Virt-Who Processes, Queries, and Data

Updated

Network Security Officers and Administrators may have concerns about providing read-only credentials to the virt-who process. Concerns generally focus on the use of the credentials for activities other than subscription reconciliation. This article provides details on the virt-who processes, queries, and retained data to verify that the virt-who process is necessary and solely for the purpose of subscription reconciliation.

Virt-Who High-Level Process


Certain RHEL subscriptions, such as the Red Hat Enterprise Linux Virtual DataCenter, attach to a physical system (hypervisor) and unlock subscriptions for use by virtual RHEL guests being executed on that host. Red Hat's subscription service must know the host/guest association to reconcile subscription use. In lieu of the virtual guests providing the host on which they are executing an external agent, virt-who, is provided which contributes to a process used for reconciliation: 1. Virt-who queries the hypervisor infrastructure to understand the infrastructure organization (such as clusters/folders). 2. Virt-who retrieves a list of hosts (hypervisors), together with supporting attributes that uniquely identify that system. 3. Virt-who retrieves a list of guests per hosts (hypervisors), together with supporting attributes that uniquely identify that guest. 4. Virt-who merges the host and guest lists to provide a “mapping” for subscription services. 5. Subscription Services uses the host/guest map to evaluate and reconcile subscription use and recognize when guests have migrated.

Virt-Who Queries and Data


Red Hat's Subscription Services support multiple “certified hypervisor platforms”. Details on the unique processing of those fabrics is provided below:

VMware - All information mentioned below is stored by the subscription service except the guest states and parent objects. All queries are done using objects created via the vSphere API.

  • Virt-who authenticates with the server using the username and password provided in the config file.
  • Virt-who attempts to connect to '<config_url>/sdk' where <config_url> is the server url provided in the config file.
  • For use with the vSphere API, two property specs are created; one for objects of type "VirtualMachine" and one for "HostSystem" objects. The objects specify the content that virt-who would like to receive updates for.
  • For objects of type "VirtualMachine" requested properties:
    - The uuid of the vm ('config.uuid)
    - The status of the vm ('runtime.powerState')
  • For objects of type "HostSystem" requested properties:
    - The hostname of the HostSystem ('name')
    - List of references to VirtualMachine objects that reside on this HostSystem ('vm')
    - The hardware uuid of the HostSystem ('hardware.systemInfo.uuid')
    - A reference to the parent object of the HostSystem ('parent')

Microsoft - All information mentioned below is stored by the subscription service except the guest states. All queries are done using Hyper-V SOAP API.

  • Authentication is done with the provided url, username, and password provided in the config file.
  • Guest states are retrieved using the GetSummaryInformation method
  • The data retrieved by virt-who for each guest on the system is: 'BIOSGUID', 'ElementName', and guest_state.
  • The DNSHostName of the host system is reported as retrieved via the query "select DNSHostName from Win32_ComputerSystem"
  • The UUID of the host system is retrieved via the query: "select UUID from Win32_ComputerSystemProduct"
Category
Tags
Article Type