Red Hat Training

A Red Hat training course is available for Red Hat Satellite

Virtual Instances Guide

Red Hat Satellite 6.3

For Use with Red Hat Satellite 6.3

Red Hat Satellite Documentation Team

Abstract

This guide provides information on how to apply Virtual Data Center subscriptions, configure the virt-who service, and register virtual instances with Red Hat Satellite 6.3.

Chapter 1. Introduction

By default, Red Hat Enterprise Linux instances are registered to and obtain their content from the Customer Portal.

Red Hat Enterprise Linux instances under management with Red Hat Satellite Server 6 are instead registered to Satellite Server, and obtain their content and Product subscriptions from it.

Modern IT infrastructure is a mix of physical and virtual hardware, with virtualization providing a level of flexibility and scalability not easily achieved with physical hardware. Red Hat’s subscription model applies to both physical and virtual servers.

A Red Hat subscription provides:

  • Access to support services
  • Content delivery and hosted repositories
  • Access to knowledgebases, forums, videos, and other resources

The Red Hat subscription model requires that for physical servers, subscriptions must cover the physical attributes of the machine, such as the number of sockets or cores. Subscriptions are always applied in sets of two to cover pairs of sockets or cores, and those subscription pairs must be attached to cover all sockets and cores. Subscriptions for virtual servers can also be purchased and applied according to their virtual CPU attributes, but there is another subscription type that might be more suitable - a Virtual Data Center (VDC) subscription, which is a host-based subscription. A host-based subscription is applied to a hypervisor and entitles the hypervisor to provide subscriptions to its virtual machines. With a host-based subscription, each guest requires one subscription, regardless of its virtual CPU configuration.

1.1. Supported Virtualization Platforms

Supported virtualization platforms to which a Virtual Data Center (VDC) subscription can be applied are:

  • Red Hat Virtualization (RHV)
  • Red Hat OpenStack Platform (RHOSP)
  • Red Hat Enterprise Linux hypervisors
  • VMware vSphere
  • Microsoft Hyper-V

    Note

    The virt-who daemon does not currently support Microsoft System Center 2012 R2 Virtual Machine Manager (SCVMM). There must be a virt-who configuration file for each Microsoft Hyper-V host to which virt-who is to connect.

A VDC subscription applies only to a hypervisor’s guest virtual machines, not the hypervisor itself. For all virtualization platforms which require a Red Hat Enterprise Linux hypervisor, the hypervisor requires its own subscription.

1.2. Choosing a Subscription

Red Hat recommends a subscription that allows virtual machines to inherit subscriptions, since this allows for flexibility when provisioning virtual machines. However the choice is yours, and should be made according to your requirements. If you are unsure which subscription best meets your needs, contact your Red Hat account manager for advice. For more details of the Red Hat subscription model, see Subscription Concepts and Workflows.

The following are example Red Hat subscriptions which provide inheritable subscriptions:

  • Red Hat Enterprise Linux for Virtual Datacenters
  • Red Hat Enterprise Linux with Smart Virtualization and Management

This guide uses a Red Hat Enterprise Linux for Virtual Datacenters (VDC) subscription in all examples. The workflow for all inheritable subscriptions is identical.

Confirming if virt-who is Required

To confirm if the virt-who daemon is required, either use the Red Hat Certificate Tool, or contact Red Hat Support. The command line Red Hat Certificate Tool (rct) reads a Subscription Manifest file and displays details of the manifest in plain text. The Red Hat Certificate Tool is available in subscription-manager-1.17.10 (or later) package, in either Red Hat Enterprise Linux 7.3 or Fedora 24.

Examining a Subscription Manifest with the Red Hat Certificate Tool

  1. Download the Subscription Manifest from the Customer Portal.
  2. Run the command line Red Hat Certificate Tool.

    # rct cat-manifest --no-content manifest_file.zip

    The following extract is from an OpenShift Container Platform, Premium (1-2 Sockets) subscription.

    Subscription:
        Name: OpenShift Container Platform, Premium (1-2 Sockets)
        Quantity: 50
        Created: 2017-09-16T01:47:59.000+0000
        Start Date: 2017-07-04T04:00:00.000+0000
        End Date: 2018-07-04T03:59:59.000+0000
        .
        .
        .
        Virt Limit: unlimited
        Requires Virt-who: True

The virt-who daemon is required if the rct output includes Virt Limit: unlimited, Requires Virt-who: True, or both. In this example, both are included, confirming that the virt-who daemon is required.

1.3. Applying Virtual Guest Subscriptions

A Virtual Data Center (VDC) subscription is one type of host-based subscription offered by Red Hat. Host-based subscriptions are applied to a host and inherited by its guests. Host-based subscriptions consist of two parts, a pool attached to the virtualization manager or hypervisor, and a pool from which virtual guests inherit their subscription. It is important to note that the virtualization manager or hypervisor’s subscription does not provide entitlement to product content.

