Using Cloud Connector to remediate issues across your Red Hat Satellite infrastructure
A guide to remediating RHEL system issues throughout your Satellite infrastructure from the Red Hat Insights application
Red Hat Insights analyzes Red Hat Enterprise Linux systems and recommends actions to remediate issues on those systems, and helps you create Ansible Playbooks to automate remediations.
If you use Red Hat Satellite to manage your systems, you can upload your host inventory from Satellite to cloud.redhat.com so that Insights can report issues on your Satellite-managed hosts. You can then create and run remediation playbooks to fix issues on hosts across multiple Satellite Servers directly from cloud.redhat.com.
Chapter 1. Configuration overview
To remediate issues across your Satellite infrastructure, complete the following steps:
- Remediations Cloud Connector requires a Red Hat Smart Management subscription.
- Satellite must be version 6.7 or later.
- You must have permissions to create and execute playbooks from the Red Hat Insights Remediations service.
- Import a Subscription Manifest into Satellite. Only hosts in organizations with a valid Red Hat certificate can be connected to cloud.redhat.com. For more information, see Importing a Subscription Manifest into Satellite Server in the Red Hat Satellite Content Management Guide.
- Register your hosts to Satellite using an activation key to attach Red Hat subscriptions. For more information, see Registering Hosts in the Red Hat Satellite Managing Hosts guide.
- Enable remote execution on your hosts so that Satellite can run remediation playbooks on them. For more information, see Distributing SSH Keys for Remote Execution in the Red Hat Satellite Managing Hosts guide.
Chapter 2, Configuring your Satellite infrastructure to communicate with Insights. Use the following procedures to configure Satellite and its hosts to communicate with Insights:
Chapter 3, Remediating issues on RHEL systems managed by Satellite. Use the following procedures when you need to fix an issue across your Satellite infrastructure:
Chapter 2. Configuring your Satellite infrastructure to communicate with Insights
Before you can remediate issues in your Satellite infrastructure, you must connect your hosts to Insights and configure Cloud Connector on Satellite Server.
2.1. Uploading your host inventory from Satellite to Insights
Use this procedure to upload your host inventory from Red Hat Satellite to Red Hat Insights.
- Register your hosts to Satellite using an activation key to attach Red Hat subscriptions.
On Satellite Server, enable the Inventory plug-in. Note that the
--foreman-proxy-plugin-remote-execution-ssh-install-key trueoption installs an SSH key for the
rootuser on Satellite Server, so that Satellite can use remote execution on itself. This allows all Satellite users with the
create_job_invocationpermission to run commands over SSH as
rooton Satellite Server. If required, you can generate and install this key manually instead of using this option.
On Satellite Server 6.8 and later, enter the following command:
# satellite-installer \ --enable-foreman-plugin-rh-cloud \ --foreman-proxy-plugin-remote-execution-ssh-install-key true
On Satellite Server 6.7 and earlier, enter the following command:
# satellite-installer \ --enable-foreman-plugin-inventory-upload \ --foreman-proxy-plugin-remote-execution-ssh-install-key true\ --upgrade
- In the Satellite web UI, navigate to Configure > Inventory Upload and select your organization.
Click Restart to upload your host inventory to Red Hat Insights.
Repeat this step for each organization from which you want to upload a host inventory.
Optional: Toggle the Auto upload switch to the ON position to enable Satellite to automatically upload your host inventory once a day. Toggle the Obfuscate host names switch to the ON position to hide host names that Satellite reports to Red Hat Cloud.
Auto upload and Obfuscate host names are global settings. They affect hosts that belong to all organizations.
To verify that the upload was successful, log into https://cloud.redhat.com/insights/inventory/ and search for your hosts.
2.2. Installing the Insights client on hosts managed by Satellite
Use this procedure to install the Insights client on each of your hosts.
- Register your hosts to Satellite using an activation key to attach Red Hat subscriptions.
Install the Insights client:
# yum install insights-client
Register the host to Insights:
# insights-client --register
Repeat these steps on each host.
Alternatively, you can use the RedHatInsights.insights-client Ansible role to install the Insights client and register the hosts. For more information, see Using Red Hat Insights with Hosts in Satellite in the Red Hat Satellite Managing Hosts guide.
2.3. Configuring Cloud Connector on Satellite Server
Before you can run remediation playbooks on your Satellite infrastructure, you must install Cloud Connector on Satellite Server. Cloud Connector manages the communication between Satellite and the Red Hat Insights service at cloud.redhat.com. Satellite provides an Ansible playbook to automate the configuration of Cloud Connector.
Use this procedure to install and configure Cloud Connector. Create a service user that Cloud Connector will use to trigger remediation jobs on Satellite, then run the Cloud Connector installation playbook. You must repeat this procedure for each Red Hat account managed by Satellite.
- In the Satellite web UI, navigate to Administer > Users and click Create User.
- Enter a Username for the service user.
- From the Authorised by list, select INTERNAL.
- Enter and verify a password for the service user.
- Click the Organizations tab and select all the organizations that are part of the same Red Hat account.
- Ensure that the Default on login field is blank.
- Click the Roles tab and select the Administrator check box.
- Click Submit.
- Navigate to Hosts > All Hosts and click the name of the Satellite Server host.
- Click Schedule Remote Job.
- From the Job Category list, select Ansible Playbook.
