com,host2.redhat.com

5.1.1.2. Limit Access to Specific Hosts

Grant the account used by virt-who read-only access to only those hosts you want to include. With restricted access to hosts, the virt-who daemon will only find and retrieve those hosts accessible to it.

5.1.2. Configuration Sources

In this guide, all examples use configuration files, but virt-who can accept configuration from several sources. They are listed below in order of precedence. For detailed information about virt-who configuration options, see the virt-who-config and virt-who man pages.

Specifying configuration options at the command line can be useful if you are testing a configuration before implementing it in configuration files. Note that any such options will not persist after the virt-who service is restarted, or the Red Hat Enterprise Linux host is rebooted.

  1. command line
  2. environment variables
  3. /etc/sysconfig/virt-who file
  4. /etc/virt-who.d/*.conf files
  5. /etc/virt-who.conf file

5.2. Creating a User for virt-who

  1. Create a Satellite user with Administrator access.

    This account is used to allow virt-who to connect to Satellite. Red Hat recommends the account be used for only this purpose. If you have previously created a Satellite user for this purpose, skip this step.

    For help creating the user using the Satellite web UI, see Creating a User in the Server Administration Guide. For help creating the user using the Hammer CLI, see Creating Users in the Hammer CLI Guide.

  2. Encrypt the user’s password.

    Encrypting the virt-who account password provides greater security compared with storing the password in plain text. The root account must encrypt the password because the encryption key is written into a file that is only readable by the root account. For that reason, only the root account can decrypt the password.

    1. Execute the virt-who-password utility.

      # virt-who-password

      Enter the password of the account to connect to the hypervisor. The encrypted form of the password is output to the screen.

      # virt-who-password
      Password: <virt who account's password>
      Use following as value for encrypted_password key in the configuration file:
      837a5d6a34203e805c998ce02bf84c03
    2. Make a note of the encrypted password.

This is used later in the virt-who daemon’s configuration.

5.3. Configuring virt-who to Connect to Red Hat Enterprise Virtualization Hypervisor

Repeat this procedure for each Red Hat Enterprise Virtualization Hypervisor (RHEV-H) host to which this instance of virt-who is to be connected.

  1. Encrypt the password of the account to be used to connect to the Red Hat Enterprise Virtualization Manager instance.

    Use the virt-who-password command to encrypt the password. For an example, see Section 5.2, “Creating a User for virt-who”.

  2. Copy the template configuration file to a new file.

    On the virt-who host:

    # cp /etc/virt-who.d/template.conf /etc/virt-who.d/rhevmhost1.conf

    To make it easy to identify the configuration file for each hypervisor, use the RHEV-H host’s name as the new file’s name. In this example, the host name is rhevmhost1.

  3. Edit the configuration file you just created, changing the example values with those specific to your configuration.

    [rhevmhost1]              1
    type=rhevm                2
    hypervisor_id=hostname    3
    owner=organization_label           4
    env=Library               5
    server=https://rhevmhost1.example.com:443  6
    username=admin@internal   7
    encrypted_password=bd257f93d@482B76e6390cc54aec1a4d  8
    1
    This must be unique for each virt-who instance. Use the Red Hat Virtualization Manager host’s name to make it easy to identify the configuration file for each hypervisor.
    2
    The type=rhevm specifies that this virt-who connection is to a Red Hat Virtualization Manager.
    3
    Specifies that hypervisors will be identified in the Satellite web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.
    4
    Organization’s label. To list available organizations, enter the following command: hammer organization list. Identify which organization you want the virtual hosts to be assigned to, and use the matching entry in the LABEL column.
    5
    This specifies the environment in which the host will be placed and must be Library.
    6
    Red Hat Enterprise Virtualization Manager’s fully qualified host name or IP address. The default port number is 8443, but port 443 is used by Red Hat Enterprise Virtualization Manager after version 3.0.
    7
    Account name by which virt-who is to connect to the Red Hat Enterprise Virtualization Manager instance. The username option requires input in the format username@domain. Note that the read-only access is not sufficient to be able to acquire the Red Hat Virtualization Hypervisor host information via virt-who. It is necessary to create a new role in the Red Hat Enterprise Virtualization environment with the Admin account type and Login Permissions enabled only and assign this role to the user.
    8
    Encrypted password for the account specified by username.
  4. Configure virt-who to report to the Satellite Server.