To successfully provision virtual machines, and ensure they inherit host subscriptions, you must do the following:

  1. Upload a manifest that includes the VDC subscriptions to Satellite Server.

    For more information, see Importing a Subscription Manifest into the Satellite Server in the Content Management Guide.

  2. Install, configure, and start the virt-who service.

    For more information, see Chapter 3, Configuring virt-who.

  3. Attach VDC subscriptions to the hypervisor hosting the virtual guests. For more information, see Section 4.1, “Allocating VDC Subscriptions to Hypervisors”.
  4. Register virtual machines with an activation key that has auto-attach enabled and no subscriptions attached. This way, the virtual machines will inherit the VDC subscription from the hypervisor. For more information, see Section 4.4, “Registering Guest Virtual Machines”.

1.4. Subscription Status

A registered host, virtual or physical, has a subscription status based on its installed Products and attached subscriptions.

To verify the status of a virtual machine’s subscription in the Satellite web UI:

  1. Open the Satellite web UI and navigate to Hosts > Content Hosts.
  2. Click on the host’s name.
  3. Check the content of the Subscription Status column. Each host’s subscription status is indicated by colour: green, yellow or red, and its status in text.

Subscription Status Meanings

Red
The host has Products installed that valid subscriptions do not cover. Hosts in a Red status cannot access content for Products not covered by subscriptions. Manual intervention is required to resolve a subscription with this status.
Yellow
Either the host has insufficient subscriptions or an incorrect quantity of subscriptions is attached (for example, a 2-socket subscription is attached to a 4-socket host), or Satellite does not know which virtualization manager or hypervisor hosts the virtual machine and has assigned a temporary subscription. Insufficient subscriptions must be resolved manually. Temporary subscriptions will be automatically resolved by Satellite, providing there are enough subscriptions available.
Green
The host is correctly subscribed.
Note

Hypervisors always appear in the Satellite web UI as correctly subscribed, regardless of their actual status.

1.4.1. Temporary Subscriptions

When a virtual machine is first registered, Satellite does not know with which virtualization manager or hypervisor the virtual machine is associated and so cannot assign a subscription. In this case a temporary subscription is granted, valid for a maximum period of 7 days. When the virt-who daemon next runs and identifies the virtual machine’s host, a permanent subscription is applied, provided the host has available subscriptions of the right type. If a permanent subscription is granted, the virtual machine’s subscription status is changed to Subscribed. A virtual machine that has been granted a temporary subscription might, when the temporary subscription expires, automatically select a subscription intended for a physical host and so restrict the number of subscriptions available. When the temporary subscription period expires, the host’s status is changed to Not subscribed if it has been unable to request a suitable subscription.

When a virtual machine is granted a temporary subscription, you have several options available:

  • Install virt-who and wait

    If virt-who has not already been installed and configured, do so, then wait for virt-who to identify the virtualization manager or hypervisor hosting the virtual machine, in which case the subscription will be automatically selected from those available.

  • Manually assign a subscription

    If you do not want to wait for the expiry of the temporary subscription, or you want to assign a specific subscription, install and configure virt-who, then manually assign the desired subscription.

  • Do nothing

    This situation should be avoided as it results in more subscriptions being consumed than would otherwise be consumed. A virtual machine assigned a temporary subscription might be assigned subscriptions intended for physical hosts. For example, a virtual machine with 2 CPUs might be granted two subscriptions instead of a single VDC subscription.

1.4.2. Virtual Machine Migration

When a virtual machine is migrated either automatically or manually to another hypervisor that is registered to Red Hat Satellite, one of the following virtual machine subscription behaviors can occur:

  • If the virtual machine has been reported via virt-who, and the hypervisor has a valid VDC subscription, the virtual machine will consume the virtual guest pool that already exists for the hypervisor. Ideally, all hypervisors that could be hosting the virtual machine should have a valid VDC subscription.
  • If the virtual machine has been reported via virt-who, and there are sufficient subscriptions in Red Hat Satellite, but the hypervisor does not yet have a valid VDC subscription attached, a VDC subscription will get automatically attached to the hypervisor and be inherited by the virtual machine.
  • If there are sufficient subscriptions in Red Hat Satellite, but the virtual machine has not been reported via virt-who, the virtual machine will consume a physical subscription.
  • If the hypervisor does not have a valid VDC subscription attached, and there are insufficient subscriptions in Red Hat Satellite, the virtual machine will not have a valid subscription and lose access to content.

Chapter 2. Virt-who Installation and Configuration Overview

For a virtual Red Hat Enterprise Linux server to request and be granted a VDC subscription, the virt-who daemon must be configured to connect to each virtualization manager or hypervisor and report hosted virtual machines to Red Hat Satellite Server 6. To establish these connections, complete the following tasks in order:

  1. Decide on a configuration that suits your environment.
  2. Review the virt-who daemon’s prerequisites and ensure that all have been met.
  3. If the virt-who daemon is not to be installed on either the Satellite Server or an external Capsule Server, install an instance of Red Hat Enterprise Linux for the purpose.
  4. Install the virt-who daemon.
  5. Create a virt-who configuration
  6. Deploy the virt-who configuration
  7. Establish connections between the virt-who daemon and your hypervisors.

