Virtual Instances Guide

Red Hat Subscription Management 1

For Use with Red Hat Subscription Management

Red Hat Subscription Management Documentation Team

rhsm-docs@redhat.com

Legal Notice

Abstract

This guide provides information to help users manage virtual instances with Red Hat Subscription Management.

Chapter 1. Introduction

By default, Red Hat Enterprise Linux instances are registered to and obtain their content from the Customer Portal.

Red Hat Enterprise Linux instances under management with Red Hat Subscription Management are instead registered to a Subscription Management server, and obtain their product subscriptions from it.

Modern IT infrastructure is a mix of physical and virtual hardware, with virtualization providing a level of flexibility and scalability not easily achieved with physical hardware. Red Hat’s subscription model applies to both physical and virtual servers.

A Red Hat subscription provides:

Access to support services
Content delivery and hosted repositories
Access to knowledgebases, forums, videos, and other resources

The Red Hat subscription model requires that for physical servers, subscriptions must cover the physical attributes of the machine, such as the number of sockets or cores. Subscriptions are always applied in sets of two to cover pairs of sockets or cores, and those subscription pairs must be attached to cover all sockets and cores. Subscriptions for virtual servers may also be purchased and applies according to their virtual CPU attributes, but there is another subscription type that may be more suitable. A host-based subscription is applied to a hypervisor and entitles the hypervisor to provide subscriptions to its virtual machines. With a host-based subscription, each guest requires one subscription, regardless of its virtual CPU configuration.

1.1. Supported Virtualization Platforms

Supported virtualization platforms to which a Virtual Data Center Subscription (VDC) can be applied are:

Red Hat Enterprise Virtualization Manager (RHEV-M)
Red Hat Enterprise Linux hypervisors
VMware vSphere
Microsoft Hyper-V
Note
The virt-who daemon does not currently support Microsoft System Center 2012 R2 Virtual Machine Manager (SCVMM). There must be a virt-who configuration file for each Microsoft Hyper-V host to which virt-who is to connect.

A VDC subscription applies only to a hypervisor’s guest virtual machines, not the hypervisor itself. For all virtualization platforms which require a Red Hat Enterprise Linux hypervisor, the hypervisor requires its own subscription.

1.2. Choosing a Subscription

Red Hat recommends a subscription that allows virtual machines to inherit subscriptions, since this allows for flexibility when provisioning virtual machines. However the choice is yours, and should be made according to your requirements. If you are unsure which subscription best meets your needs, contact your Red Hat account manager for advice. For more details of the Red Hat subscription model, see the Red Hat Subscription Management Subscription Concepts and Workflows guide.

The following are example Red Hat subscriptions which provide inheritable subscriptions:

Red Hat Enterprise Linux for Virtual Datacenters
Red Hat Enterprise Linux with Smart Virtualization and Management

This guide uses a Red Hat Enterprise Linux for Virtual Datacenters (VDC) subscription in all examples. The workflow for all inheritable subscriptions is identical.

1.2.1. Confirming if virt-who is Required

To confirm if the virt-who daemon is required, either use the Red Hat Certificate Tool, or contact Red Hat Support. The command line Red Hat Certificate Tool (rct) reads a subscription manifest file and displays details of the manifest in plain text. The Red Hat Certificate Tool is available in subscription-manager-1.17.10 (or later) package, in either Red Hat Enterprise Linux 7.3 or Fedora 24.

Examining a subscription manifest with the Red Hat Certificate Tool

Download the subscription manifest from the Customer Portal.

Run the command line Red Hat Certificate Tool.

# rct cat-manifest --no-content manifest_file.zip

The following extract is from an OpenShift Enterprise, Premium (1-2 Sockets) subscription.

