Remediating issues across your Red Hat Satellite infrastructure using Red Hat Insights

Red Hat Insights 2020-04

A guide to remediating RHEL system issues throughout your Satellite infrastructure from the Red Hat Insights application

Red Hat Customer Content Services

Abstract

This guide is for Red Hat Insights users who want to remediate issues on RHEL systems managed by Red Hat Satellite.
Providing Feedback: If you have a suggestion to improve this documentation, or find an error, submit a Bugzilla report at http://bugzilla.redhat.com. Select the Cloud Software Services (cloud.redhat.com) product and use the Documentation component.

Preface

Red Hat Insights analyzes Red Hat Enterprise Linux systems and recommends actions to remediate issues on those systems, and helps you create Ansible Playbooks to automate remediations.

If you use Red Hat Satellite to manage your systems, you can upload your host inventory from Satellite to cloud.redhat.com so that Insights can report issues on your Satellite-managed hosts. You can then create and run remediation playbooks to fix issues on hosts across multiple Satellite Servers directly from cloud.redhat.com.

Chapter 1. Configuration overview

To remediate issues across your Satellite infrastructure, complete the following steps:

Prerequisites

  • Remediations Cloud Connector requires a Red Hat Smart Management subscription.
  • Satellite must be version 6.7 or later.
  • You must have permissions to create and execute playbooks from the Red Hat Insights Remediations service.
  • Import a Subscription Manifest into Satellite. Only hosts in organizations with a valid Red Hat certificate can be connected to cloud.redhat.com. For more information, see Importing a Subscription Manifest into Satellite Server in the Red Hat Satellite Content Management Guide.
  • Register your hosts to Satellite using an activation key to attach Red Hat subscriptions. For more information, see Registering Hosts in the Red Hat Satellite Managing Hosts guide.
  • Enable remote execution on your hosts so that Satellite can run remediation playbooks on them. For more information, see Distributing SSH Keys for Remote Execution in the Red Hat Satellite Managing Hosts guide.

Chapter 2. Configuring your Satellite infrastructure to communicate with Insights

Before you can remediate issues in your Satellite infrastructure, you must connect your hosts to Insights and configure Cloud Connector on Satellite Server.

2.1. Uploading your host inventory from Satellite to Insights

Use this procedure to upload your host inventory from Red Hat Satellite to Red Hat Insights.

Prerequisites

  • Register your hosts to Satellite using an activation key to attach Red Hat subscriptions.

Procedure

  1. On Satellite Server, enter the following satellite-installer command to enable the Inventory plug-in:

    # satellite-installer \
    --enable-foreman-plugin-inventory-upload \
    --foreman-proxy-plugin-remote-execution-ssh-install-key true

    The --foreman-proxy-plugin-remote-execution-ssh-install-key true option installs an SSH key for the root user on Satellite Server, so that Satellite can use remote execution on itself. Note that this allows all Satellite users with the create_job_invocation permission to run commands over SSH as root on Satellite Server. If required, you can generate and install this key manually instead of using this option.

  2. In the Satellite web UI, navigate to RH Cloud > Inventory Upload and select your organization.
  3. Click Restart to upload your host inventory to Red Hat Insights.

    Repeat this step for each organization from which you want to upload a host inventory.

To verify that the upload was successful, log in to https://cloud.redhat.com/insights/inventory/ and search for your hosts.

2.2. Installing the Insights client on hosts managed by Satellite

Use this procedure to install the Insights client on each of your hosts.

Prerequisites

  • Register your hosts to Satellite using an activation key to attach Red Hat subscriptions.

Procedure

  1. Install the Insights client:

    # yum install insights-client
  2. Register the host to Insights:

    # insights-client --register

Repeat these steps on each host.

Alternatively, you can use the RedHatInsights.insights-client Ansible role to install the Insights client and register the hosts. For more information, see Using Red Hat Insights with Hosts in Satellite in the Red Hat Satellite Managing Hosts guide.

2.3. Configuring Cloud Connector on Satellite Server

Before you can run remediation playbooks on your Satellite infrastructure, you must install Cloud Connector on Satellite Server. Cloud Connector manages the communication between Satellite and the Red Hat Insights service at cloud.redhat.com. Satellite provides an Ansible playbook to automate the configuration of Cloud Connector.

Use this procedure to install and configure Cloud Connector. Create a service user that Cloud Connector will use to trigger remediation jobs on Satellite, then run the Cloud Connector installation playbook. You must repeat this procedure for each Red Hat account managed by Satellite.