2.1. Configuration Options

The simplest configuration requiring virt-who consists of one hypervisor or virtualization manager, one organization, and one hypervisor technology, with the virt-who instance reporting directly to the Satellite Server. Since most organizations are more complex than this, the configuration of virt-who can be adapted to accommodate the following variables:

  • Multiple organizations in Satellite
  • Multiple hypervisors
  • Multiple hypervisor technologies
  • HTTP proxy

2.1.1. Multiple Organizations

A single virt-who instance can report to the Satellite Server virtual machines which are associated with multiple organizations. Red Hat recommends one organization per virt-who configuration file.

2.1.2. Multiple Hypervisors

A single virt-who instance can connect to multiple hypervisors and report the virtual machines hosted by each. Red Hat recommends one hypervisor or virtualization manager per virt-who configuration file.

If you have multiple hypervisors, virt-who queries each in parallel. This reduces the chance of virt-who’s queries being stopped or delayed because of an unresponsive hypervisor.

2.1.3. Multiple Hypervisor Technologies

A single virt-who instance can connect to multiple hypervisors from different vendors. Red Hat recommends one hypervisor technology per virt-who configuration file.

2.1.3.1. Red Hat Hypervisors

Red Hat Virtualization (version 4.0 and later) and Red Hat Enterprise Virtualization (version 3.6 and earlier) are enterprise-grade server and desktop virtualization platforms built on Red Hat Enterprise Linux. Both products are supported by virt-who. The type and quantity of Red Hat hypervisors you have determines the installation process for virt-who. For more information, see Section 2.2, “Prerequisites”.

2.1.3.1.1. Red Hat Enterprise Virtualization (version 3.6 and earlier)

Red Hat Enterprise Virtualization (version 3.6 and earlier) includes two types of hypervisors:

Red Hat Enterprise Virtualization hypervisor (RHEV-H)
This is a minimal operating system based on Red Hat Enterprise Linux. Filesystem access and root access are limited. Updates via yum are not possible.
Red Hat Enterprise Linux host (RHEL-H)
This is a Red Hat Enterprise Linux host which is subscribed to specific software channels, and has the hypervisor packages installed.
2.1.3.1.2. Red Hat Virtualization (version 4.0 and later)

Red Hat Virtualization (version 4.0 and later) includes two types of hypervisors:

Red Hat Virtualization host (RHVH)
This is a minimal operating system based on Red Hat Enterprise Linux. Unlike RHEV-H, a Red Hat Virtualization host can be updated via yum. It has subscription-manager and virt-who installed by default. This type of hypervisor should be registered to Satellite Server.
Red Hat Enterprise Linux host (RHEL-H)
This is a Red Hat Enterprise Linux host which is subscribed to specific software channels, and has the hypervisor packages installed. This type of hypervisor is equivalent to the RHEL-H hypervisor of Red Hat Enterprise Virtualization (version 3.6 and earlier).

2.1.4. Installation Locations

Where you install virt-who, and whether one or multiple instances are required, is determined by your hypervisors and virtualization managers. For Microsoft Hyper-V and VMware vSphere, install virt-who on either the Satellite or a dedicated instance of Red Hat Enterprise Linux. For Red Hat hypervisors the decision requires more analysis.

2.1.4.1. RHEV-H

If you have RHEV-H hypervisors, install virt-who on either the Satellite or a dedicated instance of Red Hat Enterprise Linux.

2.1.4.2. RHV-H

If you have RHV-H hypervisors, install virt-who on each RHV-H hypervisor and register the hypervisor to Satellite Server.

2.1.4.3. Only RHEL-H

If you have RHEL-H hypervisors, install virt-who on each RHEL-H hypervisor and register the hypervisor to Satellite Server.

2.1.4.4. Mixed Red Hat Hypervisors

If you have multiple Red Hat hypervisor types, some additional configuration is required to prevent duplicate hosts being reported.

Total the number of RHVH, RHEL-H, and RHEV-H hypervisors in your environment.

  • If the number of RHVH and RHEL-H hypervisors is greater than the number of RHEV-H hypervisors, exclude all RHEV-H hypervisors from being reported by virt-who.
  • If the number of RHEV-H hypervisors is greater than the number of RHVH and RHEL-H hypervisors, exclude all RHVH and RHEL-H hypervisors.

For details on how to exclude specific hypervisors, see Section 2.1.5, “Filtering Scope of virt-who Access”.

2.1.5. Filtering Scope of virt-who Access

In a hybrid environment, with virtual machines running Red Hat Enterprise Linux and other operating systems, you can exclude some hosts from virt-who. For example, if some hypervisors host only Microsoft Windows Server instances, there is no benefit in having those hosts reported by the virt-who agent.

To reduce the number of hosts reported by virt-who, use one or both of the following methods. Each method achieves the same objective, but the filter method should be considered the default since it is a native feature of virt-who.

