Selecione um idioma
Hopefully by now, you are already familiar with Red Hat Insights, which is included as part of the Red Hat Enterprise Linux subscription. If not, Insights is a group of services offered by Red Hat for operational efficiency and security risk management of Red Hat Enterprise Linux (RHEL) environments. It helps provide visibility into existing configuration problems, vulnerability risks, and your industry compliance posture, as well as necessary patches and recommendations on how to resolve issues discovered.
To resolve the issues that Insights finds, you can either follow the manual steps listed for each system or in many cases you can dynamically generate an Ansible playbook to help you automate the remediation process.
If you haven’t already started with Insights, it is pretty simple to get started and you can probably register a system and see results faster than you can read this blog post.
If you have already started with Insights, you may be interested to know that you can fix the issues that Insights finds and generates playbooks for, with the push of a button from the Insights dashboard on cloud.redhat.com.
While Insights is included with the Red Hat Enterprise Linux subscription, the ability to turn the Insights findings into action efficiently and at scale requires an additional subscription to Red Hat Smart Management which includes Red Hat Satellite. The Smart Management subscription is the way to get Satellite, so if you are already a Satellite user, then you have Smart Management and have the subscriptions that you need.
As of Summit 2020, the Smart Management subscription includes Satellite as well as a new technology named Cloud Connector. Cloud Connector provides direct integration between Red Hat Insights and your Red Hat Satellite infrastructure. This is the technology that enables push-button remediation of the risks that Insights identifies and is a great way to save more time. Cloud Connector requires the latest release of Satellite, version 6.7. It also requires that the Satellite Inventory plug-in is installed. Without Cloud Connector, if you create a remediation playbook it looks like the image below, except the Download playbook button will be grayed out.
With Cloud Connector setup and configured, a new button is enabled in cloud.redhat.com — Execute playbook. This download playbook button that will dynamically generate an Ansible playbook and download it to your local hosts — allowing you to push a button to remediate risks on your Red Hat Enterprise Linux hosts.
When you click the Execute playbook button, Insights runs a quick "pre-flight check" to validate the connection to the Satellite, and to let you know if there are hosts that we cannot remediate because they are not connected to a Satellite host via Cloud Connector.
Enough of the background information — let’s get you set up with Connector!
Cloud Connector Setup
Cloud Connector is configured within Satellite 6.7 or greater. The first thing to do is to identify a user that you want to use to run playbooks from Insights. This does need to be an "Administrator" level user because executing these playbooks may do anything from minor config file changes to updating the kernel and rebooting the hosts. This can be an existing user, but I would recommend a purpose created account.
If you prefer to see this in video format, check out the Setup and use of Cloud Connector to integrate Insights with Satellite 6.7 video.
Step 1: Create a user account for Cloud Connector
From within Satellite, from the left-hand menu bar click Administer then Users and click "Create User".
Provide details for the user such as a username and a password.
Click the Locations and Organization tabs at the top to make sure that the user has access to the correct Locations and Organizations. Then click the Roles tab and select the Administrator checkbox.
Click Submit to save the user.
Step 2: Run the Configure Cloud Connector Job Template
Note: In the Satellite screenshots notice that the "RH Cloud" menu item is shown. This indicates that the Satellite Inventory plug-in is installed. If you do not see this menu item, stop and make sure that this plugin is installed before you configure Cloud Connector. Full documentation is available in "Configuring your Satellite infrastructure to communicate with Insights."
Once you have a user identified, you will need to run the "Configure Cloud Connector" job template. Again, this template is only available on Satellite 6.7 (and future versions).
On the left hand menu bar, select Hosts, then All Hosts. Locate and select your Satellite host.
Click the Schedule Remote Job button.
Within the Job invocation page, from the Job category dropdown select Ansible Playbook. From the Job template dropdown select Configure Cloud Connector. In the satellite_user field enter the username you created or selected for Cloud Connector to use, and in the satellite_password field supply the password for the account. Click Submit.
The Configure Cloud Connector job takes several minutes to run. In my environment it took roughly two minutes to complete.
You can see the job details in Monitor then Tasks and review the Action named "Run hosts job: Configure Cloud Connector."
Once the job successfully completes, cloud.redhat.com is connected via API to your Red Hat Satellite. You will need to also complete these steps on any additional Satellite hosts that you want to use. Multiple Satellites are absolutely supported.
Step 3: Create a Remediation plan in Insights
If you have been using Insights for a while, then you have likely created one or more Remediations. These are visible in the Remedations service. If you are brand new to Insights then you would need to create a remediation plan on one of more of the hosts that are connected to the Satellite that you just configured.
If you have not used this before, check out the blog: Redefining RHEL: Introduction to Red Hat Insights. This blog walks through the process of creating a remediation plan.
Step 4: Execute playbook via the Remediations Service
Note: If you are using cloud.redhat.com Role Based Access Control (RBAC), you will need to make sure your user in Insights has the Remediations Administrator role. Refer to the blog: New Role Based Access Control for Red Hat Insights for additional information.
Once you have the remediation plan and Cloud Connector configured, it’s time to fix what you’ve found. As shown earlier, the Remediations page should show an Execute Playbook button.
Clicking this button will run a check to be sure that the systems are connected to a Satellite and will highlight if there is something that needs to be fixed manually. In the previous example the Remediation plan has four hosts, three of which are connected via a Satellite and one which is directly connected to Insights.
The host that is directly connected to Insights will not be able to be fixed via Cloud Connector as that host is not connected via Satellite.
Clicking the "execute playbook on 3 systems" button will push the playbook to the connected Satellite over port 443. Typically port 443 is already open to Satellite as this is a common port for accessing content from the Red Hat Content Delivery Network (CDN) and Red Hat Subscription Manager (RHSM). If the host is connected via a Capsule, the playbook will be pushed from the Satellite to the Capsule and Ansible remote execution will execute the playbook on the host.
When you click the Execute playbook button, the Remediations page will show you the activity in the playbook summary.
You can click the View button, then click one of the Satellite hosts and view the playbook run as it progresses.
When the playbooks complete the Latest activity will be updated.
Smart Management with Satellite 6.7 and Cloud Connector helps you take the risks identified in Insights and turn them into action right through the Insights dashboard. If you already have Red Hat Satellite 6.7 then we encourage you to take a look at Cloud Connector and Insights. If you aren’t yet using Red Hat Insights, please review the Insights resources references in this article or talk to your Red Hat account team or sales representative about getting started.
About the author
John Spinks is a Senior Principal Technical Marketing Manager for Red Hat. He acts as a subject matter expert for Red Hat Management products including Satellite and Insights. Previous experience includes almost 10 years as a Technical Marketing Engineer for NetApp in RTP, NC.