One of the most important aspects of system security is keeping systems up to date with patches. Many organizations have hundreds or thousands of Red Hat Enterprise Linux (RHEL) servers in their environments, so keeping track of patches on servers can be challenging. If critical patches are missed on systems, it could result in the systems being compromised, having unscheduled downtime, or other issues.
Red Hat Insights is a software-as-a-service (SaaS) offering that is included with your Red Hat Enterprise Linux subscription. It includes several capabilities to help with various aspects of management. The Patch capability can help customers understand which advisories are applicable in their environments, and can help automate the process of patching via Ansible playbooks.
For example, if a Red Hat Security Advisory were issued, you could go into the Insights Patch dashboard to see a list of systems in your environment that are impacted. With a few clicks from within the Patch dashboard, you can generate an Ansible Playbook that can automate the advisory installation.
If you have Red Hat Smart Management, the Cloud Connector functionality lets you run the Ansible playbook right from the Insights web interface. Smart Management, Satellite and Cloud Connector are not required for use with Insights, and if you are in an environment without Satellite you can still utilize Insights Patch and generate Ansible playbooks that can be downloaded and manually run.
Prerequisites
The first step to using any of the Insights services, including Insights Patch, is to register your RHEL servers with Insights. See the Red Hat Insights Get Started documentation for information on how to register RHEL servers. And now there's an intuitive and interactive capability to register systems right on the Insights dashboard, under the left menu item called Register Systems.
If you have a large number of hosts to register, there are options to automate the Insights client registration process, and the previous two links contain more information on this.
If you would like to use the optional Smart Management Cloud Connector functionality, which allows you to initiate Ansible Playbook runs on your hosts from Insights via your Satellite 6.7 and above servers, follow the documentation to configure it.
Viewing applicable advistories
To view the applicable advisories on your systems, go to Insights Patch. Insights Patch offers two different views into patches, one from the advisory level, and one from the system level. You can select your preference in the menu on the left (see figure 1).
Figure 1. Partial view of the menu on the left
We’ll start in the Advisories section, which will show a list of advisories that impact one or more of the servers in the environment (see figure 2). You can optionally filter by the type of advisory, or the publish date by clicking on the filter dropdown. Clicking on any of the advisories will bring up its details, including a description, and a list of affected systems.
Figure 2. The view from the Advisories section
In this example, I clicked on the RHSA-2020:3010 advisory, and a list of systems that are affected by this advisory are shown, as shown in figure 3.
Figure 3. List of systems affected by the RHSA-2020:3010 advisory
To build an Ansible playbook to install this advisory, select the systems that should be patched (in this example, I selected all four systems), and click on the Remediate button. If you have any existing playbooks, you can either add to that playbook, or choose to create a new playbook, as shown in figure 4.
Important — Review and test any recommended actions in the playbook, and if you deem appropriate, deploy on your systems running Red Hat software. Red Hat is not responsible for any adverse outcomes related to these recommendations or Playbooks.
Figure 4. Menu to select if an existing playbook should be modified, or a new playbook created
In this example, I’ll create a new playbook, name it Install RHSA-2020:3010, then click Next.
On the next screen, it will be indicated if the advisory installation requires a system reboot, and you can specify if the playbook should automatically reboot the hosts or not, as shown in figure 5.
Figure 5. Menu showing if the patch requires a reboot, and if the playbook should auto reboot or not
After clicking the Create button, the playbook will be created.
Figure 6. Playbook was successfully created
Next, go to Remediations in the menu on the left part of the Insights web interface. From here, you can view the playbooks you’ve created, and can either download the playbooks, or if you have Smart Management's Cloud Connector configured, you can execute the playbooks right from Insights.
In this example, I have the Cloud Connector configured, so I will click on the Install RHSA-2020:3010 playbook, and then click on the Execute playbook button (see figure 7).
Figure 7. Option to execute playbook
After confirming the information presented, I’ll then click on Execute playbook on 4 systems, as shown in figure 8.
Figure 8. Executing the playbook on the systems
At this point, the playbook is run on the hosts via the sat67.example.com Satellite server’s Cloud Connector and the advisory is installed.
Progress of the Playbook execution is shown from the Insights web interface, as shown in figure 9.
Figure 9. Playbook summary and progress
Viewing Patches from the System Level
In the previous example, we used the Advisories section of Patch which shows a list of advisories that are applicable to one or more hosts in the environment. It is also possible to see patches at the system level by going to the Systems menu option under Patch in the menu on the left side of the Insights interface, as shown in figure 10.
Figure 10. Partial view of the menu on the left
From here, a list of systems will be displayed, along with a summary of the number of advisories that are applicable to the system, as well as the last time it was seen by Insights (see figure 11).
Figure 11. The view from the Systems section
If you would like to install all applicable advisories on a system, click on the dots on the right side of the table, and click on Apply all applicable advisories.
Or if a system is clicked on, a list of advisories applicable to that specific system are shown (see figure 12).
Figure 12. List of advisories applicable for a specific system
From here, advisories can be selected, and an Ansible playbook can be generated by clicking on the Remediate button.
Summary and Closing
Insights Patch is a useful way to keep track of which systems in your environment need to be patched. The ability to generate Ansible playbooks to install patches can also automate these tasks and save System Administrators time, especially when used with the optional Smart Management Cloud Connector functionality.
You can see a short presentation and live demo of the Patch capability from a recently recorded “Ask Me Anything” webinar. This webinar is part of a full series of technical webinars to help you get started with the new Red Hat Insights capabilities.
Sobre o autor
Brian Smith is a Product Manager at Red Hat focused on RHEL automation and management. He has been at Red Hat since 2018, previously working with Public Sector customers as a Technical Account Manager (TAM).
Navegue por canal
Automação
Saiba o que há de mais recente nas plataformas de automação incluindo tecnologia, equipes e ambientes
Inteligência artificial
Descubra as atualizações nas plataformas que proporcionam aos clientes executar suas cargas de trabalho de IA em qualquer ambiente
Serviços de nuvem
Aprenda mais sobre nosso portfólio de serviços gerenciados em nuvem
Segurança
Veja as últimas novidades sobre como reduzimos riscos em ambientes e tecnologias
Edge computing
Saiba quais são as atualizações nas plataformas que simplificam as operações na borda
Infraestrutura
Saiba o que há de mais recente na plataforma Linux empresarial líder mundial
Aplicações
Conheça nossas soluções desenvolvidas para ajudar você a superar os desafios mais complexos de aplicações
Programas originais
Veja as histórias divertidas de criadores e líderes em tecnologia empresarial
Produtos
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Red Hat Cloud Services
- Veja todos os produtos
Ferramentas
- Treinamento e certificação
- Minha conta
- Recursos para desenvolvedores
- Suporte ao cliente
- Calculadora de valor Red Hat
- Red Hat Ecosystem Catalog
- Encontre um parceiro
Experimente, compre, venda
Comunicação
- Contate o setor de vendas
- Fale com o Atendimento ao Cliente
- Contate o setor de treinamento
- Redes sociais
Sobre a Red Hat
A Red Hat é a líder mundial em soluções empresariais open source como Linux, nuvem, containers e Kubernetes. Fornecemos soluções robustas que facilitam o trabalho em diversas plataformas e ambientes, do datacenter principal até a borda da rede.
Selecione um idioma
Red Hat legal and privacy links
- Sobre a Red Hat
- Oportunidades de emprego
- Eventos
- Escritórios
- Fale com a Red Hat
- Blog da Red Hat
- Diversidade, equidade e inclusão
- Cool Stuff Store
- Red Hat Summit