Subscription:
    Name: OpenShift Enterprise, Premium (1-2 Sockets)
    Quantity: 50
    Created: 2016-09-16T01:47:59.000+0000
    Start Date: 2016-07-04T04:00:00.000+0000
    End Date: 2017-07-04T03:59:59.000+0000
    .
    .
    .
    Virt Limit: unlimited
    Requires Virt-who: True

The virt-who daemon is required if the rct output includes Virt Limit: unlimited, Requires Virt-who: True, or both. In this example, both are included, confirming that the virt-who daemon is required.

1.3. Applying Virtual Guest Subscriptions

A Virtual Datacenter subscription is one type of host-based subscription offered by Red Hat. Host-based subscriptions are applied to a host and inherited by its guests. Host-based subscriptions consist of two parts, a pool attached to the virtualization manager or hypervisor, and a pool from which virtual guests inherit their subscription. It is important to note that the virtualization manager or hypervisor’s subscription does not provide entitlement to product content.

To successfully provision virtual machines, and ensure they inherit their subscriptions, you must do the following:

Ensure the host-based subscription is attached to the hypervisor. For details of provisioning hosts and virtual hosts, see the Red Hat Satellite 6 Provisioning Guide.
Install and configure the virt-who daemon. This document will guide you through the necessary steps.

1.4. Virtual Machine Subscription Process

The process of registering a virtual machine is as follows:

A virtual machine is provisioned.
The virtual machine requests a subscription from Subscription Manager.
As the subscription manager doesn’t yet know to which host the virtual machine belongs, a temporary subscription is granted, valid for a maximum 24 hours.
The virt-who daemon connects to the virtualization manager or hypervisor and requests details of the guest virtual machines. By default, this request is made every hour, but the interval is configurable. Red Hat recommends this value remain at the default unless requested by Red Hat Support.
The virtualization manager or hypervisor returns to virt-who the list of guest virtual machines, including each UUID.
The virt-who daemon reports to Subscription Manager the list of guest virtual machines.
Subscription Manager then reconciles the subscriptions required by the virtual machines with those available. If the required subscriptions are available, they are assigned to the virtual machine and its subscription is complete.

1.5. Subscription Status

A registered host, virtual or physical, has a subscription status, based on its installed products and attached subscriptions.

Subscription Status Meanings

Red
- The host has products installed that valid subscriptions do not cover. Hosts in a Red status cannot access content for products not covered by subscriptions. Manual intervention is required to resolve a subscription with this status.
Yellow
- Either the host has insufficient subscriptions or an incorrect quantity of subscriptions are attached (for example, a 2-socket subscription is attached to a 4-socket host), or Subscription Management does not know which virtualization manager or hypervisor hosts the virtual machine and has assigned a temporary subscription. Insufficient subscriptions must be resolved manually. Temporary subscriptions will be automatically resolved by Subscription Management, providing there are enough subscriptions available.
Green
- The host is correctly subscribed.

Note

Hypervisors always appear in the Subscription Management web UI as correctly subscribed, regardless of their actual status.

1.5.1. Temporary Subscriptions

When a virtual machine is first registered, Subscription Management does not know with which virtualization manager or host the virtual machine is associated and so cannot assign a subscription. In this case a temporary subscription is granted, valid for a maximum period of 24 hours. When the virt-who daemon next runs and identifies the virtual machine’s host, a permanent subscription is applied, providing the host has available subscriptions of the right type. If a permanent subscription is granted, the virtual machine’s subscription status is changed to Subscribed. A host that has been granted a temporary subscription may, after the 24-hour period, automatically select a subscription intended for a physical host and so restrict the number of subscriptions available. When the 24-hour period expires the host’s status is changed to Not subscribed if it has been unable to request a suitable subscription.

When a virtual machine is granted a temporary subscription, you have several options available:

Install virt-who and wait
If virt-who has not already been installed and configured, do so, then wait for virt-who to identify the virtualization manager or hypervisor hosting the virtual machine, in which case the subscription will be automatically selected from those available.
Manually assign a subscription
If you do not want to wait for up to 24 hours to pass, or you want to assign a specific subscription, install and configure virt-who, then manually assign the desired subscription.
Do nothing
As mentioned earlier, a virtual machine assigned a temporary subscription may be assigned subscriptions intended for physical hosts. For example, a virtual machine with 2 CPUs may be granted two subscriptions instead of a single VDC subscription. This situation should be avoided as it results in more subscriptions being consumed than would otherwise be consumed.

