Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
DescriptionAmar Huchchanavar
2016-10-20 19:32:28 UTC
1. Proposed title of this feature request
[RFE] Ability to control virt-who reporting via Satellite server
2. What is the nature and description of the request?
There is no control on which systems can send the Host-Guest mappings, any user can install virt-who and start reporting to the satellite server.
3. Why does the customer need this? (List the business requirements here)
In an organization where multiple entities have autonomous control over their systems this means that many virt-who installs may happen mistakenly or not. This can cause numerous issues on the satellite server.
This functionality will also help to avoid duplicate mappings to the satellite server, only valid servers could send the ID mappings.
4. How would the customer like to achieve this? (List the functional requirements here)
There should be an option over satellite to control the reporting.
5. Is there already an existing RFE upstream or in Red Hat Bugzilla?
No
6. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
No specific timeline.
7. Is the sales team involved in this request and do they have any additional input?
No
8. List any affected packages or components.
Virt-who reporting
9. Would the customer be able to assist in testing this functionality if implemented?
Yes
The need expressed in the BZ is the ability to limit access from Virt-Who servers to the Satellite's Candlepin API. There are 2 approaches to closing this potential security hole: 1. Add an ACL to the Satellite config file(s) allowing the Satellite admin to add a list of supported IP addresses that represent virt-who servers. All others will be denied. 2. Require the generation of certificate on the Satellite Server that must be then installed on all authorized virt-who servers.
I prefer the latter method.
This is addressed by virt-who configure plugin that is to be released with 6.3. Each configuration has a unique service user account with restricted role granting only permissions required for uploading the report. One can create specific user with limited permission for every virt-who instance already today. I think BZ is in fact a duplicate of BZ 1434756.
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in product in the forseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.
1. Proposed title of this feature request [RFE] Ability to control virt-who reporting via Satellite server 2. What is the nature and description of the request? There is no control on which systems can send the Host-Guest mappings, any user can install virt-who and start reporting to the satellite server. 3. Why does the customer need this? (List the business requirements here) In an organization where multiple entities have autonomous control over their systems this means that many virt-who installs may happen mistakenly or not. This can cause numerous issues on the satellite server. This functionality will also help to avoid duplicate mappings to the satellite server, only valid servers could send the ID mappings. 4. How would the customer like to achieve this? (List the functional requirements here) There should be an option over satellite to control the reporting. 5. Is there already an existing RFE upstream or in Red Hat Bugzilla? No 6. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)? No specific timeline. 7. Is the sales team involved in this request and do they have any additional input? No 8. List any affected packages or components. Virt-who reporting 9. Would the customer be able to assist in testing this functionality if implemented? Yes