Deploying Red Hat Insights on existing RHEL systems managed by Red Hat Update Infrastructure

Red Hat Insights 2021

Red Hat Customer Content Services

Abstract

The following guidance is for users who wish to deploy Insights for Red Hat Enterprise Linux on a provisioned Red Hat Enterprise Linux (RHEL) system managed by Red Hat Update Infrastructure (RHUI).

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Providing feedback on Red Hat Hybrid Cloud Console documentation

We appreciate your input on our documentation. Please let us know how we could make it better. To do so, create a Bugzilla ticket:

  1. Go to the Bugzilla website.
  2. As the Component, use Documentation.
  3. Fill in the Description field with your suggestion for improvement. Include a link to the relevant part(s) of documentation.
  4. Click Submit Bug.

1. Deployment of Insights for RHEL on cloud-marketplace RHEL managed by RHUI

This guide is for users who wish to deploy Insights for RHEL on an existing, cloud marketplace-purchased Red Hat Enterprise Linux} system managed by Red Hat Update Infrastructure (RHUI).

2. Insights for Red Hat Enterprise Linux deployment overview

To start using Insights for Red Hat Enterprise Linux, you must perform the following actions on each system you want to monitor and assess:

  • Install the client.
Note

Red Hat Enterprise Linux 8 (RHEL8) ships with Red Hat Insights preinstalled, so the Insights client installation procedure is not required on RHEL8 systems. All RHEL systems, no matter which version, must be registered with the Red Hat Insights service.

  • Configure the client to use basic authentication.
  • Register the system to Insights for RHEL.

2.1. Installing the client package

Note

The Insights client installation procedure is not required on Red Hat Enterprise Linux 8 (RHEL8) systems.

Install the client package on each system.

Procedure

  1. Enter the following command to install the current version of the Insights client package:

    [root@server ~]# yum install insights-client

2.2. Basic authentication overview

Insights for Red Hat Enterprise Linux can use two types of authentication to validate system access to the Insights for RHEL services. The default authentication method is through certificates. Certificates are generated when you register a system with Red Hat Subscription Manager (RHSM) or when your system is managed by Red Hat Network Satellite system management.

An alternative authentication method is through SSO credentials. A valid Red Hat SSO credential is created when you have a valid Red Hat Customer Portal user name. In order to use SSO credentials with Insights for Red Hat Enterprise Linux, you must configure your system to use basic authentication.

2.2.1. When to use basic authentication

You must use basic authentication in any of the following situations:

  • Your RHEL system is not registered with Red Hat Subscription Manager (RHSM).
  • Your Red Hat Enterprise Linux (RHEL) system is not managed by Red Hat Network Satellite services.
  • Your RHEL system is provisioned through a Red Hat Certified Cloud and Service Provider and is updated by Red Hat Update Infrastructure (RHUI).
  • Your RHEL system is from a cloud marketplace provider and not obtained through Red Hat Cloud Access program.
Note

If you have valid RHEL subscriptions for your system, you can switch between the default certificate-based authentication for Insights for RHEL and the basic authentication for Insights for RHEL. If you are configuring basic authentication on a new RHEL system, you must complete the basic authentication procedures before you can register the Insights for RHEL client application.

2.2.2. Configuration requirements for basic authentication

When you configure your system to use single sign-on (SSO) credentials for basic authentication instead of the default certificate-based authentication for Insights for Red Hat Enterprise Linux, you provide Red Hat SSO credentials. SSO credentials are a valid Red Hat Customer Portal user name and password.

To configure basic authentication, a plain-text username and password is stored in the configuration file. As a best practice, create a Red Hat Customer Portal account with SSO credentials that are used only for Insights for Red Hat Enterprise Linux basic authentication. This action avoids exposing the SSO credentials of individual users.

2.2.3. How to know if you must configure basic authentication

The following messages might appear when you attempt to register a system that does not have a Red Hat authentication certificate. If you see === End Upload URL Connection Test: FAILURE ===, configure your system for basic authentication.

insights-client --register
Running connection test...
Connection test config:
=== Begin Certificate Chain Test ===
depth=1
verify error:num=0
verify return:1
depth=0
verify error:num=0
verify return:1
=== End Certificate Chain Test: SUCCESS ===

=== Begin Upload URL Connection Test ===
HTTP Status Code: 401
HTTP Status Text: Unauthorized
HTTP Response Text:
Connection failed
=== End Upload URL Connection Test: FAILURE ===

=== Begin API URL Connection Test ===
HTTP Status Code: 200
HTTP Status Text: OK
HTTP Response Text: lub-dub
Successfully connected to: https://cert-api.access.redhat.com/r/insights/
=== End API URL Connection Test: SUCCESS ===

Connectivity tests completed with some errors
See /var/log/insights-client/insights-client.log for more details.

2.3. Configuring basic authentication

Insights client configuration is managed in /etc/insights-client/insights-client.conf. This file provides a configuration template for setting up basic authentication. The default configuration for certificate-based authentication is as follows:

auto_config=TRUE
authmethod=BASIC
username=<your customer portal username>
password=<your customer portal password>

Prerequisites

  • You have a Red Hat SSO username and SSO password that can be stored in clear text.
  • You have read/write permissions in the directory /etc/insights-client/.
  • The insights-client package is installed on your system.

Procedure

  1. Use a text editor to open the file /etc/insights-client/insights-client.conf
  2. Change auto_config=TRUE value to auto_config=FALSE.
  3. Replace <your customer portal username> with a Red Hat SSO username.
  4. Replace <your customer portal password> with a Red Hat SSO password.
  5. Save the configuration and exit the editor.
  6. Register the system.

    # insights-client --register

2.4. Registering the system to Insights for Red Hat Enterprise Linux

Register the system to communicate with the Insights for Red Hat Enterprise Linux service and to view results displayed in the Insights for Red Hat Enterprise Linux application console.

Prerequisites

  • Root-level access to Insights for Red Hat Enterprise Linux

Procedure

  1. Enter the following command to register the system.

    [root@server ~]# insights-client --register

2.5. Viewing your Insights results

System and infrastructure results can be viewed in the Insights for Red Hat Enterprise Linux application dashboard.

The dashboard provides links to each available Insights service. This includes advisor, drift, vulnerability, compliance, policies and patch. From this starting point, you can proactively identify and manage issues affecting system security, performance, stability and availability.

Prerequisites

  • The insights-client package is installed on your system.
  • You have a login account for Red Hat Hybrid Cloud Console} with privileges that allow you to review the Insights for Red Hat Enterprise Linux dashboard.

Procedure

  1. Access the Insights for RHEL dashboard.
  2. When the dashboard appears, click on the Inventory tab.
  3. Confirm that your system name appears in the list of system names that are registered with the {CLIENT_NAME}.

Legal Notice

Copyright © 2021 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.