Chapter 2. Installation and Configuration Overview

For a virtual Red Hat Enterprise Linux server to request and be granted a VDC subscription, the virt-who daemon must be configured to connect to each virtualization manager or hypervisor and report hosted virtual machines to Red Hat Subscription Management. To establish these connections, complete the following tasks in order:

Decide on a configuration that suits your environment.
Review the virt-who daemon’s prerequisites and ensure that all have been met.
Install an instance of Red Hat Enterprise Linux for the purpose of running virt-who.
Install the virt-who daemon.
Establish connections between the virt-who daemon and your hypervisors.

Chapter 3. Configuration Options

The simplest configuration requiring virt-who consists of one hypervisor or virtualization manager, one organization and one hypervisor technology, with the virt-who instance reporting directly to the Subscription Management Server. Since most organizations are more complex than this, the installation and configuration of virt-who can be adapted to accommodate the following variables:

Multiple hypervisors
Multiple hypervisor technologies
HTTP proxy

3.1. Multiple Hypervisors

A single virt-who instance can connect to multiple hypervisors and report the virtual machines hosted by each. Individual configuration files are recommended for each hypervisor or virtualization manager as it makes troubleshooting easier. For example, if you suspect a hypervisor is causing a problem, you can move that hypervisor’s configuration file to another directory, stopping virt-who from querying it and so eliminating it from the problem’s scope.

If you have multiple hypervisors, virt-who queries each in parallel. This reduces the chance of virt-who’s queries being stopped or delayed because of an unresponsive hypervisor.

3.2. Multiple Hypervisor Technologies

A single virt-who instance can connect to virtualization platforms of multiple supported technologies. Individual configuration files are recommended for each platform.

3.3. HTTP Proxy

There are several scenarios in which the presence of an HTTP proxy requires additional configuration. If your configuration matches one or more of these scenarios, you must apply the necessary configuration changes for each.

If there is an HTTP proxy between virt-who and the hypervisors, virt-who must be configured to take that into account.
If the Subscription Management Server connects to the Customer Portal via an HTTP proxy, virt-who will also attempt to use the proxy and very likely fail. For further details and a recommended resolution, see Troubleshooting.
If the Subscription Management Server is on the same local network as the hypervisors, the HTTP proxy must be configured to allow local network traffic to bypass it. For further details see Troubleshooting.

Chapter 4. Prerequisites

Before proceeding to install virt-who, ensure the following prerequisites are met.

4.1. Authentication Requirements

Create an account on each virtualization manager, such as VMware vCenter and Red Hat Virtualization Manager, or individual hypervisors so the virt-who agent can retrieve the list of guest virtual machines. Each connection is separate, so you can use different accounts for each connection if required. Each account, generally known as a service account, should be dedicated to this purpose, have read-only access, and have a non-expiring password.

4.2. Software Requirements

The virt-who agent must be installed on a instance of Red Hat Enterprise Linux dedicated to the purpose. The underlying server may be either physical or virtual.

4.3. Subscriptions

Subscriptions are specific to organizations. Although you can configure the virt-who daemon to support multiple organizations, you cannot share subscriptions across organizations.

Note

You must have one virtual data center subscription for each organization and for each hypervisor.

4.4. Preparing the virt-who Host

Before installing the virt-who daemon, a Red Hat Enterprise Linux instance must be installed and configured as follows.

Install Red Hat Enterprise Linux, version 7 (recommended) or 6.
Only a CLI environment is required. For help with this step, see the Red Hat Enterprise Linux 7 Installation Guide or Red Hat Enterprise Linux 6 Installation Guide.

