Chapter 5. Configuration and Services

5.1. Virt-who Configuration Files

The virt-who service requires a minimum of two configuration files:

  • a global configuration file, /etc/sysconfig/virt-who, contains settings which apply to all virt-who connections from that host.
  • an individual configuration file for each hypervisor or virtualization manager to which Subscription Management is to be connected. These must be stored in the /etc/virt-who.d/ directory.
Note
  • The individual configuration files, stored in the /etc/virt-who.d/ directory, must have the .conf suffix when the version of virt-who is virt-who-0.19 or higher.
  • If you add or remove virtualization managers or hypervisors you must update the virt-who daemon’s configuration.
  • When a username is added in the virt-who configuration file before the option rhsm_username, the user must have access to log in to Satellite 6. Users of third-party applications such as Active Directory and IDM might not have access that permits them to log in to Satellite 6.

The following is an extract from the example individual configuration file provided with virt-who. The configuration options for each connection are contained in a stanza. The title of each configuration stanza must be unique. It is recommended, but not required, that the individual configuration files are given the same name as the hypervisor.

#[config name]
#type=               ; insert one of libvirt/esx/hyperv/rhevm/vdsm/fake
#server=             ; insert hostname or ip address of the server to connect to
#username=           ; username for server authentication
#password=           ; password for server authentication
#encrypted_password= ; password encrypted using virt-who-password utility
#owner=              ; owner for use with SAM, Customer Portal, or Satellite 6
#env=                ; environment for use with SAM, Customer Portal, or Satellite 6
#hypervisor_id=      ; how will be the hypervisor identified, one of: uuid, hostname, hwuuid
Note

It is possible, and supported, to combine the global configuration and the hypervisor connections' configuration files into a single file: /etc/sysconfig/virt-who. However, this method will be deprecated in the future. Separating the global and individual configuration files allows for easier troubleshooting.

5.1.1. Limiting the Scope of virt-who Access

If you run a hybrid environment, with virtual machines running Red Hat Enterprise Linux and other operating systems, you might want to limit the scope of virt-who’s access to hosts. For example, if some hypervisors host only Microsoft Windows Server instances, there is no benefit in having those hypervisors reported by the virt-who agent.

To limit virt-who’s access to hosts (hypervisors), use one or both of the following methods. Both methods achieve the same objective, but the include or exclude method should be considered the default since it is a native feature of virt-who.

  • List hosts to be included or excluded.
  • Limit access to only a subset of hosts.

5.1.1.1. List Hosts to be Included or Excluded

To either include or exclude hosts being reported by the virt-who daemon, list them in the virt-who configuration file, separated by commas. If a host’s name contains special characters, enclose it in quotation marks. To include hosts, use the filter_hosts parameter. To exclude hosts, use the exclude_hosts parameter. Only one of these methods can be used in each virt-who configuration file.

The method of identifying hosts to be included or excluded must match the method you specified to have them identified in the Satellite web UI. If you specified hypervisor_id=hostname, then you must list the hosts' names. If you specified hypervisor_id=uuid, or hypervisor_id=hwuuid, then you must list the hosts' UUID or HWUUID respectively.

Note

The filtering parameters filter_host_uuids and exclude_host_uuids have been deprecated.

Example of excluding hosts from virt-who

[vcenterhost1]
type=esx
server=_vsphere.example.com_
username=_test_
password=_test_
owner=_default_organization_
env=Library
hypervisor_id=_hostname_
exclude_hosts=host1.redhat.com,host2.redhat.com

5.1.1.2. Limit Access to Specific Hosts

Grant the account used by virt-who read-only access to only those hosts you want to include. With restricted access to hosts, the virt-who daemon will only find and retrieve those hosts accessible to it.

5.1.2. Configuration Sources

In this guide, all examples use configuration files, but virt-who can accept configuration from several sources. They are listed below in order of precedence. For detailed information about virt-who configuration options, see the virt-who-config and virt-who man pages.

