| Summary: | [RFE] Ability to control virt-who reporting via Satellite server | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Amar Huchchanavar <ahuchcha> |
| Component: | Subscription Management | Assignee: | Marek Hulan <mhulan> |
| Status: | CLOSED WONTFIX | QA Contact: | Katello QA List <katello-qa-list> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.2.2 | CC: | ahuchcha, bbuckingham, dcaplan, erinn.looneytriggs, jcallaha, oprazak, szadok, tomckay, unwosu |
| Target Milestone: | Unspecified | Keywords: | FutureFeature, PrioBumpPM, Triaged |
| Target Release: | Unused | Flags: | mhulan:
needinfo?
(ahuchcha) |
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-10-05 17:25:26 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
The need expressed in the BZ is the ability to limit access from Virt-Who servers to the Satellite's Candlepin API. There are 2 approaches to closing this potential security hole: 1. Add an ACL to the Satellite config file(s) allowing the Satellite admin to add a list of supported IP addresses that represent virt-who servers. All others will be denied. 2. Require the generation of certificate on the Satellite Server that must be then installed on all authorized virt-who servers. I prefer the latter method. This is addressed by virt-who configure plugin that is to be released with 6.3. Each configuration has a unique service user account with restricted role granting only permissions required for uploading the report. One can create specific user with limited permission for every virt-who instance already today. I think BZ is in fact a duplicate of BZ 1434756. Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in product in the forseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you. |
1. Proposed title of this feature request [RFE] Ability to control virt-who reporting via Satellite server 2. What is the nature and description of the request? There is no control on which systems can send the Host-Guest mappings, any user can install virt-who and start reporting to the satellite server. 3. Why does the customer need this? (List the business requirements here) In an organization where multiple entities have autonomous control over their systems this means that many virt-who installs may happen mistakenly or not. This can cause numerous issues on the satellite server. This functionality will also help to avoid duplicate mappings to the satellite server, only valid servers could send the ID mappings. 4. How would the customer like to achieve this? (List the functional requirements here) There should be an option over satellite to control the reporting. 5. Is there already an existing RFE upstream or in Red Hat Bugzilla? No 6. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)? No specific timeline. 7. Is the sales team involved in this request and do they have any additional input? No 8. List any affected packages or components. Virt-who reporting 9. Would the customer be able to assist in testing this functionality if implemented? Yes