  • Filter hosts to be included or excluded.
  • Limit access to a subset of hosts.

2.1.5.1. Filter Hosts

For each virt-who instance, you can filter the hosts to be reported by virt-who to the Satellite Server. The hosts listed are either excluded or included. Only one filtering method per virt-who instance is valid.

Provide a comma-separated list of hosts to be blacklisted or whitelisted when configuring virt-who. Wildcards and regular expressions are supported. If a host’s name contains special characters, enclose it in quotation marks.

Hosts discovered by virt-who are identified in Satellite by either their host name, which is recommended and the default, or unique ID. Hosts must be filtered according to the method used to identify them. For example, if they are identified by their host name, they must be excluded or included by their host name.

2.1.5.2. Limit Access to Specific Hosts

Grant the account used by virt-who read-only access to only those hosts you want to include. With restricted access to hosts, the virt-who daemon will only find and retrieve those hosts accessible to it.

2.1.6. HTTP Proxy

If you use HTTP proxy servers in your environment, additional configuration is required to use virt-who with HTTP proxy:

2.2. Prerequisites

Before proceeding to install virt-who, ensure the following prerequisites are met.

2.2.1. Authentication Requirements

Each virt-who instance requires read-only access to each virtualization manager or individual hypervisors, and write access to the Satellite Server.

Hypervisor

Create an account with read-only access to each virtualization manager, such as VMware vCenter, or individual hypervisors. With this access, virt-who retrieves the list of guest virtual machines and reports this to Satellite Server. For VMware vCenter, also VMware ESXi, the virt-who user requires at least read-only access to all objects within the virtualization manager. If you have multiple clusters, hypervisors, and virtual machines within your VMware virtualization manager, the virt-who user requires at least read-only access to all objects representing those resources.

Each connection is separate, so you can use different accounts for each virt-who instance if required. Each account, generally known as a service account, must be dedicated to this purpose, have read-only access, and have a non-expiring password.

Warning

An account with read-only access to Red Hat Virtualization Manager is not sufficient. To be able to acquire the Red Hat Virtualization Hypervisor host information via virt-who, it is necessary to create a new role in the Red Hat Enterprise Virtualization environment with the Admin account type and Login Permissions enabled only and assign this role to the account.

Red Hat Satellite

Every virt-who configuration, created using either the Satellite web UI or hammer, creates a unique service user for virt-who authentication. The user is named virt_who_reporter$id and has a randomly generated password. The virt-who user is assigned the Virt-who Reporter role, which provides minimal permissions, allowing the user to only perform virt-who reporting. No manual configuration of these accounts is possible, and they cannot be used to login to the Satellite Server.

2.2.2. Software Requirements

Red Hat recommends installing virt-who on the Satellite Server, because it simplifies the network configuration and provides maximum availability. However, for Red Hat Enterprise Linux hypervisors, the virt-who daemon must be installed on the hypervisor. Alternatively, virt-who can be installed on an external Capsule Server, or a dedicated instance of Red Hat Enterprise Linux 7 (recommended) or Red Hat Enterprise Linux 6.

Complete the following procedure if you are installing virt-who on a dedicated instance of Red Hat Enterprise Linux.

Preparing virt-who Host

  1. Install Red Hat Enterprise Linux, version 7 (recommended) or 6.

    Only a CLI environment is required. For help with this step, see the Red Hat Enterprise Linux 7 Installation Guide or the Red Hat Enterprise Linux 6 Installation Guide.

  2. Install the Satellite Server’s CA certificate:

    # rpm -ivh http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm
  3. Register the Red Hat Enterprise Linux server to the Satellite Server:

    # subscription-manager register \
    --username=username \
    --password=password \
    --org=organization_label \
    --auto-attach
  4. Open a network port for communication between virt-who and the subscription service:

    On Red Hat Enterprise Linux 7:

    # firewall-cmd --add-port="443/tcp"
    # firewall-cmd --add-port="443/tcp" --permanent

    On Red Hat Enterprise Linux 6:

    # iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
    # service iptables save
  5. Open a corresponding network port for communication between virt-who and each virtualization manager or hypervisor:

    • VMware vCenter: TCP port 443
    • Microsoft Hyper-V: TCP port 5985
    • Red Hat Enterprise Virtualization Manager 3.0 and earlier: TCP port 8443
    • Red Hat Enterprise Virtualization Manager 3.1 and later: TCP port 443
    • Red Hat OpenStack Platform compute node: depending on a transport type, default is TCP port 22 for SSH communication

      The virt-who connection to local Red Hat OpenStack Platform compute node and local Red Hat Enterprise Linux hypervisor uses local connections and does not need open ports.

2.2.3. Subscriptions

You must have one host-based subscription for each hypervisor in each organization. Subscriptions cannot be shared between organizations.

For more details, see Section 1.2, “Choosing a Subscription”.

Chapter 3. Configuring virt-who

You can use the Satellite web UI or the Hammer CLI tool to configure a virt-who instance. Both methods provide input validation.