# subscription-manager register --username=admin --password=secret --org=organization_label --auto-attach

Open a network port for HTTPS:
To enable virt-who to communicate with the subscription service, TCP port 443 must be opened.
On Red Hat Enterprise Linux 7:
```
# firewall-cmd --add-port="443/tcp"
# firewall-cmd --add-port="443/tcp" --permanent
```
On Red Hat Enterprise Linux 6:
```
# iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
# service iptables save
```

4.5. Installing virt-who

Install the virt-who package.
```
# yum install virt-who
```

Chapter 5. Configuration and Services

5.1. Virt-who Configuration Files

The virt-who service requires a minimum of two configuration files:

a global configuration file, /etc/sysconfig/virt-who, contains settings which apply to all virt-who connections from that host.
an individual configuration file for each hypervisor or virtualization manager to which Subscription Management is to be connected. These must be stored in the directory /etc/virt-who.d/.

Note

The individual configuration files, stored in the directory /etc/virt-who.d/, must have the .conf suffix when the version of virt-who is virt-who-0.19 or higher.
If you add or remove virtualization managers or hypervisors you must update the virt-who daemon’s configuration.

The following is an extract from the example individual configuration file provided with virt-who. The configuration options for each connection are contained in a stanza. The title of each configuration stanza must be unique. It is recommended, but not required, that the individual configuration files are given the same name as the hypervisor.

#[config name]
#type=               ; insert one of libvirt/esx/hyperv/rhevm/vdsm/fake
#server=             ; insert hostname or ip address of the server to connect to
#username=           ; username for server authentication
#password=           ; password for server authentication
#encrypted_password= ; password encrypted using virt-who-password utility
#owner=              ; owner for use with SAM, Customer Portal, or Satellite 6
#env=                ; environment for use with SAM, Customer Portal, or Satellite 6
#hypervisor_id=      ; how will be the hypervisor identified, one of: uuid, hostname, hwuuid

Note

It is possible, and supported, to combine the global configuration and the hypervisor connections' configuration files into a single file: /etc/sysconfig/virt-who. However, this method will be deprecated in the future. Separating the global and individual configuration files allows for easier troubleshooting.

5.1.1. Limiting the Scope of virt-who Access

If you run a hybrid environment, with virtual machines running Red Hat Enterprise Linux and other operating systems, you may want to limit the scope of virt-who’s access to hosts. For example, if some hypervisors host only Microsoft Windows Server instances, there is no benefit in having those hypervisors reported by the virt-who agent.

To limit virt-who’s access to hosts (hypervisors), use one or both of the following methods. Both methods achieve the same objective, but the include or exclude method should be considered the default since it is a native feature of virt-who.

List hosts to be included or excluded.
Limit access to only a subset of hosts.

5.1.1.1. List Hosts to be Included or Excluded

To either include or exclude hosts being reported by the virt-who daemon, list them in the virt-who configuration file, separated by commas. If a host’s name contains special characters, enclose it in quotation marks. To include hosts, use the filter_hosts parameter. To exclude hosts, use the exclude_hosts parameter. Only one of these methods can be used in each virt-who configuration file.

The method of identifying hosts to be included or excluded must match the method you specified to have them identified in the Satellite web UI. If you specified hypervisor_id=hostname, then you must list the hosts' names. If you specified hypervisor_id=uuid, or hypervisor_id=hwuuid, then you must list the hosts' UUID or HWUUID respectively.

Note

The filtering parameters filter_host_uuids and exclude_host_uuids have been deprecated.

Example of excluding hosts from virt-who

[vcenterhost1]
type=esx
server=vsphere.example.com
username=test
password=test
owner=Default_Organization
env=Library
hypervisor_id=hostname
exclude_hosts=host1.redhat.com,host2.redhat.com

5.1.1.2. Limit Access to Specific Hosts

Grant the account used by virt-who read-only access to only those hosts you want to include. With restricted access to hosts, the virt-who daemon will only find and retrieve those hosts accessible to it.