    Add the following configuration lines, replacing example values with those specific to your environment.

    rhsm_hostname=satellite.example.com  1
    rhsm_username=virt_who-admin         2
    rhsm_encrypted_password=bd257f93d@482B76e6390cc54aec1a4d  3
    rhsm_prefix=/rhsm                    4
    1
    Satellite Server’s fully-qualified host name, for example: satellite.example.com
    2
    Satellite user, used by the virt-who daemon to connect to the Satellite Server. This was created in Section 5.2, “Creating a User for virt-who”.
    3
    Encrypted password for the user specified by rhsm_username. This was created in Section 5.2, “Creating a User for virt-who”.
    4
    This must be /rhsm.

5.4. Configuring virt-who to Connect to a Red Hat Enterprise Linux Hypervisor

Complete this procedure on each Red Hat Enterprise Linux hypervisor.

Configure virt-who to connect to the Red Hat Enterprise Linux hypervisor

  1. Configure the Red Hat Enterprise Linux hypervisor to register to the Satellite Server.

    # yum install http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm
  2. Register the Red Hat Enterprise Linux hypervisor to the Satellite Server.

    # subscription-manager register --org=organization_label
  3. Attach the VDC subscription to the Red Hat Enterprise Linux hypervisor.

    # subscription-manager attach --pool=subscription_pool_ID

    To find the required subscription pool ID, list all available subscriptions.

    # subscription-manager list --available
  4. Copy the template configuration file to a new file.

    To make it easy to identify the configuration file for each hypervisor, use the hypervisor host’s name as the new file’s name. In this example, the host name is rhelhost1.

    cp /etc/virt-who.d/template.conf /etc/virt-who.d/rhelhost1.conf
  5. Edit the configuration file you just created, changing the example values with those specific to your configuration.

    [rhelhost1.example.com]         1
    type=vdsm                       2
    hypervisor_id=hostname          3
    1
    Red Hat Enterprise Linux Hypervisor’s FQDN.
    2
    The type=vdsm parameter specifies that this virt-who connection is to a Red Hat Enterprise Linux hypervisor.
    3
    Specifies that hypervisors will be identified in the Satellite web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.

This completes the configuration required for a Red Hat Enterprise Linux hypervisor instance.

Registering Guest Virtual Machines

When registering a virtual machine hosted on this Red Hat Enterprise Linux host, you need to use an activation key that has auto-attach enabled and no subscriptions attached. This way, the virtual machine will inherit the VDC subscription from the hypervisor.

  1. Configure the virtual machine to register with Satellite Server.

    # yum install http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm
  2. Register the virtual machine. The activation key created for VDC subscription has to be listed first. Add a secondary key for additional product subscription if required.

    # subscription-manager register --activationkey=VDC_Key,secondaryKey --org=organization_label
  3. Disable any auto-activated repositories.

    # subscription-manager repos --disable=*
  4. Enable the desired repositories for the system.

    # subscription-manager repos --enable=example-repo

5.5. Configuring virt-who to Connect to a Red Hat OpenStack Platform Compute Node

Complete this procedure on each Red Hat OpenStack Platform compute node.

Configure virt-who to connect to the Red Hat OpenStack Platform compute node

  1. Configure the Red Hat OpenStack Platform compute node to register to the Satellite Server.

    # yum install http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm
  2. Register the Red Hat OpenStack Platform compute node to the Satellite Server.

    # subscription-manager register --org="organizational_label"
  3. Attach the VDC subscription to the Red Hat OpenStack Platform compute node.

    # subscription-manager attach --pool=subscription_pool_ID

    To find the required subscription pool ID, list all available subscriptions.