For more details on configuring a virt-who instance, see one of the following:

3.1. Creating virt-who Configuration using the Web UI

Complete this procedure to create a virt-who configuration, using the Satellite web UI.

Create virt-who Configuration using the web UI

To create a virt-who configuration using the Satellite web UI:

  1. Navigate to InfrastructureVirt-who configurations
  2. Click Create Config.
  3. Complete the General Information, Schedule, and Connection fields and click Submit. Fields marked with an asterisk are mandatory.

    Note
    • Click on the information icon beside the name of each field to view a brief description.
    • Enter the hypervisor password in plain text and it will be encrypted.

3.2. Creating virt-who Configuration using Hammer

Complete this procedure to create a virt-who configuration using the Hammer CLI tool.

For more details about using the Hammer CLI tool, see the Hammer CLI Guide.

Create a virt-who configuration using Hammer

Run the hammer subcommand virt-who-config create.

# hammer virt-who-config create \
  --name rhevm.example.com \ 1
  --organization "Example Company" \ 2
  --interval 120 \ 3
  --filtering-mode none \ 4
  --hypervisor-id hostname \ 5
  --hypervisor-type rhevm \ 6
  --hypervisor-server rhevm.example.com \ 7
  --hypervisor-username virt-who-user \ 8
  --hypervisor-password virt-who-password \ 9
  --satellite-url satellite.example.com 10
1
Name for this configuration. Recommended: Fully qualified domain name of the hypervisor.
2
Organization name.
3
Interval at which virt-who queries hypervisors for changes, measured in seconds.
4
Hypervisor filtering mode. Possible values: none, whitelist, blacklist. Default: none. For details, see Section 2.1.5, “Filtering Scope of virt-who Access”.
5
Specifies how the hypervisor will be identified. Possible values: hostname, uuid, hwuuid. Recommended: hostname.
6
Hypervisor type. Possible value(s): VMware vSphere or VMware vCenter: esx, Red Hat Virtualization Hypervisor: rhevm, Microsoft Hyper-V: hyperv, Red Hat OpenStack Platform: libvirt.
7
Fully qualified host name or IP address of the hypervisor.
8
User name by which virt-who is to connect to the hypervisor.
9
Password of the user name specified by hypervisor-username. The password will be encrypted by hammer.
10
Fully qualified domain name of the Satellite Server.
Note

The interval parameter is a global parameter for each instance of virt-who, stored in file /etc/sysconfig/virt-who. The value is overwritten each time a virt-who configuration is deployed.

If the creation is successful, a message like the following is output.

Virt Who configuration [rhevm.example.com] created

3.3. Deploying virt-who Configuration

Complete this procedure to deploy a virt-who configuration. The virt-who service is started when a virt-who configuration is deployed.

Deploy virt-who Configuration

To deploy a virt-who configuration:

  1. Log in to the Satellite web UI.
  2. Navigate to InfrastructureVirt-who configurations.
  3. Click the name of the virt-who configuration.
  4. If virt-who instance is being installed on the Satellite Server:

    1. Click Copy to clipboard in Hammer command:.
    2. Open a terminal emulator and connect via SSH to the virt-who host as user root.

      # ssh root@virtwho_host.example.com
    3. Paste the Hammer command into the terminal emulator.
  5. If virt-who is not being installed on the Satellite Server:

    1. Click Download the script in Configuration script:.
    2. Open a terminal emulator.
    3. Navigate to the directory to which the deploy script was downloaded.
    4. Copy the deploy script to the virt-who host.

      # scp deploy_script root@_virt_who_host:
    5. Make the the deploy script executable and run it.

      # chmod +x deploy_script
      # deploy_script
      ...
      == Finished ==
      Finished successfully
    6. Delete the script.

      # rm deploy_script

3.4. Modifying a virt-who Configuration

It is sometimes necessary to modify a deployed virt-who configuration. For example, when the password of the user with which virt-who connects to a hypervisor is changed, the virt-who configuration must be updated and deployed again.

An existing virt-who configuration can be modified using either the Satellite web UI or with hammer.

Modify a virt-who Configuration

  1. Navigate to InfrastructureVirt-who configurations
  2. Find the virt-who configuration you want to modify, and click Edit on the matching row.
  3. Edit the fields to be modified.
  4. Click Submit
  5. Deploy the modified virt-who configuration. For more information see Section 3.3, “Deploying virt-who Configuration”.

3.4.1. Restarting the virt-who Service

If one or more of the virt-who configuration files is changed, or the environment in the Satellite configuration changes, the virt-who service must be restarted so the changes can take effect. For example, virt-who must be restarted after changing the virt-who account’s password or moving a hypervisor to a new organization.

On Red Hat Enterprise Linux 7:

# systemctl restart virt-who.service

On Red Hat Enterprise Linux 6:

# service virt-who restart

Chapter 4. Registering Virtual Guests

4.1. Allocating VDC Subscriptions to Hypervisors

Prerequisites

  • You must have a subscription manifest uploaded to the Satellite Server.

