At Red Hat Summit we redefined what is included in a Red Hat Enterprise Linux (RHEL) subscription, and part of that is announcing that every RHEL subscription will include Red Hat Insights. The Insights team is very excited about this, and we wanted to take an opportunity to expand on what this means to you, and to share some of the basics of Red Hat Insights.
We wanted to make RHEL easier than ever to adopt, and give our customers the control, confidence and freedom to help scale their environments through intelligent management. Insights is an important component in giving organizations the ability to predict, prevent, and remediate problems before they occur.
What is Red Hat Insights?
You may have experienced a situation where you had a problem and you had to start by checking the basics. Is the time set correctly? Are my network settings correct? Then you move on to more detailed checks like "have I updated the kernel, or am I susceptible to Spectre/Meltdown?"
What if you have a tool that would perform all of these general system checks for you, every day? This can take care of mundane issues, identifying the problem as well as the resolution. In many cases an Ansible playbook is also available to help you automate the remediation of issues that are found.
This is some of the value brought to you by using Red Hat Insights.
In more technical language, Red Hat Insights is a Software-as-a-Service (SaaS) product that provides continuous, in-depth analysis of registered Red Hat-based systems to proactively identify threats to availability, security, performance and stability across physical, virtual and cloud environments.
Insights works off of an intelligent rules engine, comparing system configuration information to rules in order to identify issues, often before a problem occurs.
What do I need to get started with Insights?
Red Hat Insights is included with your Red Hat Enterprise Linux subscription. Though we announced that Insights was included with your RHEL subscription at the same time that RHEL 8 was launched, we want to clarify that Insights is included with RHEL for supported RHEL versions that have the Insights client available. This is currently RHEL 6.10 and above, including RHEL 7 and RHEL 8 versions.
It is also important to note that this includes all variants of RHEL except RHEL embedded. Red Hat Enterprise Linux Server, Workstation, Developer Workstation, etc. all include Insights.
To use Insights you need a Red Hat account and you need to install the Insights client on each and every system that you want to monitor.
Detailed information is available on the Red Hat Insights Get Started page. This includes information on getting started by manually running the commands, through the use of Red Hat Satellite, when using a public cloud marketplace image, and what to do if you are brand new to Red Hat and need to do everything including setting up a new account.
At a high level, all you really have to do is to install the Insights client and register.
For each Red Hat Enterprise Linux host,
ssh into the host using an account with
sudo permissions, then run:
# yum install insights-client # insights-client --register
The Insights client is installed by default on Red Hat Enterprise Linux 8 hosts (except the minimal installation option), so the process is even simpler. If you are using RHEL 8, then all you have to do is run the
insights-client --register command.
The Insights get started page also includes information on how to automate the install with Ansible or Puppet for when you plan to widely deploy Insights to all of your hosts.
Check out this video on Installation and Registration of the Insights client to see the steps for yourself. This also includes information on how to register using basic authentication.
Red Hat does recommend connecting a minimum of ten systems to Insights to get an accurate representation of issues that persist across your environment. Even when using a gold image or standard operating environment, the hosts can drift over time and chances are some systems will have risks that others do not have.
How to use cloud.redhat.com to see and address risks
Now that your systems are registered you are ready to look at the results. These will start showing up moments after the registration process is completed at cloud.redhat.com.
Cloud.redhat.com is the home for Red Hat’s Software-as-a-Service (SaaS) offerings. If this is your first time to cloud.redhat.com you will be presented with the login page. You will need to click the login button and log in with your Red Hat account.
Since you have already registered your systems you should know your Red Hat account information. But if you don’t have a Red Hat account yet, go to the Insights get started page and select the tab for “New Red Hat Account” which will help you get set up with an account.
Once you have logged in, you will be presented with several tiles. At the time of this posting there are three tiles on cloud.redhat.com - Red Hat Insights, Cloud Management Services for Red Hat Enterprise Linux, and Red Hat OpenShift Cluster Manager.
Red Hat Insights - This tile will take you to the Insights section of cloud.redhat.com. Red Hat Insights is included with your RHEL subscription, so anyone with a current RHEL subscription should be able to use this tile.
Cloud management services for Red Hat Enterprise Linux - this tile will take you to the cloud management services section of cloud.redhat.com and offers additional capabilities that are included with a Smart Management subscription. More details about this offering can be found in the Bringing Management-as-a-Service to the enterprise blog post.
Red Hat OpenShift Cluster Manager is a developer preview of how OpenShift 4 users can install, register, and manage all of their OpenShift 4 clusters via cloud.redhat.com.
You can also go directly to the Insights results at: cloud.redhat.com/insights.
What are these options on the left?
Looking at the left hand navigation bar, you start in the Overview page. The Overview section of Insights summarizes discovered rule hits by severity as well as by category. The severity is set by Red Hat and is based on our experience solving these same issues for other customers.