5.1.2. Configuration Sources

In this guide, all examples use configuration files, but virt-who can accept configuration from several sources. They are listed below in order of precedence. For detailed information about virt-who configuration options, see the virt-who-config and virt-who man pages.

Specifying configuration options at the command line can be useful if you are testing a configuration before implementing it in configuration files. Note that any such options will not persist after the virt-who service is restarted, or the Red Hat Enterprise Linux host is rebooted.

command line
environment variables
/etc/sysconfig/virt-who file
/etc/virt-who.d/*.conf files
/etc/virt-who.conf file

5.2. Creating a User for virt-who

Create a Subscription Management user with Administrator access.
This account is used to allow virt-who to connect to Subscription Management. Red Hat recommends the account be used for only this purpose. If you have previously created a Subscription Management user for this purpose, skip this step.
Encrypt the user’s password
Encrypting the virt-who account password provides greater security compared with storing the password in plain text. The root account must encrypt the password because the encryption key is written into a file that is only readable by the root account. For that reason, only the root account can decrypt the password.
1. Execute the virt-who-password utility.
```
# virt-who-password
```
  Enter the password of the account to connect to the hypervisor. The encrypted form of the password is output to the screen.
```
# virt-who-password
Password: <virt who account's password>
Use following as value for encrypted_password key in the configuration file:
837a5d6a34203e805c998ce02bf84c03
```
2. Make a note of the encrypted password.

This is used later in the virt-who daemon’s configuration.

5.3. Configuring virt-who to Connect to Red Hat Enterprise Virtualization Hypervisor

Repeat this procedure for each Red Hat Enterprise Virtualization Hypervisor (RHEV-H) host to which this instance of virt-who is to be connected.

Encrypt the password of the account to be used to connect to the Red Hat Enterprise Virtualization Manager instance.
Use the virt-who-password command to encrypt the password. For an example, see Section 5.2, “Creating a User for virt-who”.
Copy the template configuration file to a new file.
On the virt-who host:
```
# cp /etc/virt-who.d/template.conf /etc/virt-who.d/rhevmhost1.conf
```
To make it easy to identify the configuration file for each hypervisor, use the RHEV-H host’s name as the new file’s name. In this example, the host name is rhevmhost1.
Edit the configuration file you just created, changing the example values with those specific to your configuration.
```
[rhevmhost1]              1
type=rhevm                2
hypervisor_id=hostname    3
owner=org_label           4
env=Library               5
server=https://rhevmhost1.example.com:443  6
username=admin@internal   7
encrypted_password=bd257f93d@482B76e6390cc54aec1a4d  8
```
1
This must be unique for each virt-who instance. Use the Red Hat Virtualization Manager host’s name to make it easy to identify the configuration file for each hypervisor.
2
The type=rhevm specifies that this virt-who connection is to a Red Hat Virtualization Manager.
3
Specifies that hypervisors will be identified in the Subscription Management web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.
4
Organization’s label.
5
This specifies the environment in which the host will be placed and must be Library.
6
Red Hat Enterprise Virtualization Manager’s fully qualified host name or IP address. The default port number is 8443, but port 443 is used by Red Hat Enterprise Virtualization Manager after version 3.0.
7
Account name by which virt-who is to connect to the Red Hat Enterprise Virtualization Manager instance. The username option requires input in the format username@domain.
8
Encrypted password for the account specified by username.

5.4. Configuring virt-who to Connect to a Red Hat Enterprise Linux Hypervisor

Complete this procedure on each Red Hat Enterprise Linux hypervisor.

