Using Cloud Connector to remediate issues across your Red Hat Satellite infrastructure
A guide to remediating RHEL system issues throughout your Satellite infrastructure from the Red Hat Insights application
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Providing feedback on Red Hat Hybrid Cloud Console documentation
We appreciate your input on our documentation. Please let us know how we could make it better. To do so, create a Bugzilla ticket:
- Go to the Bugzilla website.
- As the Component, use Documentation.
- Fill in the Description field with your suggestion for improvement. Include a link to the relevant part(s) of documentation.
- Click Submit Bug.
Insights for Red Hat Enterprise Linux analyzes Red Hat Enterprise Linux systems and recommends actions to remediate issues on those systems, and helps you create Ansible Playbooks to automate remediations.
If you use Red Hat Satellite to manage your systems, you can upload your host inventory from Satellite to Red Hat Hybrid Cloud Console so that Satellite can report issues on your Satellite-managed hosts. You can then create and run remediation playbooks to fix issues on hosts across multiple Satellite Servers directly from Red Hat Hybrid Cloud Console.
Chapter 1. Configuration overview
To remediate issues across your Satellite infrastructure, complete the following steps:
- Remediations Cloud Connector requires a Red Hat Smart Management subscription.
- Satellite must be version 6.7 or later.
- You must have permissions to create and execute playbooks from the Insights for Red Hat Enterprise Linux Remediations service.
- Import a Subscription Manifest into Satellite. Only hosts in organizations with a valid Red Hat certificate can be connected to Red Hat Hybrid Cloud Console. For more information, see Importing a Subscription Manifest into Satellite Server in the Red Hat Satellite Content Management Guide.
- Register your hosts to Satellite using an activation key to attach Red Hat subscriptions. For more information, see Registering Hosts in the Red Hat Satellite Managing Hosts guide.
- Enable remote execution on your hosts so that Satellite can run remediation playbooks on them. For more information, see Distributing SSH Keys for Remote Execution in the Red Hat Satellite Managing Hosts guide.
Chapter 2, Configuring your Satellite infrastructure to communicate with Insights for RHEL Use the following procedures to configure Satellite and its hosts to communicate with Insights for RHEL:
- Section 2.1, “Uploading your host inventory from Satellite to Insights for RHEL”
- Section 2.2, “Installing the Insights for RHEL client on hosts managed by Satellite”
- Section 2.3, “Configuring Cloud Connector on Satellite Server”
- Section 2.4, “Configuring Insights for Red Hat Enterprise Linux Synchronization on Satellite”
Chapter 3, Remediating issues on RHEL systems managed by Satellite. Use the following procedures when you need to fix an issue across your Satellite infrastructure:
Chapter 2. Configuring your Satellite infrastructure to communicate with Insights for RHEL
Before you can remediate issues in your Satellite infrastructure, you must connect your hosts to Insights for RHEL and configure Cloud Connector on Satellite Server.
2.1. Uploading your host inventory from Satellite to Insights for RHEL
Use this procedure to upload your host inventory from Red Hat Satellite to Insights for Red Hat Enterprise Linux.
- Register your hosts to Satellite using an activation key to attach Red Hat subscriptions.
On Satellite Server, enable the Inventory plug-in. Note that the
--foreman-proxy-plugin-remote-execution-ssh-install-key trueoption installs an SSH key for the
rootuser on Satellite Server, so that Satellite can use remote execution on itself. This allows all Satellite users with the
create_job_invocationpermission to run commands over SSH as
rooton Satellite Server. If required, you can generate and install this key manually instead of using this option.
On Satellite Server 6.8 and later, enter the following command:
# satellite-installer \ --enable-foreman-plugin-rh-cloud \ --foreman-proxy-plugin-remote-execution-ssh-install-key true
On Satellite Server 6.7 and earlier, enter the following command:
# satellite-installer \ --enable-foreman-plugin-inventory-upload \ --foreman-proxy-plugin-remote-execution-ssh-install-key true\ --upgrade
- In the Satellite web UI, navigate to Configure > Inventory Upload and select your organization.
Click Restart to upload your host inventory to Insights for Red Hat Enterprise Linux.
Repeat this step for each organization from which you want to upload a host inventory.
Optional: Toggle the Auto upload switch to the ON position to enable Satellite to automatically upload your host inventory once a day. Toggle the Obfuscate host names switch to the ON position to hide host names that Satellite reports to Red Hat Cloud.
Auto upload and Obfuscate host names are global settings. They affect hosts that belong to all organizations.
To verify that the upload was successful, log into https://console.redhat.com/insights/inventory/ and search for your hosts.
2.2. Installing the Insights for RHEL client on hosts managed by Satellite
Use this procedure to install the Insights for RHEL client on each of your hosts.
- Register your hosts to Satellite using an activation key to attach Red Hat subscriptions.
Install the Insights for RHEL client:
# yum install insights-client
Register the host to Insights for RHEL:
# insights-client --register
Repeat these steps on each host.
Alternatively, you can use the RedHatInsights.insights-client Ansible role to install the Insights for RHEL client and register the hosts. For more information, see Using Red Hat Insights with Hosts in Satellite in the Red Hat Satellite Managing Hosts guide.
2.3. Configuring Cloud Connector on Satellite Server
Before you can run remediation playbooks on your Satellite infrastructure, you must install and configure Cloud Connector on Satellite Server. Cloud Connector manages the communication between Satellite and the Insights for Red Hat Enterprise Linux service at Red Hat Hybrid Cloud Console. Satellite provides an Ansible playbook to automate the configuration of Cloud Connector.