Procedure

  1. In the Satellite web UI, navigate to Administer > Users and click Create User.
  2. Enter a Username for the service user.
  3. From the Authorised by list, select INTERNAL.
  4. Enter and verify a password for the service user.
  5. Click the Organizations tab and select all the organizations that are part of the same Red Hat account.
  6. Ensure that the Default on login field is blank.
  7. Click the Roles tab and select the Administrator check box.
  8. Click Submit.
  9. Navigate to Hosts > All Hosts and click the name of the Satellite Server host.
  10. Click Schedule Remote Job.
  11. From the Job Category list, select Ansible Playbook.
  12. From the Job Template list, select Configure Cloud Connector.
  13. In the satellite_user field, enter the name of the service user.
  14. In the satellite_password field, enter the password of the service user.
  15. Click Submit.
  16. Until BZ#1828257 is resolved, you must manually add the following lines to the /etc/systemd/system/receptor@.service file so that the service can still run after a restart:

    [Install]
    WantedBy=multi-user.target

To verify that the playbook was successful, log into https://cloud.redhat.com/settings/sources/ and search for your Satellite Server.

If you add an organization for a new Red Hat account to Satellite, repeat these steps to configure a Cloud Connector instance for the new account.

If you add an organization to an existing Red Hat account on Satellite, edit that account’s service user to include the new organization.

If you remove an organization, and there are no more organizations under the same Red Hat account, you can remove the Cloud Connector instance for that account by running the following commands:

# systemctl disable --now receptor@rh_<accountID>
# rm -rf /etc/receptor/rh_<accountID>

Chapter 3. Remediating issues on RHEL systems managed by Satellite

Use Insights to create a remediations playbook, and execute that playbook on your Satellite systems from the Insights UI.

3.1. Using Insights to create a remediations playbook

You can use Insights to create an Ansible Playbook for system remediation across your Satellite infrastructure.

Procedure

  1. Log in to your cloud.redhat.com account and open Red Hat Insights.
  2. Perform one of the following actions to see what fixes are available.

    • Click the Advisor > Recommendations > Recommendations tab to view a list of the recommended fixes.

      Note

      Verify that the selected remediation item has a green check mark in the Ansible column, which means you create an Ansible Playbook to remediate the issue.

    • Click the Vulnerability > CVEs tab to view a list of CVEs.
  3. After selecting Advisor > Recommendations or Vulnerability > CVEs, click on one of the listed remediation items.

    An Affected systems list appears that shows you which systems might need the remediation applied.

  4. From the list, click the check box to select the systems you want to remediate. When you select the systems, the Ansible Remediate button becomes active.
  5. Click the Ansible Remediate button to create an Ansible Playbook. You can choose to create a new playbook or modify an existing playbook.

3.2. Executing the remediations playbook

You can execute an Ansible Playbook that you created to apply remediations to your Satellite-managed systems.

Note

Only users who are assigned the Remediations administrator role can execute an Ansible Playbook. For information on how to manage and assign user roles, see the User Access Configuration Guide for Red Hat Insights.

Procedure

  1. Navigate to Insights > Remediations. A list of available playbooks appears.
  2. Click the name of the playbook that you want to execute. A summary window displays information about the actions in the playbook.
  3. In the summary window you can switch states of the auto reboot. If it is enabled you can turn it off and if it is disabled you can turn it on.

    Note

    The selection to Turn off auto reboot applies to the playbook and not individual systems. If multiple systems use the playbook, the auto reboot choice of enabled or disabled applies to all systems and cannot be individually toggled.

  4. (Optional) You can select specific actions in the confirmation window and delete them.
  5. Click the Execute Playbook button. A confirmation window appears and asks for a final confirmation to execute the playbook. You can view the readiness state for the target systems.
  6. In the confirmation window, click the button Execute Playbook on X systems to start running the playbook. The X represents the number of systems.

3.3. Using Insights to monitor remediation status

You can view the remediation status for each playbook that you execute from the Insights Remediations service. The status information tells you the results of the latest activity and provides a summary of all activity for playbook execution. You can also view log information for playbook execution.

Prerequisites

  • Create and execute a remediation playbook.

Procedure

  1. In the Red Hat Insights application, click the Remediations tab. The tab window displays a list of remediation playbooks.
  2. Click on the name of a playbook. Additional choices are displayed for the latest playbook activity and all playbook activity.
  3. Click View in the Playbook summary area to see results of the latest activity for the playbook execution.
  4. Click the Activity tab to see information about all activity for the playbook.
  5. When you hover on any item in the Status column, a pop-up box appears with summary information for Run, Failed, and Pending activity.
  6. Click the expand button next to a Run on entry to show additional activity for each connection on that run. A "Results by connection" window appears.
  7. Under the Connection heading, click a connection name. A Name list appears.
  8. Click on the expand button next to an entry in the Name list. A Playbook log appears.

    Note

    You can view the Playbook log while a playbook is executing to see near real time information on the execution status.

To monitor the status of a playbook in the Satellite web UI, see Monitoring Remote Jobs in the Red Hat Satellite Managing Hosts guide.

Legal Notice

Copyright © 2020 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.