    # subscription-manager list --available
  4. Copy the template configuration file to a new file.

    To make it easy to identify the configuration file for each hypervisor, use the hypervisor host’s name as the new file’s name. In this example, the host name is rhosphost1.

    cp /etc/virt-who.d/template.conf /etc/virt-who.d/rhosphost1.conf
  5. Edit the configuration file you just created, changing the example values with those specific to your configuration.

    [rhosphost1.example.com]    1
    type=libvirt                2
    hypervisor_id=hostname      3
    1
    Red Hat OpenStack Platform compute node’s FQDN.
    2
    The type=libvirt parameter specifies that this virt-who connection is to a Red Hat OpenStack Platform compute node.
    3
    Specifies that hypervisors (compute nodes) will be identified in the Satellite web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.

This completes the configuration required for a Red Hat OpenStack Platform compute node.

Registering Guest Virtual Machines

When registering guest virtual machines hosted on this Red Hat OpenStack Platform compute node, it is important that they use the subscription attached to the compute node.

  1. Configure the virtual machine to register with the Satellite Server.

    # yum install http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm
  2. Register the virtual machine.

    # subscription-manager register --org="organization_label"
  3. Obtain a subscription

    # subscription-manager attach --pool=subscription_pool_ID

    Ensure the subscription pool is the same as that used for the compute node. The virtual machine will obtain a subscription from the Satellite Server. For details of this process, see Section 1.4, “Virtual Machine Subscription Process”.

5.6. Configuring virt-who to Connect to VMware vCenter

Repeat this procedure for each VMware vCenter host to which this instance of virt-who is to be connected.

  1. Encrypt the password of the account to be used to connect to VMware vCenter.

    Use the virt-who-password command to encrypt the password. For an example, see Section 5.2, “Creating a User for virt-who”.

  2. Copy the template configuration file to a new file.

    To make it easy to identify the configuration file for each hypervisor, use the VMware vCenter host’s name as the new file’s name. In this example, the host name is vcenterhost1.

    # cp /etc/virt-who.d/template.conf /etc/virt-who.d/vcenterhost1.conf
  3. Edit the configuration file you just created, changing the example values with those specific to your configuration.

    [vcenterhost1]          1
    type=esx                2
    hypervisor_id=hostname  3
    owner=organization_label            4
    env=Library             5
    server=vcenterhost1.example.com  6
    username=corporate\svc-virt-who 7
    encrypted_password=bd257f93d@482B76e6390cc54aec1a4d  8
    1
    This must be unique for each virt-who instance. Use the VMware vCenter’s host name to make it easy to identify the configuration file for each hypervisor.
    2
    The type=esx parameter specifies that this virt-who connection is to a VMware vCenter.
    3
    Specifies that hypervisors will be identified in the Satellite web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.
    4
    Organization’s label. To list available organizations, enter the following command: hammer organization list. Identify which organization you want the virtual hosts to be assigned to, and use the matching entry in the LABEL column.
    5
    This specifies the environment in which the host will be placed and must be Library.
    6
    VMware vCenter server’s fully qualified host name or IP address.
    7
    Account name by which virt-who is to connect to the hypervisor, in the format domain_name\account_name. Note that only a single backslash separates the values for domain_name and account_name. If you are using a domain account, and the global configuration file /etc/sysconfig/virt-who, then two backslashes are required. For further details, see the Red Hat Knowledgebase solution How to use a windows domain account with virt-who.
    8
    Encrypted password for the account specified by username.
  4. Configure virt-who to report to the Satellite Server.

    Add the following configuration lines, replacing example values with those specific to your environment.

    rhsm_hostname=satellite.example.com  1
    rhsm_username=virt_who-admin         2
    rhsm_encrypted_password=bd257f93d@482B76e6390cc54aec1a4d  3
    rhsm_prefix=/rhsm                    4
    1
    Satellite Server’s fully-qualified host name, for example: satellite.example.com
    2
    Satellite user, used by the virt-who daemon to connect to the Satellite Server. This was created in Section 5.2, “Creating a User for virt-who”.
    3
    Encrypted password for the user specified by rhsm_username. This was created in Section 5.2, “Creating a User for virt-who”.
    4
    This must be /rhsm.