You can install and configure Cloud Connector by activating the Configure Cloud Connector switch. This automatically creates the service user that Cloud Connector will use to trigger remediation jobs on Satellite, then runs the Cloud Connector installation playbook using the service user credentials. You must repeat this procedure for each Red Hat account managed by Satellite.
- In the Satellite web UI, navigate to Configure > Inventory Upload.
- Toggle the Configure Cloud Connector switch to the ON position.
To verify that the playbook was successful, log into https://console.redhat.com/settings/sources and search for your Satellite Server.
If you add an organization for a new Red Hat account to Satellite, repeat these steps to configure a Cloud Connector instance for the new account.
If you add an organization to an existing Red Hat account on Satellite, edit that account’s service user to include the new organization.
If you remove an organization, and there are no more organizations under the same Red Hat account, you can toggle the Configure Cloud Connector switch to the OFF position. This will disable the Cloud Connector service for the account.
2.4. Configuring Insights for Red Hat Enterprise Linux Synchronization on Satellite
You can use Insights for Red Hat Enterprise Linux synchronization to provide Insights for Red Hat Enterprise Linux recommendations for Satellite-managed hosts.
Use this procedure to configure Insights for RHEL synchronization on Red Hat Satellite.
- Generate an RHSM API token at https://access.redhat.com/management/api.
- Copy the token to Red Hat Cloud token setting in the Satellite web UI. To do so, navigate to Administer > Settings and click the RH Cloud tab. Then, in the Red Hat Cloud token setting value, paste the token and click save.
- Navigate to Configure > Insights to synchronize Insights for Red Hat Enterprise Linux recommendations manually by clicking the Sync now button. Optionally, toggle the Synchronize Automatically switch to the ON position to enable Red Hat Satellite to download Insights for RHEL recommendations available on Red Hat Hybrid Cloud Console automatically once a day.
You have now configured Insights for Red Hat Enterprise Linux Synchronization on Satellite.
In the Satellite web UI, navigate to Hosts > All Hosts to see Insights for Red Hat Enterprise Linux recommendations for each Satellite-managed host. For more information about remediating issues on RHEL systems managed by Satellite, see Chapter 3, Remediating issues on RHEL systems managed by Satellite.
Chapter 3. Remediating issues on RHEL systems managed by Satellite
Use Insights for RHEL to create a remediations playbook, and execute that playbook on your Satellite systems from the Insights for RHEL UI.
3.1. Using Insights for RHEL to create a remediations playbook
You can use Insights for RHEL to create an Ansible Playbook for system remediation across your Satellite infrastructure.
- Log in to your Red Hat Hybrid Cloud Console account and open Insights for Red Hat Enterprise Linux.
Perform one of the following actions to see what fixes are available.
Click the Red Hat Enterprise Linux > Advisor > Recommendations tab to view a list of the recommended fixes.Note
Verify that the selected remediation item has a green check mark in the Ansible column, which means you create an Ansible Playbook to remediate the issue.
- Click the Red Hat Enterprise Linux > Vulnerability > CVEs tab to view a list of CVEs.
After selecting Red Hat Enterprise Linux > Advisor > Recommendations or Red Hat Enterprise Linux > Vulnerability > CVEs, click on one of the listed remediation items.
An Affected systems list appears that shows you which systems might need the remediation applied.
- From the list, click the check box to select the systems you want to remediate. When you select the systems, the Ansible Remediate button becomes active.
- Click the Ansible Remediate button to create an Ansible Playbook. You can choose to create a new playbook or modify an existing playbook.
3.2. Executing the remediations playbook
You can execute an Ansible Playbook that you created to apply remediations to your Satellite managed systems.
Only users who are assigned the Remediations administrator role can execute an Ansible Playbook. For information on how to manage and assign user roles, see the User Access Configuration Guide for Role-based Access Control (RBAC).
- Navigate to Red Hat Enterprise Linux > Remediations. A list of available playbooks appears.
- Click the name of the playbook that you want to execute. A summary window displays information about the actions in the playbook.
In the summary window you can switch states of the auto reboot. If it is enabled you can turn it off and if it is disabled you can turn it on.Note
The selection to Turn off auto reboot applies to the playbook and not individual systems. If multiple systems use the playbook, the auto reboot choice of enabled or disabled applies to all systems and cannot be individually toggled.
- (Optional) You can select specific actions in the confirmation window and delete them.
- Click the Execute Playbook button. A confirmation window appears and asks for a final confirmation to execute the playbook. You can view the readiness state for the target systems.
- In the confirmation window, click the button Execute Playbook on X systems to start running the playbook. The X represents the number of systems.
3.3. Using Insights for Red Hat Enterprise Linux to monitor remediation status
You can view the remediation status for each playbook that you execute from the Insights for RHEL Remediations service. The status information tells you the results of the latest activity and provides a summary of all activity for playbook execution. You can also view log information for playbook execution.
- Create and execute a remediation playbook.
- In the Insights for Red Hat Enterprise Linux application, click the Remediations tab. The tab window displays a list of remediation playbooks.
- Click on the name of a playbook. Additional choices are displayed for the latest playbook activity and all playbook activity.
- Click View in the Playbook summary area to see results of the latest activity for the playbook execution.
- Click the Activity tab to see information about all activity for the playbook.
- When you hover on any item in the Status column, a pop-up box appears with summary information for Run, Failed, and Pending activity.
- Click the expand button next to a Run on entry to show additional activity for each connection on that run. A "Results by connection" window appears.
- Under the Connection heading, click a connection name. A Name list appears.
Click on the expand button next to an entry in the Name list. A Playbook log appears.Note
You can view the Playbook log while a playbook is executing to see near real time information on the execution status.
To monitor the status of a playbook in the Satellite web UI, see Monitoring Remote Jobs in the Red Hat Satellite Managing Hosts guide.