Configure virt-who to connect to the Red Hat Enterprise Linux hypervisor

Configure the Red Hat Enterprise Linux hypervisor to register to the Subscription Asset Manager instance.
```
# yum install http://rhsm.example.com/pub/candlepin-cert-consumer.noarch.rpm
```
Register the Red Hat Enterprise Linux hypervisor to the Subscription Asset Manager.
```
# subscription-manager register --org="organizational_label"
```
Attach the VDC subscription to the Red Hat Enterprise Linux hypervisor.
```
# subscription-manager attach --pool=subscription_pool_ID
```
To find the required subscription pool ID, list all available subscriptions.
```
# subscription-manager list --available
```
Copy the template configuration file to a new file.
To make it easy to identify the configuration file for each hypervisor, use the hypervisor host’s name as the new file’s name. In this example, the host name is rhelhost1.
```
cp /etc/virt-who.d/template.conf /etc/virt-who.d/rhelhost1.conf
```
Edit the configuration file you just created, changing the example values with those specific to your configuration.
```
[rhelhost1.example.com]         1
type=vdsm                       2
hypervisor_id=hostname          3
```
1
Red Hat Enterprise Linux Hypervisor’s FQDN.
2
The type=vdsm parameter specifies that this virt-who connection is to a Red Hat Enterprise Linux hypervisor.
3
Specifies that hypervisors will be identified in the Subscription Management web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.

This completes the configuration required for a Red Hat Enterprise Linux hypervisor instance.

Registering Guest Virtual Machines

When registering guest virtual machines hosted on this Red Hat Enterprise Linux hypervisor, it is important that they use the subscription attached to the hypervisor.

Configure the virtual machine to register with the Subscription Asset Manager.

# yum install http://_rhsm.example.com_/pub/candlepin-cert-consumer.noarch.rpm

# subscription-manager register --org="organization_label"

Obtain a subscription
```
# subscription-manager attach --pool=subscription_pool_ID
```
Ensure the subscription pool is the same as that used for the hypervisor. The virtual machine will obtain a subscription from the Subscription Asset Manager. For details of this process, see Section 1.4, “Virtual Machine Subscription Process”.

5.5. Configuring virt-who to Connect to VMware vCenter

Repeat this procedure for each VMware vCenter host to which this instance of virt-who is to be connected.

Encrypt the password of the account to be used to connect to the Red Hat Enterprise Virtualization Manager instance.
Use the virt-who-password command to encrypt the password. For an example, see Section 5.2, “Creating a User for virt-who”.
Copy the template configuration file to a new file.
To make it easy to identify the configuration file for each hypervisor, use the VMware vCenter host’s name as the new file’s name. In this example, the host name is vcenterhost1.
```
# cp /etc/virt-who.d/template.conf /etc/virt-who.d/vcenterhost1.conf
```
Edit the configuration file you just created, changing the example values with those specific to your configuration.
```
[vcenterhost1]          1
type=esx                2
hypervisor_id=hostname  3
owner=org_label            4
env=Library             5
server=vcenterhost1.example.com  6
username=corporate\svc-virt-who 7
encrypted_password=bd257f93d@482B76e6390cc54aec1a4d  8
```
1
This must be unique for each virt-who instance. Use the VMware vCenter’s host name to make it easy to identify the configuration file for each hypervisor.
2
The type=esx parameter specifies that this virt-who connection is to a VMware vCenter.
3
Specifies that hypervisors will be identified in the Subscription Management web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.
4
Organization’s label.
5
This specifies the environment in which the host will be placed and must be Library.
6
VMware vCenter server’s fully qualified host name or IP address.
7
Account name by which virt-who is to connect to the hypervisor, in the format domain_name\account_name. Note that only a single backslash separates the values for domain_name and account_name. If you are using a domain account, and the global configuration file /etc/sysconfig/virt-who, then two backslashes are required. For further details, see Red Hat Knowledgebase solution How to use a windows domain account with virt-who for more information.
8
Encrypted password for the account specified by username.

5.6. Configuring virt-who to Connect to Microsoft Hyper-V

Note

The virt-who utility does not currently support Microsoft System Center 2012 R2 Virtual Machine Manager (SCVMM). There must be a virt-who configuration file for each Microsoft Hyper-V host to which virt-who is to connect.

Repeat this procedure for each Microsoft Hyper-V host to which this instance of virt-who is to be connected.

