Red Hat logo

How to use Red Hat Insights to maintain your Linux systems
Red Hat Insights provides you with information on updates, vulnerabilities, configuration problems, and more.

Posted: February 8, 2021 by Peter Gervase (Sudoer)

Hands with pen and notebooks

Photo by cottonbro from Pexels

Red Hat Insights is a Software-as-a-Service (SaaS) product that helps administrators report on applicable errata and known configuration issues as well as proactively identify security issues. Insights makes you aware of potential service-impacting problems before they happen, letting you plan how to address them before there is an issue that might affect production. Access to Red Hat Insights is included with every Red Hat Enterprise Linux (RHEL) subscription, so there is nothing extra to buy. This article covers the basics of how to register with Red Hat Insights, how to use it, and a couple of examples to demonstrate its remediation capabilities.

Installing Insights

To begin, the directions step you through the process of getting started with Insights. This interactive page asks you how you want to register your systems and provides appropriate guidance. The output below is from my server registered to the Red Hat customer portal. To begin with, make sure that the insights-client RPM is installed:

[root@opendemo ~]# rpm -q insights-client
insights-client-3.0.14-3.el7_9.noarch

That RPM is included in the base RHEL repo, and for RHEL 8 systems, it is typically already installed. However, if it isn't installed on your system, use this command to install it:

# yum install insights-client

[ You might also like: Red Hat Insights: Your very own security consultant ]

Registering the new system

Once the package is installed, you can manually register the system:

[root@opendemo ~]# insights-client --register
Successfully registered host opendemo
Automatic scheduling for Insights has been enabled.
Starting to collect Insights data for opendemo
Uploading Insights data.
Successfully uploaded report from opendemo to account <redacted>.
View the Red Hat Insights console at https://cloud.redhat.com/insights/

[root@opendemo ~]#

To see your system in the Insights console, go to Red Hat Insights and then click the link on the left side for the inventory. You just registered your system, so it should be at the top of the list, but if not, you can filter for the hostname. Clients can be registered directly to the Customer Portal, to a Red Hat Satellite server, or through a proxy server. Independent of where your client was registered, you will see it listed at cloud.redhat.com, as long as it has network connectivity to the public internet.

Remediating the system

At this point, you're ready to start investigating the findings and remediating what is appropriate. Look at the Insights dashboard to see the issues detected on the host you registered, and choose one that you want to fix. For this demonstration, I use the PassengerMinInstances setting for Apache that was detected by Insights. In this case, you see a misconfiguration not on RHEL but on one of the workloads running on a RHEL server, Red Hat Satellite. Insights Advisor service calls these topics. In this example, for Satellite, the Insights team has taken common best practices and built them into recommendations. Even though you're looking at this Satellite topic, there are also topics for other (Non-Red Hat) workloads such as AWS, Azure, SAP, and SQL.

Detected issues in Satellite

To resolve this, check the box:

Resolve issues by checking Decreased performance box

And then click the Remediate button at the top of the page:

Select the Remediate button

You're presented with a screen to either add this to an existing playbook or create a new playbook. In this case, make a new playbook and then click Next:

Select to Create new playbook

A reboot is required, and so you need to approve that:

Select Autoreboot

You can click the Remediations link on the left side of the page to review this new playbook and the previous playbook that you've created. At this point, you can download the playbook and run it using Ansible in any method you prefer. In this environment, I have Smart Management and Satellite. I've configured an optional component called Cloud Connector, which connects Satellite and cloud.redhat.com so I can fix issues right from within Insights. This requires some additional configuration that isn't mentioned in this article.

Since this is enabled, I have the Execute playbook button available.

Now it's time to run the remediation. Click the blue Execute playbook button and then click Execute playbook on 1 system. Optionally, click the Download playbook button if you want to review what will happen first. When you start the job, you'll see its status:

Job status displayed

When it finishes, you'll see the updated status:

Job succeeded

Using Satellite

The above steps have shown you how to register systems and then view them at cloud.redhat.com. To use Insights from within your Red Hat Satellite server, the process is similar. However, cloud.redhat.com has a variety of capabilities as part of Insights, but from inside of the Satellite, it has only the Advisor service. For this example, my client will be ansibleclient, and it is registered to my Satellite server opendemo. Just like having a client registered to the Customer Portal and using Insights there, my client needs to have the insights-client RPM installed and the insights-client --register command run.

