System Patching Using Ansible Playbooks via Remediations

Red Hat Insights 2021

How to review applicable advisories and affected systems and remediate using Ansible playbooks

Red Hat Customer Content Services

Abstract

This document demonstrates how to review applicable advisories and affected systems in your environment and perform remediation using Ansible playbooks.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Providing feedback on Red Hat Hybrid Cloud Console documentation

We appreciate your input on our documentation. Please let us know how we could make it better. To do so, create a Bugzilla ticket:

  1. Go to the Bugzilla website.
  2. As the Component, use Documentation.
  3. Fill in the Description field with your suggestion for improvement. Include a link to the relevant part(s) of documentation.
  4. Click Submit Bug.

Chapter 1. Overview

Patch leverages Red Hat software and management automation expertise to enable consistent patch workflows for Red Hat Enterprise Linux (RHEL) systems across the open hybrid cloud. It provides a single canonical view of applicable advisories across all of your deployments, whether that be Red Hat Satellite, hosted Red Hat Subscription Management (RHSM), or the public cloud.

Using Patch you can:

  • see all of the applicable Red Hat advisories for your RHEL systems checking into Insights
  • patch any system with one or more advisories by using Ansible playbooks via Remediations
Note

Chapter 2. Reviewing and filtering applicable advisories and systems in the inventory

You can see all of the applicable advisories for systems checking into Insights for Red Hat Enterprise Linux.

Procedure

  1. On Red Hat Hybrid Cloud Console, navigate to Red Hat Enterprise Linux > Patch > Advisories.
  2. You can also search for advisories by name using the search box, and filter advisories by:

    1. Type - Security, Bugfix, Enhancement, Unknown
    2. Publish date - Last 7 days, 30 days, 90 days, Last year, or More than 1 year ago
  3. Navigate to Red Hat Enterprise Linux > Patch > Systems to see a list of affected systems you can patch with applicable advisories. You can also search for specific systems using the search box.

Chapter 3. System Patching Using Ansible Playbooks via Remediations

The following steps demonstrate the patching workflow via the Advisories tab:

Procedure

  1. On Red Hat Hybrid Cloud Console, navigate to Red Hat Enterprise Linux > Patch > Advisories.
  2. Click the advisory you want to apply to affected systems. You will see a description of the advisory, a link to view packages and errata at access.redhat.com, and a list of affected systems. The total number of applicable advisories of each type (Security, Bugfix, Enhancement) against each system are also displayed. As a bulk operation, you can click the options menu located next to a system, then click Apply all applicable advisories to patch the system with all applicable advisories at once.
  3. Alternatively, select the system(s) you want to patch with this particular advisory, then click Remediate.
  4. On the Remediate with Ansible page, you can choose to modify an existing Playbook or create a new one to remediate with Ansible. Accordingly, select Existing Playbook and the playbook name from the drop-down list, then click Next. Or, select Create new Playbook and enter a name for your playbook, then click Next.
  5. You will then see a summary of the action and resolution. Your system will auto reboot by default. If you desire to disable this functionality, click on the blue link that states "turn off auto reboot." Click Submit.
  6. On the left navigation, click on Remediations.
  7. Click on the playbook name to see the playbook details, or simply select and click Download playbook.

The following steps demonstrate the patching workflow via the Systems tab:

  1. Click the Systems tab to see a list of affected systems. As a bulk operation, you can click the options menu located next to a system, then click Apply all applicable advisories to patch the system with all applicable advisories at once.
  2. Alternatively, click the system you want to patch. You will see the system details and a list of applicable advisories for remediation, along with additional details such as the advisory publish date, type, and synopsis. Select the advisories you want to apply to the system, then click Remediate.
  3. On the Remediate with Ansible page, you can either modify an existing Playbook or create a new one to remediate with Ansible. Accordingly, click Existing Playbook and select the playbook name from the drop-down list, then click Next. Or, click Create new Playbook, enter a name for your playbook, then click Next.
  4. You will then see a summary of the action and resolution. Your system will auto reboot by default. If you desire to disable this functionality, click on the blue link that states "turn off auto reboot." Click Submit.
  5. On the left navigation, click on Remediations.
  6. Click on the playbook name to see the playbook details, or simply select and click Download playbook.

    Important

    Review and test any recommended actions and the playbook, and if you deem appropriate, deploy on your systems running Red Hat software. Red Hat is not responsible for any adverse outcomes related to these recommendations or Playbooks.

Legal Notice

Copyright © 2021 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.