Enable Windows Remote Management and either the HTTP or HTTPS listener must be running.
On the Microsoft Hyper-V server:
```
# winrm quickconfig
```
Enable remote administration on the Microsoft Hyper-V server.
On the Microsoft Hyper-V server:
```
# netsh advfirewall firewall set rule group="Remote Administration" new enable=yes
```
If you are using HTTP, enable the unencrypted connection.
On the Microsoft Hyper-V server:
```
# winrm set winrm/config/service @{AllowUnencrypted="true"}
```
Verify that the authentication method configured on the Microsoft Hyper-V server is either Basic or NTLM.
On the Microsoft Hyper-V server:
```
# winrm get winrm/config/service/auth
```
Encrypt the password of the account to be used to connect to the Microsoft Hyper-V server.
Use the virt-who-password command to encrypt the password. For an example, see Section 5.2, “Creating a User for virt-who”.
Copy the template configuration file to a new file.
On the virt-who host:
```
# cp /etc/virt-who.d/template.conf /etc/virt-who.d/hypervhost1.conf
```
To make it easy to identify the configuration file for each hypervisor, use the Microsoft Hyper-V server’s host name as the new file’s name. In this example, the host name is hypervhost1.
Edit the configuration file you just created, changing the example values with those specific to your configuration.
```
[hypervhost1]                   1
type=hyperv                     2
hypervisor_id=hostname          3
owner=org_label                 4
env=Library                     5
server=hypervhost1.example.com  6
username=administrator          7
encrypted_password=bd257f93d@482B76e6390cc54aec1a4d  8
```
1
This must be unique for each virt-who instance. Use the Microsoft Hyper-V host’s name to make it easy to identify the configuration file for each hypervisor.
2
The type=hyperv specifies that this virt-who connection is to a Microsoft Hyper-V host.
3
Specifies that hypervisors will be identified in the Subscription Management web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.
4
Organization’s label.
5
This specifies the environment in which the host will be placed and must be Library.
6
Microsoft Hyper-V fully qualified host name or IP address.
7
Account name by which virt-who is to connect to the hypervisor. By default this is Administrator. To use an alternate account, create a user account and assign that account to the following groups (Windows 2012 Server): Hyper-V Administrators and Remote Management Users.
8
Encrypted password for the account specified by username.

5.7. Configure and Start virt-who service

Configure virt-who service for Subscription Management.
Edit the global /etc/sysconfig/virt-who configuration file and set the following parameter as shown. This specifies that virt-who is to be communicating with a Subscription Management host.
```
VIRTWHO_SAM=1
```
Warning
By default virt-who initiates a scan hourly. The interval is defined by the VIRTWHO_INTERVAL global configuration parameter and measured in seconds. It should ONLY be changed on advice from Red Hat Support.
Allow for HTTP proxy between virt-who and guest virtual machines.
If there is an HTTP proxy between the server on which virt-who is running and the hypervisors or virtualization managers, edit the global /etc/sysconfig/virt-who configuration file and set the following parameter as shown.
```
http_proxy=http://proxy-ip-or-hostname:port-number
```
Verify the virt-who configuration.
Run the command virt-who --one-shot which reads all configuration files, retrieves the list of virtual machines from all sources, then exits immediately. This tests the configuration files, credentials and connectivity to configured virtualization platforms.
```
# virt-who --one-shot
```
The output you can expect is a list of hypervisors and the hosted guest virtual machines, in JSON format. The following is an extract from virt-who output from a VMware vSphere instance. The output from all hypervisors follows the same structure.
```
{
    "guestId": "422f24ed-71f1-8ddf-de53-86da7900df12",
    "state": 5,
    "attributes": {
        "active": 0,
        "virtWhoType": "esx",
        "hypervisorType": "vmware"
    }
},
```

Start and enable the virt-who service.

