Chapter 4. Configuring virt-who

Important

The use of environment variables and the use of the sysconfig file to configure virt-who are deprecated. Their use will be ignored in the next major release.

The supported virt-who configuration is different for each virtualization platform:

4.1. Installing and configuring virt-who on Red Hat hypervisors

Use this procedure to install and configure virt-who on each hypervisor in Red Hat Enterprise Linux Virtualization (KVM), Red Hat Virtualization, or Red Hat OpenStack Platform.

Prerequisites

  • Register the hypervisor to Red Hat Subscription Management.
  • If you are using Red Hat Virtualization Host (RHVH), update it to the latest version so that the minimum virt-who version is available. Virt-who is available by default on RHVH, but cannot be updated individually from the rhel-7-server-rhvh-4-rpms repository.

Procedure

  1. Install virt-who on the hypervisor: 

    # yum install virt-who

  2. Optional: Edit the /etc/virt-who.conf file to change or add global settings. Because virt-who is installed locally, these settings apply only to this hypervisor.

    • Change the value of VIRTWHO_INTERVAL to specify how often, in minutes, virt-who queries the hypervisor. Because the virtual machines are granted temporary subscriptions for up to seven days, frequent queries are not required; you can select an interval that suits the size of your environment. Once a day (1440) is suitable for most environments.

    • If you want to use an HTTP proxy for virt-who communication, add a line specifying the proxy: 

      http_proxy=https://proxy.example.com:443

    • If you do not want to use an HTTP proxy for any virt-who communication from this server, add the following line: 

      NO_PROXY=*
      Note

      NO_PROXY=* can be used but only in /etc/sysconfig/virt-who.

      NO_PROXY is not a valid configuration in /etc/virt-who.conf.

  3. Copy the template configuration file to a new individual configuration file: 

    # cp /etc/virt-who.d/template.conf /etc/virt-who.d/local.conf

  4. Edit the configuration file you just created, changing the example values to those specific to your configuration: 

    [local] 1
type=libvirt 2
owner=1234567 3
hypervisor_id=hostname 4
    1
    The name does not need to be unique, because this configuration file is the only one managed by this instance of virt-who.
    2
    Specifies that this virt-who connection is to a Red Hat hypervisor.
    3
    The organization the hypervisor belongs to. You can find the organization by running subscription-manager orgs on the hypervisor.
    4
    Specifies how to identify the hypervisor. Use hostname to provide meaningful host names to Subscription Management. Alternatively, you can use uuid to avoid duplication if a hypervisor is renamed. Do not use hwuuid for an individual hypervisor.

  5. Start and enable the virt-who service: 

    # systemctl enable --now virt-who

Repeat these steps for each hypervisor.

4.2. Configuring virt-who to connect to VMware vCenter

Use this procedure to configure virt-who to connect to a VMware vCenter Server.

Prerequisites

  • Create a read-only virt-who user on the vCenter Server. The virt-who user requires at least read-only access to all objects in the vCenter Data Center.
  • Prepare a virt-who host on a Red Hat Enterprise Linux server.

Procedure

  1. On the virt-who host, encrypt the virt-who user’s password with the virt-who-password utility: 

    # virt-who-password

    When prompted, enter the password of the virt-who user, then make a note of the encrypted form of the password.

  2. Copy the template configuration file to a new individual configuration file: 

    # cp /etc/virt-who.d/template.conf /etc/virt-who.d/vcenter1.conf

    To make it easy to identify the configuration file when troubleshooting, use the VMware vCenter host name as the new file’s name. In this example, the host name is vcenter1.

  3. Edit the configuration file you just created, changing the example values with those specific to your configuration: 

    [vcenter1] 1
type=esx 2
server=vcenter1.example.com 3
username=virt_who_user 4
encrypted_password=bd257f93d@482B76e6390cc54aec1a4d 5
owner=1234567 6
hypervisor_id=hostname 7
filter_hosts=esx1.example.com, esx2.example.com 8
    1
    The name must be unique for each individual configuration file. Use the vCenter Server host name to make it easy to identify the configuration file for each hypervisor.
    2
    Specifies that this virt-who connection is to a VMware vCenter Server.
    3
    The FQDN of the vCenter Server.
    4
    The name of the virt-who user on the vCenter Server.
    5
    The encrypted password of the virt-who user.
    6
    The organization the hypervisors belong to. You can find the organization by running subscription-manager orgs on a hypervisor.
    7
    Specifies how to identify the hypervisors. Use hostname to provide meaningful host names to Subscription Management. Alternatively, you can use uuid or hwuuid to avoid duplication if a hypervisor is renamed.
    8
    If some hypervisors never run Red Hat Enterprise Linux virtual machines, those hypervisors do not need to be reported by virt-who. You can filter hypervisors using one of the following options. Wildcards and regular expressions are supported. If a name contains special characters, enclose it in quotation marks.
    • filter_hosts or exclude_hosts: Provide a comma-separated list of hypervisors according to the specified hypervisor_id. For example, if hypervisors are identified by their host name, they must be included or excluded by their host name.
    • filter_host_parents or exclude_host_parents: Provide a comma-separated list of clusters. Hypervisors in a filtered cluster are reported by virt-who. Hypervisors in an excluded cluster are not reported by virt-who.

  4. Restart the virt-who service: 

    # systemctl restart virt-who

Repeat these steps for each vCenter Server.