Specifying configuration options at the command line can be useful if you are testing a configuration before implementing it in configuration files. Note that any such options will not persist after the virt-who service is restarted, or the Red Hat Enterprise Linux host is rebooted.

  1. command line
  2. environment variables
  3. /etc/sysconfig/virt-who file
  4. /etc/virt-who.d/*.conf files
  5. /etc/virt-who.conf file

5.2. Creating a User for virt-who

  1. Create a Subscription Management user with Administrator access.

    This account is used to allow virt-who to connect to Subscription Management. Red Hat recommends the account be used for only this purpose. If you have previously created a Subscription Management user for this purpose, skip this step.

  2. Encrypt the user’s password.

    Encrypting the virt-who account password provides greater security compared with storing the password in plain text. The root account must encrypt the password because the encryption key is written into a file that is only readable by the root account. For that reason, only the root account can decrypt the password.

    1. Execute the virt-who-password utility.

      # virt-who-password

      Enter the password of the account to connect to the hypervisor. The encrypted form of the password is output to the screen.

      # virt-who-password
      Password: <virt who account's password>
      Use following as value for encrypted_password key in the configuration file:
      837a5d6a34203e805c998ce02bf84c03
    2. Make a note of the encrypted password.

This is used later in the virt-who daemon’s configuration.

5.3. Configuring virt-who to Connect to Red Hat Enterprise Virtualization Hypervisor

Repeat this procedure for each Red Hat Enterprise Virtualization Hypervisor (RHEV-H) host to which this instance of virt-who is to be connected.

  1. Encrypt the password of the account to be used to connect to the Red Hat Enterprise Virtualization Manager instance.

    Use the virt-who-password command to encrypt the password. For an example, see Section 5.2, “Creating a User for virt-who”.

  2. Copy the template configuration file to a new file.

    On the virt-who host:

    # cp /etc/virt-who.d/template.conf /etc/virt-who.d/rhevmhost1.conf

    To make it easy to identify the configuration file for each hypervisor, use the RHEV-H host’s name as the new file’s name. In this example, the host name is rhevmhost1.

  3. Edit the configuration file you just created, changing the example values with those specific to your configuration.

    [rhevmhost1]              1
    type=rhevm                2
    hypervisor_id=hostname    3
    owner=organization_label           4
    env=Library               5
    server=https://rhevmhost1.example.com:443  6
    username=admin@internal   7
    encrypted_password=bd257f93d@482B76e6390cc54aec1a4d  8
    1
    This must be unique for each virt-who instance. Use the Red Hat Virtualization Manager host’s name to make it easy to identify the configuration file for each hypervisor.
    2
    The type=rhevm specifies that this virt-who connection is to a Red Hat Virtualization Manager.
    3
    Specifies that hypervisors will be identified in the Subscription Management web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.
    4
    Organization’s label.
    5
    This specifies the environment in which the host will be placed and must be Library.
    6
    Red Hat Enterprise Virtualization Manager’s fully qualified host name or IP address. The default port number is 8443, but port 443 is used by Red Hat Enterprise Virtualization Manager after version 3.0.
    7
    Account name by which virt-who is to connect to the Red Hat Enterprise Virtualization Manager instance. The username option requires input in the format username@domain. Note that the read-only access is not sufficient to be able to acquire the Red Hat Virtualization Hypervisor host information via virt-who. It is necessary to create a new role in the Red Hat Enterprise Virtualization environment with the Admin account type and Login Permissions enabled only and assign this role to the user.
    8
    Encrypted password for the account specified by username.

5.4. Configuring virt-who to Connect to a Red Hat Enterprise Linux Hypervisor

Complete this procedure on each Red Hat Enterprise Linux hypervisor.

Configure virt-who to connect to the Red Hat Enterprise Linux hypervisor

  1. Configure the Red Hat Enterprise Linux hypervisor to register to the Subscription Asset Manager instance.

    # yum install http://rhsm.example.com/pub/candlepin-cert-consumer.noarch.rpm
  2. Register the Red Hat Enterprise Linux hypervisor to the Subscription Asset Manager.