5.7. Configuring virt-who to Connect to Microsoft Hyper-V

Note

The virt-who utility does not currently support Microsoft System Center 2012 R2 Virtual Machine Manager (SCVMM). There must be a virt-who configuration file for each Microsoft Hyper-V host to which virt-who is to connect.

Repeat this procedure for each Microsoft Hyper-V host to which this instance of virt-who is to be connected.

  1. Enable Windows Remote Management and either the HTTP or HTTPS listener must be running.

    On the Microsoft Hyper-V server:

    # winrm quickconfig
  2. Enable remote administration on the Microsoft Hyper-V server.

    On the Microsoft Hyper-V server:

    # netsh advfirewall firewall set rule group=Remote Administration new enable=yes
  3. If you are using HTTP, enable the unencrypted connection.

    On the Microsoft Hyper-V server:

    # winrm set winrm/config/service @{AllowUnencrypted="true"}
  4. Verify that the authentication method configured on the Microsoft Hyper-V server is either Basic or NTLM.

    On the Microsoft Hyper-V server:

    # winrm get winrm/config/service/auth
  5. Obtain organization information.

    On the Satellite Server:

    # hammer organization list

    This will show output similar to the following:

    --|-----------|-----------|------------
    ID| NAME      | LABEL     | DESCRIPTION
    --|-----------|-----------|------------
    1 | RedHat    | RedHat    |
    --|-----------|-----------|------------
    • ID: Organization identifier.
    • NAME: Satellite organization’s name.
    • LABEL: Satellite organization’s label.
    • DESCRIPTION: Satellite organization’s description (optional).

      Identify to which organization you want the virtual hosts assigned, and note the matching entry in the LABEL column. This will later be used in the virt-who configuration.

  6. Encrypt the password of the account to be used to connect to the Microsoft Hyper-V server.

    Use the virt-who-password command to encrypt the password. For an example, see Section 5.2, “Creating a User for virt-who”.

  7. Copy the template configuration file to a new file.

    On the virt-who host:

    # cp /etc/virt-who.d/template.conf /etc/virt-who.d/hypervhost1.conf

    To make it easy to identify the configuration file for each hypervisor, use the Microsoft Hyper-V server’s host name as the new file’s name. In this example, the host name is hypervhost1.

  8. Edit the configuration file you just created, changing the example values with those specific to your configuration.

    [hypervhost1]                   1
    type=hyperv                     2
    hypervisor_id=hostname          3
    owner=organization_label                 4
    env=Library                     5
    server=hypervhost1.example.com  6
    username=admin          7
    encrypted_password=bd257f93d@482B76e6390cc54aec1a4d  8
    1
    This must be unique for each virt-who instance. Use the Microsoft Hyper-V host’s name to make it easy to identify the configuration file for each hypervisor.
    2
    The type=hyperv specifies that this virt-who connection is to a Microsoft Hyper-V host.
    3
    Specifies that hypervisors will be identified in the Satellite web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.
    4
    Organization’s label.
    5
    This specifies the environment in which the host will be placed and must be Library.
    6
    Microsoft Hyper-V fully qualified host name or IP address.
    7
    Account name by which virt-who is to connect to the hypervisor. By default this is Administrator. To use an alternate account, create a user account and assign that account to the following groups (Windows 2012 Server): Hyper-V Administrators and Remote Management Users.
    8
    Encrypted password for the account specified by username.
  9. Configure virt-who to report to the Satellite Server.

    Add the following configuration lines, replacing example values with those specific to your environment.

    rhsm_hostname=satellite.example.com  1
    rhsm_username=virt_who-admin         2
    rhsm_encrypted_password=bd257f93d@482B76e6390cc54aec1a4d  3
    rhsm_prefix=/rhsm                    4
    1
    Satellite Server’s fully-qualified host name, for example: satellite.example.com
    2
    Satellite user, used by the virt-who daemon to connect to the Satellite Server. This was created in Section 5.2, “Creating a User for virt-who”.
    3
    Encrypted password for the user specified by rhsm_username. This was created in Section 5.2, “Creating a User for virt-who”.
    4
    This must be /rhsm.