- From the Job Template list, select Configure Cloud Connector.
- In the satellite_user field, enter the name of the service user.
- In the satellite_password field, enter the password of the service user.
- Click Submit.
Until BZ#1828257 is resolved, you must manually add the following lines to the
/etc/systemd/system/receptor@.servicefile so that the service can still run after a restart:
To verify that the playbook was successful, log into https://cloud.redhat.com/settings/sources/ and search for your Satellite Server.
If you add an organization for a new Red Hat account to Satellite, repeat these steps to configure a Cloud Connector instance for the new account.
If you add an organization to an existing Red Hat account on Satellite, edit that account’s service user to include the new organization.
If you remove an organization, and there are no more organizations under the same Red Hat account, you can remove the Cloud Connector instance for that account by running the following commands:
# systemctl disable --now receptor@rh_<accountID> # rm -rf /etc/receptor/rh_<accountID>
2.4. Configuring Red Hat Insights Synchronization on Satellite
You can use Red Hat Insights synchronization to provide Red Hat Insights recommendations for Satellite-managed hosts.
Use this procedure to configure Insights synchronization on Red Hat Satellite.
- Generate an RHSM API token at https://access.redhat.com/management/api.
- Copy the token to Red Hat Cloud token setting in the Satellite web UI. To do so, navigate to Administer > Settings and click the RH Cloud tab. Then, in the Red Hat Cloud token setting value, paste the token and click save.
- Navigate to Configure > Insights to synchronize Red Hat Insights recommendations manually by clicking the Sync now button. Optionally, toggle the Synchronize Automatically switch to the ON position to enable Red Hat Satellite to download Insights recommendations available on cloud.redhat.com automatically once a day.
You have now configured Red Hat Insights Synchronization on Satellite.
In the Satellite web UI, navigate to Hosts > All Hosts to see Red Hat Insights recommendations for each Satellite-managed host. For more information about remediating issues on RHEL systems managed by Satellite, see Chapter 3, Remediating issues on RHEL systems managed by Satellite.
Chapter 3. Remediating issues on RHEL systems managed by Satellite
Use Insights to create a remediations playbook, and execute that playbook on your Satellite systems from the Insights UI.
3.1. Using Insights to create a remediations playbook
You can use Insights to create an Ansible Playbook for system remediation across your Satellite infrastructure.
- Log in to your cloud.redhat.com account and open Red Hat Insights.
Perform one of the following actions to see what fixes are available.
Click the Advisor > Recommendations > Recommendations tab to view a list of the recommended fixes.Note
Verify that the selected remediation item has a green check mark in the Ansible column, which means you create an Ansible Playbook to remediate the issue.
- Click the Vulnerability > CVEs tab to view a list of CVEs.
After selecting Advisor > Recommendations or Vulnerability > CVEs, click on one of the listed remediation items.
An Affected systems list appears that shows you which systems might need the remediation applied.
- From the list, click the check box to select the systems you want to remediate. When you select the systems, the Ansible Remediate button becomes active.
- Click the Ansible Remediate button to create an Ansible Playbook. You can choose to create a new playbook or modify an existing playbook.
3.2. Executing the remediations playbook
You can execute an Ansible Playbook that you created to apply remediations to your Satellite-managed systems.
Only users who are assigned the Remediations administrator role can execute an Ansible Playbook. For information on how to manage and assign user roles, see the User Access Configuration Guide for Red Hat Insights.
- Navigate to Insights > Remediations. A list of available playbooks appears.
- Click the name of the playbook that you want to execute. A summary window displays information about the actions in the playbook.
In the summary window you can switch states of the auto reboot. If it is enabled you can turn it off and if it is disabled you can turn it on.Note
The selection to Turn off auto reboot applies to the playbook and not individual systems. If multiple systems use the playbook, the auto reboot choice of enabled or disabled applies to all systems and cannot be individually toggled.
- (Optional) You can select specific actions in the confirmation window and delete them.
- Click the Execute Playbook button. A confirmation window appears and asks for a final confirmation to execute the playbook. You can view the readiness state for the target systems.
- In the confirmation window, click the button Execute Playbook on X systems to start running the playbook. The X represents the number of systems.
3.3. Using Insights to monitor remediation status
You can view the remediation status for each playbook that you execute from the Insights Remediations service. The status information tells you the results of the latest activity and provides a summary of all activity for playbook execution. You can also view log information for playbook execution.
- Create and execute a remediation playbook.
- In the Red Hat Insights application, click the Remediations tab. The tab window displays a list of remediation playbooks.
- Click on the name of a playbook. Additional choices are displayed for the latest playbook activity and all playbook activity.
- Click View in the Playbook summary area to see results of the latest activity for the playbook execution.
- Click the Activity tab to see information about all activity for the playbook.
- When you hover on any item in the Status column, a pop-up box appears with summary information for Run, Failed, and Pending activity.
- Click the expand button next to a Run on entry to show additional activity for each connection on that run. A "Results by connection" window appears.
- Under the Connection heading, click a connection name. A Name list appears.
Click on the expand button next to an entry in the Name list. A Playbook log appears.Note
You can view the Playbook log while a playbook is executing to see near real time information on the execution status.
To monitor the status of a playbook in the Satellite web UI, see Monitoring Remote Jobs in the Red Hat Satellite Managing Hosts guide.