    For more information, see Importing a Subscription Manifest into the Satellite Server in the Content Management Guide.

  • You must have the virt-who service installed and configured.

    For more information, see Chapter 3, Configuring virt-who.

    Allocate the available VDC subscriptions to the hypervisor that hosts the virtual guests.

    1. In the Satellite web UI, navigate to Hosts > Content Hosts.
    2. In the Content Host list, find the hypervisor and click on its name.
    3. On the content host’s details page, navigate to Subscriptions > Subscriptions.
    4. Select the Virtual Datacenter subscription, then click Add Selected.

Repeat these steps for each hypervisor.

4.2. Confirming a VDC Subscription

To confirm that the VDC subscription and its associated subscription pool are available, open the Satellite web UI and navigate to Content > Subscriptions. For example, if you have a single virtualization manager or hypervisor registered with a VDC subscription, its subscription pool is listed as follows:

Red Hat Enterprise Linux for Virtual Datacenters, Standard

1 out of 1				Physical

The subscriptions pool is listed under the VDC subscription as follows:

Red Hat Enterprise Linux for Virtual Datacenters, Standard (DERIVED SKU)

1 out of unlimited		Guests of vmhost1.example.com

In this example, one virtual machine has been subscribed and inherited its subscription from the hypervisor vmhost1.example.com. To confirm which virtual machines are subscribed, click on the subscriptions count (in this example, 1 out of unlimited), and from the Activation Key drop-down list select Content Hosts.

4.3. Virtual Machine Subscription Process

Virtual Machine Subscription Process

The process of registering a virtual machine is as follows:

  1. A virtual machine is provisioned using Satellite.
  2. The virtual machine requests a subscription from the Satellite Server.
  3. As the subscription manager doesn’t yet know to which host the virtual machine belongs, a temporary subscription is granted, valid for a maximum 7 days.
  4. The virt-who daemon connects to the virtualization manager or hypervisor and requests details of the guest virtual machines. By default, this request is made every hour, but the interval is configurable. Red Hat recommends this value remain at the default unless requested by Red Hat Support.
  5. The virtualization manager or hypervisor returns to virt-who the list of guest virtual machines, including each UUID.
  6. The virt-who daemon reports to the Satellite Server the list of guest virtual machines.
  7. The Satellite Server then reconciles the subscriptions required by the virtual machines with those available. If the required subscriptions are available, they are assigned to the virtual machine and its subscription is complete.

4.4. Registering Guest Virtual Machines

Use the following procedure to register guest virtual machines.

  1. Configure the virtual machine to register with the Satellite Server.

    # yum install http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm
  2. Register the virtual machine.

    # subscription-manager register --org="organization_label"
  3. Obtain a subscription.

    # subscription-manager attach --pool=subscription_pool_ID

    Ensure the subscription pool is the same as that used for the hypervisor. The virtual machine obtains a subscription from the Satellite Server.

You can also use an activation key with Red Hat Satellite. For more information about activation keys, see Managing Activation Keys in the Content Management Guide.

Chapter 5. Troubleshooting

5.1. Verifying virt-who Status

Verifying the status of all virt-who instances is the recommended first step in troubleshooting. All virt-who instances configured and deployed using either the Satellite web UI or hammer are reported in the Satellite web UI. Those virt-who instances which were configured manually are not available in the Satellite web UI.

5.1.1. Verifying virt-who Status in Satellite web UI

  1. Navigate to InfrastructureVirt-who configurations
  2. View the Status value for each virt-who instance.

A status value of OK indicates the virt-who instance is successfully connecting to the Satellite Server and reporting those virtual machines managed by the hypervisor.

5.1.2. Verifying virt-who Status using Hammer

On the Satellite Server, list the status of all virt-who instances.

# hammer virt-who-config list

The hammer output includes the date and time at which each virt-who instance reported to the Satellite Server.

5.2. Debug Logging

By default, virt-who logs all its activity to the file /var/log/rhsm/rhsm.log. When troubleshooting, check the log file as this might reveal useful information. To enable more detailed logging, change the debugging line in the global configuration file /etc/sysconfig/virt-who to VIRTWHO_DEBUG=1. If virt-who is running as a service, you must restart it for the configuration change to take effect. When you have resolved the underlying issue, disable diagnostic logging by changing the debugging line back to VIRTWHO_DEBUG=0 and restarting the virt-who service.

5.3. Duplicate Configuration Lines

Since there can be multiple configuration files, both global and hypervisor-specific, duplicate configuration lines might result in virt-who behaving differently to what you intend.

To detect duplicate lines in the virt-who configuration files, use the following command. The output of this command is a list of all lines in the specified files, prefixed by the number of times it occurs. Check all instances where the same line is listed as occurring twice or more, remove the duplicate line and restart the virt-who service. For instructions see Section 3.4.1, “Restarting the virt-who Service”.