5.8. Configuring and Starting virt-who Service

  1. Configure the virt-who service for Satellite.

    Edit the global /etc/sysconfig/virt-who configuration file and set the following parameter as shown. This specifies that virt-who is to be communicating with a Satellite host.

    VIRTWHO_SATELLITE6=1
    Warning

    By default virt-who initiates a scan hourly. The interval is defined by the VIRTWHO_INTERVAL global configuration parameter and measured in seconds. It should ONLY be changed on advice from Red Hat Support.

  2. Allow for an HTTP proxy between virt-who and guest virtual machines.

    If there is an HTTP proxy between the server on which virt-who is running and the hypervisors or virtualization managers, edit the global /etc/sysconfig/virt-who configuration file and set the following parameter as shown.

    http_proxy=http://proxy-ip-or-hostname:port-number
  3. Verify the virt-who configuration.

    Run the command virt-who --one-shot which reads all configuration files, retrieves the list of virtual machines from all sources, then exits immediately. This tests the configuration files, credentials, and connectivity to configured virtualization platforms.

    # virt-who --one-shot

    The output is a list of hypervisors and the hosted guest virtual machines, in JSON format. The following is an extract from virt-who output from a VMware vSphere instance. The output from all hypervisors follows the same structure.

    {
        "guestId": "422f24ed-71f1-8ddf-de53-86da7900df12",
        "state": 5,
        "attributes": {
            "active": 0,
            "virtWhoType": "esx",
            "hypervisorType": "vmware"
        }
    },
  4. Start and enable the virt-who service.

    On Red Hat Enterprise Linux 7:

    # systemctl start virt-who.service
    # systemctl enable virt-who.service

    On Red Hat Enterprise Linux 6:

    # service virt-who start
    # chkconfig virt-who on
  5. Verify that the virt-who service started successfully.

    On Red Hat Enterprise Linux 7:

    # systemctl status virt-who.service

    The output from this command should be similar to the following. The virt-who.service; enabled output confirms it is enabled and Active: active (running) confirms it is started.

    ● virt-who.service - Daemon for reporting virtual guest IDs to subscription-manager
       Loaded: loaded (/usr/lib/systemd/system/virt-who.service; enabled; vendor preset: disabled)
       Active: active (running) since Fri 2016-03-11 14:59:05 AEST; 47s ago

    On Red Hat Enterprise Linux 6:

    # service virt-who status

    The output from this command should be similar to the following.

    virt-who (pid  7474) is running...
  6. Verify that the hypervisors appear in the Satellite web UI.

    In the Satellite web UI, select HostsAll hosts and confirm that the host (hypervisor) system profiles display.

    Note

    From Red Hat Satellite 6.2, the naming convention for hypervisors changed to the following:

    virt-who-host_name-organization_ID

    The prefix virt-who- was added to make it easier to identify hypervisors. The suffix organization_ID was added to ensure that hypervisors' names were unique, since a hypervisor can be registered with multiple organizations.

  7. Assign a subscription to the hypervisor.

    To make Virtual Datacenter subscriptions available for virtual machines, the host system requires a subscription. To know on which host the virtual machine is running:

    1. Open the virtual machine profile from the Hosts page. In the Details tab, the virtual machine displays as Virtual Host hostname.
    2. Click the hostname link that opens the host system profile.
    3. In the Subscriptions tab, assign the subscription to the host system. If you have multiple hypervisors running Red Hat Enterprise Linux guests, attach a subscription to all the hypervisors.

5.8.1. Restarting the virt-who Service

If one or more of the virt-who configuration files is changed, or the environment in the Satellite configuration changes, the virt-who service must be restarted so the changes can take effect. For example, virt-who must be restarted after changing the virt-who account’s password or moving a hypervisor to a new organization.