If you deploy Insights at scale, there are Ansible playbooks and Puppet modules available to make this simpler than manually registering each system to Insights. Additionally, if you are a Satellite user, Satellite has a built-in Ansible role to deploy and register Insights to hosts. To use that, follow these steps.

First, be sure the Satellite has the correct repo enabled:

# subscription-manager repos --enable=rhel-7-server-extras-rpms

Then install the roles package:

# satellite-maintain packages install rhel-system-roles

At this point, you can see the roles in the Satellite system:

[root@opendemo ~]# ls /usr/share/ansible/roles/
linux-system-roles.kdump    linux-system-roles.selinux   project-receptor.satellite_receptor_installer  rhel-system-roles.network  rhel-system-roles.storage
linux-system-roles.network  linux-system-roles.storage   RedHatInsights.insights-client                 rhel-system-roles.postfix  rhel-system-roles.timesync
linux-system-roles.postfix  linux-system-roles.timesync  rhel-system-roles.kdump                        rhel-system-roles.selinux  theforeman.foreman_scap_client

[root@opendemo ~]#

In the WebUI of the Satellite, mouse over Configure and then click on Roles for Ansible. If you haven't imported any roles, you'll see a message saying that, and you'll need to click the blue button to import them:

Import ansible roles

After that, check the box for RedHatInsights.insights-client and then click Submit:

Confirm submit changes

You can then assign the Ansible role to a client by editing the client:

Assign role to an Ansible client

After saving that, you can schedule a remote job to run the Ansible roles job. At that point, your client will get registered to Insights:

[root@ansibleclient ~]# insights-client --status
System is NOT registered locally via .registered file. Unregistered at 2020-11-30T09:25:46.771856
Insights API says this machine was unregistered at 2020-11-30T14:25:46.000Z

[root@ansibleclient ~]# insights-client --status
System is registered locally via .registered file. Registered at 2020-11-30T10:47:06.453351
Insights API confirms registration.

[root@ansibleclient ~]#

You can confirm the system has been registered with Insights in the Satellite server by hovering over Insights in the Satellite's WebUI and then clicking Inventory. Again, from inside of Red Hat Satellite, you see only the Advisor service. Other services, such as Vulnerability, Compliance, and Drift, are available from only cloud.redhat.com.

At this point, go to your Satellite's WebUI and then the Actions for Insights. Here, you can see that there is an action available for SMBloris:

Action for SMBloris

Check the box and then click the dropdown for Actions:

Dropdown menu for available Actions

Create a new plan and click Save. You can then see the targeted systems for this remediation, and if you want, you can download the playbook before running it:

Download playbook

When you click Run Playbook, you can see the task in Satellite:

Task displayed in Satellite UI

After a minute or two, it shows a 100% Success message:

Task successful

Confirm that the smb.conf file was corrected:

[root@ansibleclient ~]# diff /etc/samba/smb.conf /etc/samba/smb.conf-withsmbloris
16d15
< max smbd processes = 1000

[ Get this free book from Red Hat and O'Reilly - Kubernetes Operators: Automating the Container Orchestration Platform. ] 

Wrap up

This article introduced you to registering systems to use the services at cloud.redhat.com and then one approach to applying remediations for various issues. Using Red Hat Insights, you will be better equipped to proactively keep your Red Hat Enterprise Linux environment compliant, stable, and secure. Some of the other services offered at cloud.redhat.com are Red Hat OpenShift Cluster Manager, Automation Analytics for Red Hat Ansible Automation Platform, Subscription Watch, and Cost Management for Red Hat OpenShift.

Additional information on getting started with Red Hat Insights is available at:

Topics:   Linux   Linux administration   Insights  
Author’s photo

Peter Gervase

I am a Senior Principal Security Architect at Verizon. Before that, I worked at Red Hat in various roles such as consulting and in the Solutions Architect where I specialized in Smart Management, Ansible, and OpenShift. More about me

Try Red Hat Enterprise Linux

Download it at no charge from the Red Hat Developer program.

Related Content