Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 4. Manage system operations and configuration settings
To ensure that your RHEL systems are maintaining connectivity and reporting accurate data to Red Hat Lightspeed, perform routine maintenance by using both rhc and insights-client. With rhc and insights-client, you can edit global settings, adjust connection settings, and change features after registering systems to Red Hat Lightspeed.
4.1. Use remote host configuration manager
You can use the rhc client using remote host configuration manager to control the global remote host configuration (rhc) settings for Red Hat Enterprise Linux systems connecting to Red Hat Lightspeed. You can enable or disable the execution of remediations playbooks, which affects the execution of the remediation plan. To access the remote host configuration manager, log in to the Red Hat Hybrid Cloud Console as a user with RHC user privileges. The remote host configuration manager is located at Red Hat Hybrid Cloud Console > Red Hat Lightspeed > Inventory > System Configuration > Remote Host Configuration (RHC).
4.1.1. Edit global rhc manager settings for connected systems
You can use the remote host configuration manager to edit remote host configuration connection settings to enable and disable permissions to run remediation playbooks on rhc-connected systems.
Prerequisites
- You must be logged into the Red Hat Hybrid Cloud Console.
- You must have RHC administrator privileges.
Procedure
- Navigate to Red Hat Hybrid Cloud Console > Red Hat Lightspeed > Inventory > System Configuration > Remote Host Configuration (RHC) to view and edit the current settings.
4.1.2. Maintain a connection between remote host configuration and Red Hat Hybrid Cloud Console
Maintain a strong connection between the remote host configuration (rhc) and Red Hat Hybrid Cloud Console, by optionally setting the recommended option for a 10-second reconnect delay. This involves adding the line, mqtt-reconnect-delay = "10s" to the /etc/rhc/config.toml file and restarting the rhcd.service to ensure uninterrupted remote management and monitoring.
Prerequisites
- You have root-level access to the system or sudo permissions.
- You have an rhc version that is between 0.2.4 and version 0.3.
Procedure
-
Open the following file:
/etc/rhc/config.toml -
Add this option to the file
mqtt-reconnect-delay = "10s" - Save your changes.
Type the following command in the terminal:
systemctl restart rhcd.service
# systemctl restart rhcd.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
Type the following command in the terminal:
systemctl status rhcd.service
# systemctl status rhcd.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow If the command completed successfully, you should see the following statement returned:
`Active: active (running)`
# `Active: active (running)`Copy to Clipboard Copied! Toggle word wrap Toggle overflow The statement also includes a timestamp.
4.2. Manage system connectivity and networking
To successfully connect your RHEL systems to Red Hat Lightspeed for registration and data transfer, make sure your network configuration and firewall allow necessary outbound traffic. If your network uses a proxy, configure your RHEL systems to use the proxy for outbound connections. Review the required prerequisites and configurations to configure your network correctly and ensure your firewall is open. This helps ensure your RHEL clients can register and send data to Red Hat Lightspeed using the client tools.
Additionally, to use remote management capabilities, verify that connections to required Red Hat systems on standard ports and the MQTT port are open.
4.2.1. The subscription-manager destinations and ports
For subscription-manager, the system must be able to reach the following destination and TCP ports:
- subscription.rhn.redhat.com:443 (https)
- subscription.rhsm.redhat.com:443 (https)
- cdn.redhat.com:443 (https)
- *.akamaiedge.net:443 (https)
- *.akamaitechnologies.com:443 (https)
4.2.2. The insights-client destinations and ports
For Red Hat Lightspeed to collect data, the system must be able to reach the following destination and TCP ports:
- api.access.redhat.com:443 (https)
- cert-api.access.redhat.com:443 (https)
4.2.3. The rhc client daemon communication with MQTT
For the rhc daemon (rhcd) to communicate with the MQTT message broker, the system must be able to reach reach connect.cloud.redhat.com:443 (https).
- connect.cloud.redhat.com:443 (https)
4.2.4. Add a proxy for rhc
When you run rhc on your RHEL systems, the system attempts to establish connections to several Red Hat endpoints. If these are blocked, the registration will fail, so you will need to add a proxy for rhc to connect to Red Hat.