    # subscription-manager register --org=organization_label
  3. Attach the VDC subscription to the Red Hat Enterprise Linux hypervisor.

    # subscription-manager attach --pool=subscription_pool_ID

    To find the required subscription pool ID, list all available subscriptions.

    # subscription-manager list --available
  4. Copy the template configuration file to a new file.

    To make it easy to identify the configuration file for each hypervisor, use the hypervisor host’s name as the new file’s name. In this example, the host name is rhelhost1.

    cp /etc/virt-who.d/template.conf /etc/virt-who.d/rhelhost1.conf
  5. Edit the configuration file you just created, changing the example values with those specific to your configuration.

    [rhelhost1.example.com]         1
    type=vdsm                       2
    hypervisor_id=hostname          3
    1
    Red Hat Enterprise Linux Hypervisor’s FQDN.
    2
    The type=vdsm parameter specifies that this virt-who connection is to a Red Hat Enterprise Linux hypervisor.
    3
    Specifies that hypervisors will be identified in the Subscription Management web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.

This completes the configuration required for a Red Hat Enterprise Linux hypervisor instance.

Registering Guest Virtual Machines

When registering a virtual machine hosted on this Red Hat Enterprise Linux host, you need to use an activation key that has auto-attach enabled and no subscriptions attached. This way, the virtual machine will inherit the VDC subscription from the hypervisor.

  1. Configure the virtual machine to register with the Subscription Asset Manager.

    # yum install http://__rhsm.example.com__/pub/candlepin-cert-consumer.noarch.rpm
  2. Register the virtual machine. The activation key created for VDC subscription has to be listed first. Add a secondary key for additional product subscription if required.

    # subscription-manager register --activationkey=VDC_Key,secondaryKey --org=organization_label
  3. Disable any auto-activated repositories.

    # subscription-manager repos --disable=*
  4. Enable the desired repositories for the system.

    # subscription-manager repos --enable=example-repo

5.5. Configuring virt-who to Connect to a Red Hat OpenStack Platform Compute Node

Complete this procedure on each Red Hat OpenStack Platform compute node.

Configure virt-who to connect to the Red Hat OpenStack Platform compute node

  1. Configure the Red Hat OpenStack Platform compute node to register to the Subscription Asset Manager instance.

    # yum install http://rhsm.example.com/pub/candlepin-cert-consumer.noarch.rpm
  2. Register the Red Hat OpenStack Platform compute node to the Subscription Asset Manager.

    # subscription-manager register --org="organizational_label"
  3. Attach the VDC subscription to the Red Hat OpenStack Platform compute node.

    # subscription-manager attach --pool=subscription_pool_ID

    To find the required subscription pool ID, list all available subscriptions.

    # subscription-manager list --available
  4. Copy the template configuration file to a new file.

    To make it easy to identify the configuration file for each hypervisor, use the hypervisor host’s name as the new file’s name. In this example, the host name is rhosphost1.

    cp /etc/virt-who.d/template.conf /etc/virt-who.d/rhosphost1.conf
  5. Edit the configuration file you just created, changing the example values with those specific to your configuration.

    [rhosphost1.example.com]    1
    type=libvirt                2
    hypervisor_id=hostname      3
    1
    Red Hat OpenStack Platform compute node’s FQDN.
    2
    The type=libvirt parameter specifies that this virt-who connection is to a Red Hat OpenStack Platform compute node.
    3
    Specifies that hypervisors (compute nodes) will be identified in the Subscription Management web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.

This completes the configuration required for a Red Hat OpenStack Platform compute node.

Registering Guest Virtual Machines

When registering guest virtual machines hosted on this Red Hat OpenStack Platform compute node, it is important that they use the subscription attached to the compute node.