The Rules section will take you to a list of all the rules that Insights is searching for which it collects information about your environment. As of this writing Insights has more than 700 rules, and more are created when new risks are encountered, evaluated, and we have specific guidance on how to resolve the risk.
By default you are only shown the rules that affect the systems that you have connected to Insights. You can also filter the rules based on risk, impact, likelihood, category, and rules status. If needed you can disable individual rules, but this is done at a global level and impacts all hosts.
Expanding a rule will give you more details about the rule, a link to the knowledge base article, the total risk of the issue discovered, and the expected risk of making the change. It will also tell you if the fix requires a system reboot.
The inventory section will show you the hosts in your inventory. At this moment these are the hosts that have the Insights client installed and are registered with Insights. The Inventory is a shared service with other services present in cloud.redhat.com, so as you review the information in the inventory you may also see information from Vulnerability or Compliance if you also have a Smart Management subscription.
From the inventory you can select a system then see the risks Insights has discovered on that specific system.
The remediations section will show you the remediation plans. These are Ansible playbooks that you have generated through cloud.redhat.com. Like the inventory, Remediations is a shared service and playbooks that are generated for Vulnerability or Compliance as part of your Smart Management subscription will also appear here.
These remediation playbooks will need to be downloaded from cloud.redhat.com then transferred to a system that has Ansible Automation installed for running the playbook.
The documentation section links to the docs. Hit that link for more information about Insights.
Detect and fix an issue
To detect and fix issues, return to the Overview page and take a look at the rule hits by severity.
I tend to start with the most critical risks--these are the ones that Insights has identified as having the most impact on your systems.
In my environment I have a couple critical level issues, so I start by clicking the critical issues.
The actions page will summarize the rule, when the rule was added, what the total risk of the issue is, how many systems are impacted, and if an Ansible playbook is available to remediate the issue.
I can expand the issue, then see a summary of the issue itself, a link to the knowledgebase article, the total risk, as well as the risk of making the change. Again, the total risk and risk of making the change are set by Red Hat based on our experiences fixing these issues for other customers.
Click on the title of the risk to start the process of addressing the issue.
This will show you the same initial information that you saw when you expanded the risk, and it will also list each host that is impacted by this risk. You can start the remediation process from here, but before you do that, click a system that is impacted by this issue to see a little more information.
Looking at this from the system view you can see why this rule was tripped--in this case a specific version of the dnsmasq package is in use, dnsmasq is enabled, and dnsmasq is running. You can also see the specific steps that you need to take to resolve the issue--in this case update the package and restart the service. This is why we call Insights a prescriptive analytics tool--we tell you step by step how to fix the issue.
Go back to the previous view where you saw all the systems impacted by the rule, then use the thread at the top of the page or just click your browser’s back button. If you want to automate the fix via Ansible Automation, simply click the impacted hosts where you want to fix the risk and then click the “Remediate with Ansible” button.
This will first ask if you want to create a new playbook, or add this fix to an existing playbook. If this is your first playbook then you will only be able to create a new playbook. Give your playbook a name and click next.
If the issue has multiple possible fixes then you may be prompted for how you would like to perform the fix. This might be the choice between updating a package or just updating a config file. You will then get a summary of the playbook actions and will be able to create the playbook.
Once you have created the playbook a link will appear at the top-right corner of the screen, or you can use the left navigation bar and click Remediations, then select your playbook.
You can see all of the actions in your playbook as well as the hosts affected by each action.
At this point you have identified an issue using Insights, you have created a playbook to remediate the issue, so the only thing left is to download the playbook and run it.
Download the playbook by clicking the “Download Playbook” button. This will download the playbook to your local machine in the form of a YAML (.yml) file. Chances are the machine you are using does not have Ansible installed, so you will need to transfer this .yml file to a host where Ansible is installed. This could be Ansible Engine or Ansible Tower - whatever is most convenient to you.
If you don’t yet have Ansible installed, or have an Ansible subscription, you can still use this functionality. RHEL includes a limited supported version of Ansible Engine that is provided with your Red Hat Enterprise Linux subscription. Follow the instructions on How do I Download and Install Red Hat Ansible Engine.
Once you have Ansible up and running, and the playbook is on the host where Ansible is installed, all you have to do is run the playbook. If using Ansible Engine you just call the
ansible-playbook playbook name.yml command. Once complete this should fix the issues referenced in the playbook.
The last step of the Insights generated playbook is to generate a new Insights report which will update the interface for Insights, so any fixed issues should no longer be listed.
That was a bunch of details and screenshots, so we also have an Introduction to Red Hat Insights video that covers the basics of Insights and shows how to resolve a critical issue.
Recap & Summary
Red Hat Insights works off of an intelligent rules engine, comparing system configuration information to rules in order to identify issues, often before a problem occurs.
Red Hat has more than 20 years experience supporting Red Hat products. Give Insights a try and you might be amazed at what you discover and how easy it is to identify and resolve issues in your environment.
Insights is included with your RHEL subscription, so if you’re not already using Insights, give it a try today!