Prerequisites
- You have root-level access to your system
Procedure
-
On a command line, run the following commands to add a proxy for
rhcto use to connect to Red Hat. Use the following commands to add a proxy for
rhcto use to connect to Red Hat.mkdir -p /etc/systemd/system/rhcd.service.d
# mkdir -p /etc/systemd/system/rhcd.service.dCopy to Clipboard Copied! Toggle word wrap Toggle overflow cat /etc/systemd/system/rhcd.service.d/proxy.conf
# cat /etc/systemd/system/rhcd.service.d/proxy.confCopy to Clipboard Copied! Toggle word wrap Toggle overflow [Service] Environment=HTTPS_PROXY=http://proxy.corp.com:8888
[Service] Environment=HTTPS_PROXY=http://proxy.corp.com:8888Copy to Clipboard Copied! Toggle word wrap Toggle overflow systemctl daemon-reload
# systemctl daemon-reloadCopy to Clipboard Copied! Toggle word wrap Toggle overflow systemctl restart rhcd
# systemctl restart rhcdCopy to Clipboard Copied! Toggle word wrap Toggle overflow
4.3. Manage system display and status
To maintain an accurate inventory and ensure reliable management of your Red Hat Enterprise Linux (RHEL) systems, you can manage system identity and connection status. Performing management tasks such as, renaming a host, checking the client version, and unregistering or re-registering systems helps prevent duplicate entries in your inventory, which can lead to confusion, inaccurate reporting, and potential configuration errors.
4.3.1. Change the host display name
You can change the host display name as it appears in the graphical user interface (GUI) to help streamline identifying your inventory, meet organizational naming conventions, or other reasons. Make this change either when you register the system with Red Hat Lightspeed, or after registration. If you do not assign a display name when you register the system, Red Hat Lightspeed uses the value in /etc/hostname. Changing the display name is optional, so you need to decide if you want to use a display name in addition to the default hostname.
Using the insights-client command to set the display name takes effect immediately, but does not run the client.
If you obfuscate the hostname, the hostname configured in /etc/hostname is obfuscated. Assign a display name so that you can identify a host even when its hostname is obfuscated.
Prerequisites
- Root-level access to the system.
Procedure
Enter the
insights-clientcommand with the--display-nameoption and specify a display name.insights-client --display-name ITC-4 System display name changed from None to ITC-4
[root@rhlightspeed]# insights-client --display-name ITC-4 System display name changed from None to ITC-4Copy to Clipboard Copied! Toggle word wrap Toggle overflow To create a display name that contains spaces, use double quotes.
insights-client --display-name "ITC-4 B9 4th floor" System display name changed from None to ITC-4 B9 4th floor
[root@rhlightspeed]# insights-client --display-name "ITC-4 B9 4th floor" System display name changed from None to ITC-4 B9 4th floorCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Additional resources:
4.3.2. Display the client version
You can display the insights-client version and client core version.
Prerequisites
- Root-level access to your system.
Procedure
Enter the
insights-clientcommand with the--versionoption.insights-client --version Client: 3.0.6-0 Core: 3.0.121-1
[root@rhlightspeed]# insights-client --version Client: 3.0.6-0 Core: 3.0.121-1Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Additional resources
4.4. Manage schedule and rule updates for the insights-client
By default, the insights-client runs every 24 hours. The timers in the default schedules are random so that all systems do not run the client at the same time. You can disable, enable, or modify the schedule to control when the system performs data collection, although changes from the default might affect performance. To ensure that host information remains up-to-date extending the timers beyond 24 hours is not recommended.
4.4.1. Disable the insights-client schedule
You must disable the client schedule before you can change the default insights-client settings and create a new schedule. The procedure you use to disable the insights-client schedule depends on your Red Hat Enterprise Linux and client versions.
Prerequisites
- Root-level access to your system
The insights-client version 3.x and later
-
NOTE: The
--no-scheduleoption is deprecated in Client 3.x and later.
-
NOTE: The
Procedure
Enter the
insights-clientcommand with the--versionoption to verify that you have the required client version installed.insights-client --version Client: 3.0.6-0 Core: 3.0.121-1
[root@rhlightspeed]# insights-client --version Client: 3.0.6-0 Core: 3.0.121-1Copy to Clipboard Copied! Toggle word wrap Toggle overflow Enter the
insights-clientcommand with the--disable-scheduleoption to disable the client schedule.insights-client --disable-schedule
[root@rhlightspeed]# insights-client --disable-scheduleCopy to Clipboard Copied! Toggle word wrap Toggle overflow
4.4.2. Enable the insights-client schedule
When you enable the client schedule, it runs using its default settings. If you change the schedule, those settings take precedence.
When you run insights-client from the command line, insights-client runs using the settings you specify for only that session. When the next scheduled run takes place, it uses the default settings.
Prerequisites
- Root-level access to your system.
- The client schedule is disabled.
- (Optional) You modified the default schedule.