On Red Hat Enterprise Linux 7:

# systemctl start virt-who.service
# systemctl enable virt-who.service

On Red Hat Enterprise Linux 6:

# service virt-who start
# chkconfig virt-who on

Verify that the virt-who service started successfully.
On Red Hat Enterprise Linux 7:
```
# systemctl status virt-who.service
```
The output from this command should be similar to the following. The virt-who.service; enabled output confirms it is enabled and Active: active (running) confirms it is started.
```
● virt-who.service - Daemon for reporting virtual guest IDs to subscription-manager
   Loaded: loaded (/usr/lib/systemd/system/virt-who.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2016-03-11 14:59:05 AEST; 47s ago
```
On Red Hat Enterprise Linux 6:
```
# service virt-who status
```
The output from this command should be similar to the following.
```
virt-who (pid  7474) is running...
```

5.7.1. Restarting the virt-who Service

If one or more of the virt-who configuration files is changed, or the environment in the Subscription Management configuration changes, the virt-who service must be restarted so the changes can take effect. For example, virt-who must be restarted after changing the virt-who account’s password or moving a hypervisor to a new organization.

On Red Hat Enterprise Linux 7:

# systemctl restart virt-who.service

On Red Hat Enterprise Linux 6:

# service virt-who restart

Chapter 6. Troubleshooting

6.1. Debug Logging

By default, virt-who logs all its activity to the file /var/log/rhsm/rhsm.log. When troubleshooting, check the log file as this may reveal useful information. To enable more detailed logging, change the debugging line in the global configuration file /etc/sysconfig/virt-who to VIRTWHO_DEBUG=1. If virt-who is running as a service, you must restart it for the configuration change to take effect. When you have resolved the underlying issue, disable diagnostic logging by changing the debugging line back to VIRTWHO_DEBUG=0 and restarting the virt-who service.

6.2. Duplicate Configuration Lines

Since there can be multiple configuration files, both global and hypervisor-specific, duplicate configuration lines may result in virt-who behaving differently to what you intend.

To detect duplicate lines in the virt-who configuration files, use the following command. The output of this command is a list of all lines in the specified files, prefixed by the number of times it occurs. Check all instances where the same line is listed as occurring twice or more, remove the duplicate line and restart the virt-who service. For instructions see Section 5.7.1, “Restarting the virt-who Service”.

cat /etc/sysconfig/virt-who /etc/virt-who.d/* | sort | uniq -c

6.3. Credentials

Incorrect credentials can be a source of virt-who failure. If possible, test the credentials configured for use by virt-who by logging in to the virtualization hypervisor. For example, if you can log in to the VMware vSphere management console and the expected hosts are visible, then credentials are correct.

6.4. Testing Configuration Options

When troubleshooting, a common method of determining the root cause of a problem is to make a change and test the result, repeating as needed. The virt-who agent provides an option to help with this technique.

Run the command virt-who --one-shot which reads all configuration files, retrieves the list of virtual machines from all sources, then exits immediately. This tests the configuration files, credentials and connectivity to configured virtualization platforms.

# virt-who --one-shot

The output you can expect is a list of hypervisors and the hosted guest virtual machines, in JSON format. The following is an extract from virt-who output from a VMware vSphere instance. The output from all hypervisors follows the same structure.

{
    "guestId": "422f24ed-71f1-8ddf-de53-86da7900df12",
    "state": 5,
    "attributes": {
        "active": 0,
        "virtWhoType": "esx",
        "hypervisorType": "vmware"
    }
},

6.5. Example Scenarios

6.5.1. Virt-who fails to connect with the virtualization platform

Check the Red Hat Subscription Manager log file - /var/log/rhsm/rhsm.log - if virt-who fails to connect with the virtualization platform. If you find the message No route to host, one possible reason is that the hypervisor is listening on a port other than what you expect. For example, Red Hat Virtualization Manager defaults to port 8443 for backward compatibility, but virt-who defaults to using port 443. In this case, you would edit the hypervisor’s configuration file in /etc/virt-who.d/ and append :443 to the value for the server line, resulting in the line: server=https://rhevmhost1.example.com:443.

Legal Notice

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.

Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.