How to configure virt-who with encrypted password?

Solution Verified - Updated 5 Aug 2024

Environment

virt-who (available from 0.11-5.el7 and above versions)
subscription-manager

Issue

How to use encrypted password in virt-who configuration?
Need to use encrypted password with virt-who.

Resolution

To generate encrypted password for the virt-who config file, use the virt-who-password utility.
virt-who-password prompts for password and writes encrypted entered password to the standard output.
This utility must be executed as root, because the encryption key is written into file that is only readable by root. Note that root can decrypt the password.
Encryption key is written into file /var/lib/virt-who/key, make sure that this file is only readable and writeable by root.
IMPORTANT The encrypted password is specific to the machine it was created on, if you use the same service account across multiple virt-who instances on different systems, you will need to create a virt-who password on each system.
To get an encrypted password string execute the below command.

[root@localhost ~]# virt-who-password
Password: 
Use following as value for encrypted_password key in the configuration file:
<encrypted_password_string>

Note: When prompted for password, enter the password of your ESX Host and note down the encrypted string.

Create a new configuration file for virt-who inside /etc/virt-who.d/.

[root@localhost ~]# vi /etc/virt-who.d/virt-who.conf
[config]
type=<hypervisor_type>
server=<vcenter/esx host>
username=<vcenter/esx_username>
encrypted_password=<encrypted_password_string>
owner=<owner>
env=Library

Hypervisor Type:

The hypervisor type can be libvirt, vdsm, esx, rhevm,xen,ahv and hyperv.

Restart virt-who Service:

Restart the virt-who service after the configuration change.

[root@localhost ~]# service virt-who restart

Note: As a configuration file is created under /etc/virt-who.d/ do not specify the hyper-visor details in /etc/sysconfig/virt-who, however having the parameter VIRTWHO_BACKGROUND=1 in the file /etc/sysconfig/virt-who is mandatory for virt-who service to run in background. For more information refer the man page.

# man virt-who-config

Note: The <owner> column in the /etc/virt-who.d/ configuration file is provided by executing the below command

 [root@localhost ~]# subscription-manager identity
org name : <string>   ------> This is the <owner> value in the above configuration file.

For more KB articles/solutions related to Virt-who and Virtual Datacenter (VDC) Subscriptions Issues, please refer to the Consolidated Troubleshooting Article for Virt-who and Virtual Datacenter (VDC) Subscriptions Issues

SBR

Subscription Management

Product(s)

Red Hat Subscription Management

Components

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.