Procedure
Verify the client version on your system by entering the
insights-clientcommand with the--versionoption.insights-client --version Client: 3.0.6-0 Core: 3.0.121-1
[root@rhlightspeed]# insights-client --version Client: 3.0.6-0 Core: 3.0.121-1Copy to Clipboard Copied! Toggle word wrap Toggle overflow Enter the
insights-clientcommand with the--enable-scheduleoption to enable the client schedule.insights-client --enable-schedule
[root@rhlightspeed]# insights-client --enable-scheduleCopy to Clipboard Copied! Toggle word wrap Toggle overflow
4.4.3. Modify the insights-client schedule by using the systemd service
You can change when the insights-client runs by modifying the schedule. The method that you use depends on the RHEL release and client version that your system is running. For Red Hat Enterprise Linux 7.5 and later, you can update the systemd settings and the insights-client.timer file.
If you update the schedule using cron or the systemd.timer, those customized settings take precedence. However, if you change settings using the insights-client on the command line, the settings apply only to that session. When the next scheduled run takes place, the client uses your persistent customized settings.
For Red Hat Enterprise Linux 7.4 and earlier, use cron to modify the system schedule. For more information about using cron, see the Red Hat Knowledgebase solution, What is cron and how is it used?.
Prerequisites
- You have root-user access to your system.
Procedure
To edit the settings in the
insights-client.timerfile, enter thesystemctl editcommand and the file name.systemctl edit insights-client.timer
[root@rhlightspeed]# systemctl edit insights-client.timerCopy to Clipboard Copied! Toggle word wrap Toggle overflow This action opens an empty file with the default system editor, on RHEL 6, 7, and 8. On RHEL 9 and later, running the command opens a file with a template that includes the original
systemdservice file as a reference.Enter different settings to modify the schedule. The values in this example are the default settings for
systemd.[Timer] OnCalendar=daily RandomizedDelaySec=14400
[Timer] OnCalendar=daily RandomizedDelaySec=14400Copy to Clipboard Copied! Toggle word wrap Toggle overflow Enable the
insights-clientschedule.insights-client --enable-schedule
[root@rhlightspeed]# insights-client --enable-scheduleCopy to Clipboard Copied! Toggle word wrap Toggle overflow -
For more information, refer to the man pages for
systemctl(1),systemd.timer(5), andsystemd.time(7)to understandsystemd
-
For more information, refer to the man pages for
4.4.4. Enable automatic rule updates for Red Hat Lightspeed
You can re-enable the automatic collection rule updates for Red Hat Lightspeed, if you previously disabled updates. By default, automatic rule update is enabled. Re-enable these updates to ensure that your system continues to benefit from the latest security and performance analysis provided by Red Hat Lightspeed.
Prerequisites
- Root-level access to your system.
- Automatic rule collection is disabled.
Procedure
-
Open the
/etc/insights-client/insights-client.conffile with an editor. Locate the line that contains the following:
auto_update=False
auto_update=FalseCopy to Clipboard Copied! Toggle word wrap Toggle overflow Change
FalsetoTrue.auto_update=True
auto_update=TrueCopy to Clipboard Copied! Toggle word wrap Toggle overflow -
Save and close the
/etc/insights-client/insights-client.conffile.
4.4.5. Disable automatic rule updates
You can disable the automatic collection rule updates for Red Hat Lightspeed, but it is not a recommended action to take. Disabling the automatic rule updates puts your systems at risk of using outdated rule definition files and not getting the most recent validation or updates from Red Hat’s hosted services.
Prerequisites
- Root-level access to your system.
- Automatic rule updates are enabled.
Procedure
-
Open the
/etc/insights-client/insights-client.conffile with an editor. Locate the line that contains
#auto_update=True
#auto_update=TrueCopy to Clipboard Copied! Toggle word wrap Toggle overflow Remove the
#and changeTruetoFalse.auto_update=False
auto_update=FalseCopy to Clipboard Copied! Toggle word wrap Toggle overflow -
Save and close the
/etc/insights-client/insights-client.conffile.
4.4.6. Refresh the package cache for systems managed by Red Hat Satellite
You can use the --build-packagecache option to provide accurate reporting for applicable updates on Satellite-managed systems. This option rebuilds the yum/dnf package caches for insights-client, and creates a refreshed list of applicable updates for the system.
You can run the command manually to rebuild the package caches immediately, or you can edit the client configuration file, /etc/insights-client/insights-client.conf, to rebuild the package caches automatically each time the system checks in to Red Hat Lightspeed.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}