# cat /etc/sysconfig/virt-who /etc/virt-who.d/* | sort | uniq -c

5.4. Comment Character in a Configuration File

The comment character # must be the first character on the line in a configuration file. Any white space at the start of the line results in the line being included in the configuration.

5.5. Credentials

Incorrect credentials can be a source of virt-who failure. If possible, test the credentials configured for use by virt-who by logging in to the virtualization manager or hypervisor. For example, if you can log in to the VMware vSphere management console and the expected hosts are visible, then credentials are correct.

5.6. Testing Configuration Options

When troubleshooting, a common method of determining the root cause of a problem is to make a change and test the result, repeating as needed. The virt-who agent provides an option to help with this technique.

Run the command virt-who --one-shot which reads all configuration files, retrieves the list of virtual machines from all sources, then exits immediately. This tests the configuration files, credentials and connectivity to configured virtualization platforms.

# virt-who --one-shot

The output you can expect is a list of hypervisors and the hosted guest virtual machines, in JSON format. The following is an extract from virt-who output from a VMware vSphere instance. The output from all hypervisors follows the same structure.

{
    "guestId": "422f24ed-71f1-8ddf-de53-86da7900df12",
    "state": 5,
    "attributes": {
        "active": 0,
        "virtWhoType": "esx",
        "hypervisorType": "vmware"
    }
},

5.7. Identifying issues when using multiple virt-who configuration files

If you have multiple virt-who configuration files, move one virt-who configuration file at a time to your /root directory while testing after each file move. If the issue no longer occurs, the cause is associated with the most recently moved file. After you have resolved the issue, return the virt-who configuration files to their original location.

5.8. Example Scenarios

5.8.1. Virt-who fails to connect with the virtualization platform

If virt-who fails to connect to the virtualization platform check the Red Hat Subscription Manager log file /var/log/rhsm/rhsm.log. If you find the message No route to host, one possible reason is that the hypervisor is listening on a port other than what you expect. For example, Red Hat Virtualization Manager defaults to port 8443 for backward compatibility, but virt-who defaults to using port 443. In this case, edit the hypervisor’s configuration file in directory /etc/virt-who.d/ and append :443 to the value for the server line, resulting in the line: server=https://rhevmhost1.example.com:443.

5.8.2. Hypervisors are listed in the Satellite web UI by their UUID, not their host name

By default, hypervisors are identified in the Satellite web UI by their UUID. It is possible to change this so that they are identified by host name, but this configuration change must be made before Satellite is started, otherwise the hypervisors will be duplicated. If you need to change this, raise a Support Ticket with Red Hat Support.

5.8.3. Virt-who attempts to connect to virtualization manager or hypervisor via an HTTP proxy on the local network fails

There are three workarounds:

  • Configure the proxy to allow local traffic to pass through. (Recommended)
  • If allowing local traffic to pass through is not possible, install a Squid proxy server on the Satellite Server. For further details, see the Red Hat Knowledgebase solution How to bypass proxy for certain repository URLs on Satellite 6.
  • You can also configure virt-who to ignore proxy network settings by adding NO_PROXY=* to /etc/sysconfig/virt-who. Note that the values in /etc/sysconfig/virt-who are environment variables, and are sourced during daemon runs. If running virt-who in one-shot mode, export the values in /etc/sysconfig/virt-who first. Note that the required package versions are: python-rhsm >= 1.17.9-1 and virt-who >= 0.17-11.

    # set -a
    # source /etc/sysconfig/virt-who
    # virt-who -o

5.8.4. Configure virt-who to use an internal proxy

To configure virt-who to use an internal proxy, add options rhsm_proxy_hostname and rhsm_proxy_port to the virt-who configuration file in /etc/virt-who.d/. Note that the virt-who version must be >= 0.14. For example:

# vi /etc/virt-who.d/fabric-1.conf

rhsm_proxy_hostname = internal-proxy.example.com
rhsm_proxy_port = 3128

Optionally specify rhsm_proxy_user and rhsm_proxy_password in the same configuration file if required.

5.9. Renewing Host Subscriptions

This section covers three methods to reattach subscriptions for multiple hosts. The following use cases apply:

  • When host subscriptions have expired and you need to attach new valid subscriptions.
  • When host subscriptions are still valid but you need to attach additional subscriptions.

If host subscriptions have expired, but you have configured auto-attach and virt-who previously, subscription manager will attempt to reattach a valid subscription that covers the host and its virtual machines based on a set of criteria. No action is required.

5.9.1. Using Web UI

The web UI method allows you to attach multiple subscriptions to multiple hosts at the same time.

  1. Click HostsContent Hosts. If prompted, select the desired organization.
  2. Select the desired hosts. You can use the filter function to narrow down the list of hosts you want to attach subscriptions to. Use the check box at the top to select all hosts listed.
  3. Click Select ActionManage Subscriptions.
  4. Select the desired subscriptions, and click Add Selected.