  1. Configure the virtual machine to register with the Subscription Asset Manager.

    # yum install http://_rhsm.example.com_/pub/candlepin-cert-consumer.noarch.rpm
  2. Register the virtual machine.

    # subscription-manager register --org="organization_label"
  3. Obtain a subscription

    # subscription-manager attach --pool=subscription_pool_ID

    Ensure the subscription pool is the same as that used for the compute node. The virtual machine will obtain a subscription from the Subscription Asset Manager. For details of this process, see Section 1.5, “Virtual Machine Subscription Process”.

5.6. Configuring virt-who to Connect to VMware vCenter

Repeat this procedure for each VMware vCenter host to which this instance of virt-who is to be connected.

  1. Encrypt the password of the account to be used to connect to VMware vCenter.

    Use the virt-who-password command to encrypt the password. For an example, see Section 5.2, “Creating a User for virt-who”.

  2. Copy the template configuration file to a new file.

    To make it easy to identify the configuration file for each hypervisor, use the VMware vCenter host’s name as the new file’s name. In this example, the host name is vcenterhost1.

    # cp /etc/virt-who.d/template.conf /etc/virt-who.d/vcenterhost1.conf
  3. Edit the configuration file you just created, changing the example values with those specific to your configuration.

    [vcenterhost1]          1
    type=esx                2
    hypervisor_id=hostname  3
    owner=organization_label            4
    env=Library             5
    server=vcenterhost1.example.com  6
    username=corporate\svc-virt-who 7
    encrypted_password=bd257f93d@482B76e6390cc54aec1a4d  8
    1
    This must be unique for each virt-who instance. Use the VMware vCenter’s host name to make it easy to identify the configuration file for each hypervisor.
    2
    The type=esx parameter specifies that this virt-who connection is to a VMware vCenter.
    3
    Specifies that hypervisors will be identified in the Subscription Management web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.
    4
    Organization’s label.
    5
    This specifies the environment in which the host will be placed and must be Library.
    6
    VMware vCenter server’s fully qualified host name or IP address.
    7
    Account name by which virt-who is to connect to the hypervisor, in the format domain_name\account_name. Note that only a single backslash separates the values for domain_name and account_name. If you are using a domain account, and the global configuration file /etc/sysconfig/virt-who, then two backslashes are required. For further details, see the Red Hat Knowledgebase solution How to use a windows domain account with virt-who.
    8
    Encrypted password for the account specified by username.

5.7. Configuring virt-who to Connect to Microsoft Hyper-V

Note

The virt-who utility does not currently support Microsoft System Center 2012 R2 Virtual Machine Manager (SCVMM). There must be a virt-who configuration file for each Microsoft Hyper-V host to which virt-who is to connect.

Repeat this procedure for each Microsoft Hyper-V host to which this instance of virt-who is to be connected.

  1. Enable Windows Remote Management and either the HTTP or HTTPS listener must be running.

    On the Microsoft Hyper-V server:

    # winrm quickconfig
  2. Enable remote administration on the Microsoft Hyper-V server.

    On the Microsoft Hyper-V server:

    # netsh advfirewall firewall set rule group=Remote Administration new enable=yes
  3. If you are using HTTP, enable the unencrypted connection.

    On the Microsoft Hyper-V server:

    # winrm set winrm/config/service @{AllowUnencrypted="true"}
  4. Verify that the authentication method configured on the Microsoft Hyper-V server is either Basic or NTLM.

    On the Microsoft Hyper-V server:

    # winrm get winrm/config/service/auth
  5. Encrypt the password of the account to be used to connect to the Microsoft Hyper-V server.

    Use the virt-who-password command to encrypt the password. For an example, see Section 5.2, “Creating a User for virt-who”.

  6. Copy the template configuration file to a new file.

    On the virt-who host:

    # cp /etc/virt-who.d/template.conf /etc/virt-who.d/hypervhost1.conf

    To make it easy to identify the configuration file for each hypervisor, use the Microsoft Hyper-V server’s host name as the new file’s name. In this example, the host name is hypervhost1.