On Red Hat Enterprise Linux 7:

# systemctl restart virt-who.service

On Red Hat Enterprise Linux 6:

# service virt-who restart

Chapter 6. Troubleshooting

6.1. Debug Logging

By default, virt-who logs all its activity to the file /var/log/rhsm/rhsm.log. When troubleshooting, check the log file as this might reveal useful information. To enable more detailed logging, change the debugging line in the global configuration file /etc/sysconfig/virt-who to VIRTWHO_DEBUG=1. If virt-who is running as a service, you must restart it for the configuration change to take effect. When you have resolved the underlying issue, disable diagnostic logging by changing the debugging line back to VIRTWHO_DEBUG=0 and restarting the virt-who service.

6.2. Duplicate Configuration Lines

Since there can be multiple configuration files, both global and hypervisor-specific, duplicate configuration lines might result in virt-who behaving differently to what you intend.

To detect duplicate lines in the virt-who configuration files, use the following command. The output of this command is a list of all lines in the specified files, prefixed by the number of times it occurs. Check all instances where the same line is listed as occurring twice or more, remove the duplicate line and restart the virt-who service. For instructions see Section 5.8.1, “Restarting the virt-who Service”.

# cat /etc/sysconfig/virt-who /etc/virt-who.d/* | sort | uniq -c

6.3. Credentials

Incorrect credentials can be a source of virt-who failure. If possible, test the credentials configured for use by virt-who by logging in to the virtualization manager or hypervisor. For example, if you can log in to the VMware vSphere management console and the expected hosts are visible, then credentials are correct.

6.4. Testing Configuration Options

When troubleshooting, a common method of determining the root cause of a problem is to make a change and test the result, repeating as needed. The virt-who agent provides an option to help with this technique.

Run the command virt-who --one-shot which reads all configuration files, retrieves the list of virtual machines from all sources, then exits immediately. This tests the configuration files, credentials and connectivity to configured virtualization platforms.

# virt-who --one-shot

The output you can expect is a list of hypervisors and the hosted guest virtual machines, in JSON format. The following is an extract from virt-who output from a VMware vSphere instance. The output from all hypervisors follows the same structure.

{
    "guestId": "422f24ed-71f1-8ddf-de53-86da7900df12",
    "state": 5,
    "attributes": {
        "active": 0,
        "virtWhoType": "esx",
        "hypervisorType": "vmware"
    }
},

6.5. Example Scenarios

6.5.1. Virt-who fails to connect with the virtualization platform

Check the Red Hat Subscription Manager log file - /var/log/rhsm/rhsm.log - if virt-who fails to connect with the virtualization platform. If you find the message No route to host, one possible reason is that the hypervisor is listening on a port other than what you expect. For example, Red Hat Virtualization Manager defaults to port 8443 for backward compatibility, but virt-who defaults to using port 443. In this case, you would edit the hypervisor’s configuration file in /etc/virt-who.d/ and append :443 to the value for the server line, resulting in the line: server=https://rhevmhost1.example.com:443.

6.5.2. Hypervisors are listed in the Satellite web UI by their UUID, not their host name

By default, hypervisors are identified in the Satellite web UI by their UUID. It is possible to change this so that they are identified by host name, but this configuration change must be made before Satellite is started, otherwise the hypervisors will be duplicated. If you need to change this, raise a Support Ticket with Red Hat Support.

6.5.3. Virt-who attempts to connect to virtualization manager or hypervisor via an HTTP proxy on the local network fails

There are three workarounds:

  • Configure the proxy to allow local traffic to pass through. (Recommended)
  • If allowing local traffic to pass through is not possible, install a Squid proxy server on the Satellite Server. For further details, see the Red Hat Knowledgebase solution How to bypass proxy for certain repository URLs on Satellite 6.
  • You can also consider to configure virt-who to use no proxy by adding NO_PROXY=* to /etc/sysconfig/virt-who. Note that the values in /etc/sysconfig/virt-who are environment variables, and are sourced during daemon runs. If running virt-who in one-shot mode, export the values in /etc/sysconfig/virt-who first. Note that the required package versions are: python-rhsm >= 1.17.9-1 and virt-who >= 0.17-11.