When all selected subscriptions have been attached, the task result displays success. To confirm, go to HostsContent Hosts and select the desired host. Click SubscriptionsSubscriptions, and verify that the newly attached subscriptions are listed.

5.9.2. Using Hammer CLI

The Hammer CLI method allows you to update the subscriptions iteratively per host, or script and automate the action for multiple hosts.

  1. List available subscriptions in the organization.

    # hammer --output json subscription list --organization example
    
    [
    {
      "ID": 192,
      "UUID": "2c918093561eaa39015630f5cd841d56",
      "Name": "Red Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes)",
       ...
    }]
  2. Search for hosts that do not have a valid subscription.

    # hammer host list --search "subscription_status = invalid"
    
    ---|---------------------------|------------------|---------------
    ID | NAME                      | OPERATING SYSTEM | HOST GROUP
    ---|---------------------------|------------------|---------------
    45 | cloudforms.example.com    | RedHat 7.2       | Infrastructure
    84 | devnode-146.example.com   | RedHat 7.2       | Wordpress
    82 | virt-testing.example.com  | RedHat 7.1       | Development
    ---|---------------------------|------------------|---------------
  3. Attach a subscription to the desired host.

    # hammer host subscription attach --host devnode-146.example.com --quantity 2 --subscription-id 192
    
    Subscription attached to the host successfully
  4. Confirm the subscription has been successfully attached.

    # hammer host list --search "subscription_status = invalid"
    
    ---|---------------------------|------------------|---------------
    ID | NAME                      | OPERATING SYSTEM | HOST GROUP
    ---|---------------------------|------------------|---------------
    45 | cloudforms.example.com    | RedHat 7.2       | Infrastructure
    82 | virt-testing.example.com  | RedHat 7.1       | Development
    ---|---------------------------|------------------|---------------

5.9.3. Using CSV Export and Import

The CSV method also uses the Hammer CLI tool and allows you to back up the mapping information of subscriptions, hosts, and activation keys and import it back to Satellite to ensure that each hosts gets the right subscriptions attached. To use this method for subscription renewal, you need to export the CSV file before the subscriptions expire.

  1. Export the CSV file. It is recommended to add this to a cron job so that the subscription status of all the hosts are always backed up.

    # hammer csv content-hosts --export --file content-hosts-export.csv --itemized-subscriptions --organization example
  2. Edit the CSV file to include new subscription details, for example the new contract numbers.
  3. Import the CSV file back to the host when your hosts' subscriptions expire, and you need to re-attach subscriptions.

    # hammer csv content-hosts --file content-hosts-export.csv --itemized-subscriptions --organization example

Appendix A. Virt-who Configuration Files

The virt-who service requires a minimum of two configuration files:

  • a global configuration file, /etc/sysconfig/virt-who, contains settings which apply to all virt-who connections from that host.
  • an individual configuration file for each hypervisor or virtualization manager to which Satellite is to be connected. These must be stored in the /etc/virt-who.d/ directory.
Note
  • The individual configuration files, stored in the /etc/virt-who.d/ directory, must have the .conf suffix when the version of virt-who is virt-who-0.19 or higher.
  • If you add or remove virtualization managers or hypervisors you must update the virt-who daemon’s configuration.
  • When a username is added in the virt-who configuration file before the option rhsm_username, the user must have access to log in to Satellite 6. Users of third-party applications such as Active Directory and IDM might not have access that permits them to log in to Satellite 6.

The following is an extract from the example individual configuration file provided with virt-who. The configuration options for each connection are contained in a stanza. The title of each configuration stanza must be unique. It is recommended, but not required, that the individual configuration files are given the same name as the hypervisor.

#[config name]
#type=               ; insert one of libvirt/esx/hyperv/rhevm/vdsm/fake
#server=             ; insert hostname or ip address of the server to connect to
#username=           ; username for server authentication
#password=           ; password for server authentication
#encrypted_password= ; password encrypted using virt-who-password utility
#owner=              ; owner for use with SAM, Customer Portal, or Satellite 6
#env=                ; environment for use with SAM, Customer Portal, or Satellite 6
#hypervisor_id=      ; how will be the hypervisor identified, one of: uuid, hostname, hwuuid
Note

It is possible, and supported, to combine the global configuration and the hypervisor connections' configuration files into a single file: /etc/sysconfig/virt-who. However, this method will be deprecated in the future. Separating the global and individual configuration files allows for easier troubleshooting.

A.1. Configuration Sources

In this guide, all examples use configuration files, but virt-who can accept configuration from several sources. They are listed below in order of precedence. For detailed information about virt-who configuration options, see the virt-who-config and virt-who man pages.

Specifying configuration options at the command line can be useful if you are testing a configuration before implementing it in configuration files. Note that any such options will not persist after the virt-who service is restarted, or the Red Hat Enterprise Linux host is rebooted.

  1. command line
  2. environment variables
  3. /etc/sysconfig/virt-who file
  4. /etc/virt-who.d/*.conf files
  5. /etc/virt-who.conf file

Legal Notice

Copyright © 2018 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.