  7. Edit the configuration file you just created, changing the example values with those specific to your configuration.

    [hypervhost1]                   1
    type=hyperv                     2
    hypervisor_id=hostname          3
    owner=organization_label                 4
    env=Library                     5
    server=hypervhost1.example.com  6
    username=admin          7
    encrypted_password=bd257f93d@482B76e6390cc54aec1a4d  8
    1
    This must be unique for each virt-who instance. Use the Microsoft Hyper-V host’s name to make it easy to identify the configuration file for each hypervisor.
    2
    The type=hyperv specifies that this virt-who connection is to a Microsoft Hyper-V host.
    3
    Specifies that hypervisors will be identified in the Subscription Management web UI by their host name. The default is to use the hypervisor’s UUID, which is less meaningful.
    4
    Organization’s label.
    5
    This specifies the environment in which the host will be placed and must be Library.
    6
    Microsoft Hyper-V fully qualified host name or IP address.
    7
    Account name by which virt-who is to connect to the hypervisor. By default this is Administrator. To use an alternate account, create a user account and assign that account to the following groups (Windows 2012 Server): Hyper-V Administrators and Remote Management Users.
    8
    Encrypted password for the account specified by username.

5.8. Configuring and Starting virt-who Service

  1. Configure the virt-who service for Subscription Management.

    Edit the global /etc/sysconfig/virt-who configuration file and set the following parameter as shown. This specifies that virt-who is to be communicating with a Subscription Management host.

    VIRTWHO_SAM=1
    Warning

    By default virt-who initiates a scan hourly. The interval is defined by the VIRTWHO_INTERVAL global configuration parameter and measured in seconds. It should ONLY be changed on advice from Red Hat Support.

  2. Allow for an HTTP proxy between virt-who and guest virtual machines.

    If there is an HTTP proxy between the server on which virt-who is running and the hypervisors or virtualization managers, edit the global /etc/sysconfig/virt-who configuration file and set the following parameter as shown.

    http_proxy=http://proxy-ip-or-hostname:port-number
  3. Verify the virt-who configuration.

    Run the command virt-who --one-shot which reads all configuration files, retrieves the list of virtual machines from all sources, then exits immediately. This tests the configuration files, credentials, and connectivity to configured virtualization platforms.

    # virt-who --one-shot

    The output is a list of hypervisors and the hosted guest virtual machines, in JSON format. The following is an extract from virt-who output from a VMware vSphere instance. The output from all hypervisors follows the same structure.

    {
        "guestId": "422f24ed-71f1-8ddf-de53-86da7900df12",
        "state": 5,
        "attributes": {
            "active": 0,
            "virtWhoType": "esx",
            "hypervisorType": "vmware"
        }
    },
  4. Start and enable the virt-who service.

    On Red Hat Enterprise Linux 7:

    # systemctl start virt-who.service
    # systemctl enable virt-who.service

    On Red Hat Enterprise Linux 6:

    # service virt-who start
    # chkconfig virt-who on
  5. Verify that the virt-who service started successfully.

    On Red Hat Enterprise Linux 7:

    # systemctl status virt-who.service

    The output from this command should be similar to the following. The virt-who.service; enabled output confirms it is enabled and Active: active (running) confirms it is started.

    ● virt-who.service - Daemon for reporting virtual guest IDs to subscription-manager
       Loaded: loaded (/usr/lib/systemd/system/virt-who.service; enabled; vendor preset: disabled)
       Active: active (running) since Fri 2016-03-11 14:59:05 AEST; 47s ago

    On Red Hat Enterprise Linux 6:

    # service virt-who status

    The output from this command should be similar to the following.

    virt-who (pid  7474) is running...

5.8.1. Restarting the virt-who Service

If one or more of the virt-who configuration files is changed, or the environment in the Subscription Management configuration changes, the virt-who service must be restarted so the changes can take effect. For example, virt-who must be restarted after changing the virt-who account’s password or moving a hypervisor to a new organization.

On Red Hat Enterprise Linux 7:

# systemctl restart virt-who.service

On Red Hat Enterprise Linux 6:

# service virt-who restart