    # set -a
    # source /etc/sysconfig/virt-who
    # virt-who -o

6.5.4. Configure virt-who to use an internal proxy

To configure virt-who to use an internal proxy instead of the external proxy Satellite Server uses to connect to the external networks(for example, the CDN), add rhsm_proxy_hostname and rhsm_proxy_port to the virt-who configuration file in /etc/virt-who.d/. Note that the virt-who version must be >= 0.14. For example:

# vi /etc/virt-who.d/fabric-1.conf

rhsm_proxy_hostname = internal-proxy.example.com
rhsm_proxy_port = 3128

Optionally specify rhsm_proxy_user and rhsm_proxy_password in the same configuration file if required.

6.6. Renewing Host Subscriptions

This section covers three methods to reattach subscriptions for multiple hosts. The following use cases apply:

  • When host subscriptions have expired and you need to attach new valid subscriptions.
  • When host subscriptions are still valid but you need to attach additional subscriptions.

If host subscriptions have expired, but you have configured auto-attach and virt-who previously, subscription manager will attempt to reattach a valid subscription that covers the host and its virtual machines based on a set of criteria. No action is required.

6.6.1. Using Web UI

The web UI method allows you to attach multiple subscriptions to multiple hosts at the same time.

  1. Click HostsContent Hosts. If prompted, select the desired organization.
  2. Select the desired hosts. You can use the filter function to narrow down the list of hosts you want to attach subscriptions to. Use the check box at the top to select all hosts listed.
  3. Click Select ActionManage Subscriptions.
  4. Select the desired subscriptions, and click Add Selected.

When all selected subscriptions have been attached, the task result displays success. To confirm, go to HostsContent Hosts and select the desired host. Click SubscriptionsSubscriptions, and verify that the newly attached subscriptions are listed.

6.6.2. Using Hammer CLI

The Hammer CLI method allows you to update the subscriptions iteratively per host, or script and automate the action for multiple hosts.

  1. List available subscriptions in the organization.

    # hammer --output json subscription list --organization example
    
    [
    {
      "ID": 192,
      "UUID": "2c918093561eaa39015630f5cd841d56",
      "Name": "Red Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes)",
       ...
    }]
  2. Search for hosts that do not have a valid subscription.

    # hammer host list --search "subscription_status = invalid"
    
    ---|---------------------------|------------------|---------------
    ID | NAME                      | OPERATING SYSTEM | HOST GROUP
    ---|---------------------------|------------------|---------------
    45 | cloudforms.example.com    | RedHat 7.2       | Infrastructure
    84 | devnode-146.example.com   | RedHat 7.2       | Wordpress
    82 | virt-testing.example.com  | RedHat 7.1       | Development
    ---|---------------------------|------------------|---------------
  3. Attach a subscription to the desired host.

    # hammer host subscription attach --host devnode-146.example.com --quantity 2 --subscription-id 192
    
    Subscription attached to the host successfully
  4. Confirm the subscription has been successfully attached.

    # hammer host list --search "subscription_status = invalid"
    
    ---|---------------------------|------------------|---------------
    ID | NAME                      | OPERATING SYSTEM | HOST GROUP
    ---|---------------------------|------------------|---------------
    45 | cloudforms.example.com    | RedHat 7.2       | Infrastructure
    82 | virt-testing.example.com  | RedHat 7.1       | Development
    ---|---------------------------|------------------|---------------

6.6.3. Using CSV Export and Import

The CSV method also uses the Hammer CLI tool and allows you to back up the mapping information of subscriptions, hosts, and activation keys and import it back to Satellite to ensure that each hosts gets the right subscriptions attached. To use this method for subscription renewal, you need to export the CSV file before the subscriptions expire.

  1. Export the CSV file. It is recommended to add this to a cron job so that the subscription status of all the hosts are always backed up.

    # hammer csv content-hosts --export --file content-hosts-export.csv --itemized-subscriptions --organization example
  2. Edit the CSV file to include new subscription details, for example the new contract numbers.
  3. Import the CSV file back to the host when your hosts' subscriptions expire, and you need to re-attach subscriptions.

    # hammer csv content-hosts --file content-hosts-export.csv --itemized-subscriptions --organization example

Legal Notice

Copyright © 2018 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.