4.3. Configuring virt-who to connect to Microsoft Hyper-V

Use this procedure to configure virt-who to connect to a Microsoft Hyper-V hypervisor.

Prerequisites

  • Red Hat Enterprise Linux 9 or later.
  • Prepare a virt-who host on a Red Hat Enterprise Linux server.
  • Enable basic authentication mode for the hypervisor.
  • Enable remote management on the hypervisor.
  • Create a read-only virt-who user on the hypervisor.

Procedure

  1. On the virt-who host, encrypt the password of the hypervisor’s virt-who user with the virt-who-password utility: 

    # virt-who-password

    When prompted, enter the password of the virt-who user, then make a note of the encrypted form of the password.

  2. Copy the template configuration file to a new individual configuration file: 

    # cp /etc/virt-who.d/template.conf /etc/virt-who.d/hyperv1.conf

    To make it easy to identify the configuration file when troubleshooting, use the hypervisor’s host name as the new file’s name. In this example, the host name is hyperv1.

  3. Edit the configuration file you just created, changing the example values with those specific to your configuration: 

    [hyperv1] 1
type=hyperv 2
server=hyperv1.example.com 3
username=virt_who_user 4
encrypted_password=bd257f93d@482B76e6390cc54aec1a4d 5
owner=1234567 6
hypervisor_id=hostname 7
    1
    The name must be unique for each individual configuration file. Use the hypervisor’s host name to make it easy to identify the configuration file for each hypervisor.
    2
    Specifies that this virt-who connection is to a Microsoft Hyper-V hypervisor.
    3
    The FQDN of the Hyper-V hypervisor.
    4
    The name of the virt-who user on the hypervisor.
    5
    The encrypted password of the virt-who user.
    6
    The organization this hypervisor belongs to. You can find the organization by running subscription-manager orgs on the hypervisor.
    7
    Specifies how to identify the hypervisor. Use hostname to provide meaningful host names to Subscription Management. Alternatively, you can use uuid to avoid duplication if a hypervisor is renamed. Do not use hwuuid for an individual hypervisor.

  4. Restart the virt-who service: 

    # systemctl restart virt-who

Repeat these steps for each hypervisor.

4.4. Configuring virt-who to connect to OpenShift Virtualization

Supported Platforms

OpenShift Virtualization supported status by virt-who:

  • virt-who-0.28.x-1.el7 (RHEL 7.9)
  • virt-who-0.29.x-1.el8 (RHEL 8.3)

Procedure

  1. In the cluster you want to subscribe, create a project and a service account named virt-who: 

    $ oc new-project virt-who
$ oc create serviceaccount virt-who

  2. Create cluster roles to list nodes and virtual machine Instances. 

    $ oc create clusterrole lsnodes --verb=list --resource=nodes
$ oc create clusterrole lsvmis --verb=list --resource=vmis

  3. Create cluster role bindings. 

    $ oc adm policy add-cluster-role-to-user lsnodes system:serviceaccount:virt-who:virt-who
$ oc adm policy add-cluster-role-to-user lsvmis system:serviceaccount:virt-who:virt-who

  4. Verify that the virt-who system account has the permissions to list all running VMs: 

    $ oc get vmis -A --as=system:serviceaccount:virt-who:virt-who

  5. Install virt-who on a host, which can be a VM running on OpenShift Virtualization itself: 

    [virtwho-host]$ yum install virt-who

  6. Find your owner number on a subscribed host: 

    $ subscription-manager orgs

  7. Copy the template configuration file to a new individual configuration file. To make it easy to identify the configuration file when troubleshooting, use the hostname of the cluster API. In this example, the host name is openshift-cluster-1. 

    [virtwho-host]# cp /etc/virt-who.d/template.conf /etc/virt-who.d/openshift-cluster-1.conf
[cnv]
type=kubevirt
kubeconfig=/root/.kube/config
hypervisor_id=hostname
owner=<owner_number>

  8. Get the token of the virt-who service account: 

    # oc serviceaccounts get-token virt-who

  9. If /usr/bin/oc is not available, install /usr/bin/oc and use the token to log in and to create a valid kubeconfig file. You must specify the cluster api by including the url. For example: 

    [virtwho-host]# oc login https://api.testcluster-1.example.org:6443 --token=<token>

    1. To use the OpenShift Virtualization certificate-authority (CA) certificate in the kubeconfig file, extract it from the cluster and save it to a file on the system running virt-who as the controller daemon: 

      oc get secret -n openshift-kube-apiserver-operator loadbalancer-serving-signer -o jsonpath='{.data.tls\.crt}' | base64 -d > $cluster-ca.pem

    2. Change the kubeconfig file to include the extracted CA certificate. For example: 

      [virtwho-host]$ cat /root/.kube/config
apiVersion: v1
clusters:
- cluster:
    server: https://api.testcluster.example.org:6443
    certificate-authority: /root/testcluster-ca.pem
  name: api-testcluster-example-org:6443
contexts:
- context:
    cluster: api-test-cluster-example-org:6443
    namespace: default

  10. Before starting the service, you can test the configuration manually: 

    [virtwho-host]# virt-who --print
Note

If the jq program is installed, you can use it to make the output easier to read: # virt-who --print | jq

  1. Enable the virt-who service: 

    [virtwho-host]# systemctl enable virt-who

  2. Restart the virt-who service to use the new configuration. 

    [virtwho-host]# systemctl restart virt-who

Virt-who logs are available in /var/log/rhsm/rhsm.log. In this file, you can view configuration or connectivity errors.