Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Viewing and managing system inventory

Red Hat Lightspeed 1-latest

Using inventory to easily track and manage your infrastructure

Red Hat Customer Content Services

Abstract

This document helps Red Hat Lightspeed administrators to organize their system inventory into logical groups (called workspaces) and control User Access to systems.

Chapter 1. Inventory overview
Copy link

Use the inventory service to view and track all registered Red Hat Enterprise Linux systems in your organization through the Hybrid Cloud Console. You can access system details, monitor health and staleness, organize systems into workspaces, and export inventory data for reporting and analysis.

Access inventory through the Hybrid Cloud Console or the Managed inventory API to track and manage your infrastructure.

1.1. Data governance
Copy link

Red Hat Lightspeed collects minimal system metadata for analysis while providing data obfuscation, redaction, and automatic retention controls.

Red Hat Lightspeed helps to identify and address operational and vulnerability risks, before they result in system downtime. This functionality requires that Red Hat Lightspeed collects small pieces of system metadata for processing and analysis. Here is how we ensure the security of your data:

  • Red Hat Lightspeed collects only the minimum system metadata needed to analyze and identify issues for supported platforms.
  • Before data is sent to Red Hat, you have the option to inspect and redact your data.
  • Data is encrypted throughout the process, with a customizable collection schedule. Red Hat data collection rules are signed, and the signature is verified before proceeding.
  • Only one uploaded data set is stored at a time for each cluster, host, or instance.

1.1.1. Data obfuscation
Copy link

You have full control over the data collected by Red Hat Lightspeed. It is possible to anonymize the data by obfuscating IP addresses, Media Access Control (MAC) addresses, and hostnames in the insights-client.

1.1.2. Data redaction
Copy link

You can exclude specific data from the insights-client collection process by using data redaction commands in the command line interface. This method can be used to ensure personally identifiable information (PII) is not collected. However, data redaction reduces the quantity and quality of system recommendations.

1.1.3. Data retention
Copy link

The insights-client collects and uploads your data once a day by using the default configuration. The collected data is kept for 24 hours for analysis. Data is replaced by new uploads from the insights-client every day. Data is automatically deleted after 14 days if there is no upload from the insights-client.

Results from the analysis are retained for historical reporting purposes and might be used by Red Hat as input for feature enhancements.

1.2. Data collectors for inventory
Copy link

Data collectors upload system information to Red Hat Hybrid Cloud Console and are deduplicated to ensure each system is displayed only once in inventory.

Each system registered in inventory gets its data from one of many data collectors. Data collectors run on a regular cadence and synchronize their collected data with the Red Hat Hybrid Cloud Console.

A system can be reported by one or more collectors. When multiple collectors provide information for the same system, inventory uses a deduplication mechanism to merge the information. This process ensures that systems are displayed only once in inventory.

The following data collectors upload system information to the Red Hat Hybrid Cloud Console:

Red Hat Lightspeed
Red Hat Lightspeed registers and aggregates system data. By default, it runs daily on each system and uploads the system data to the Red Hat Hybrid Cloud Console for processing. The data that Red Hat Lightspeed collects is used to formulate all the recommendations Red Hat Lightspeed provides.
Red Hat Subscription Manager (RHSM)
The subscription-manager tool runs daily to provide a list of all systems in your organization that are registered with Red Hat. Note that unless Red Hat Lightspeed is also enabled, data collected by Subscription Manager alone does not provide recommendations.
remote host configuration (rhc)
Use the rhc client to register systems to Red Hat Lightspeed and Red Hat Subscription Manager, and to also configure Red Hat Lightspeed connections for all RHEL systems in your organization. The rhc client also makes it easy to find system issues and to fix them with the playbooks generated by Red Hat Lightspeed from any remediation plans that you created.
Red Hat Discovery tool
The Discovery tool scans systems for Red Hat software installations and provides a report to the Red Hat Hybrid Cloud Console for inclusion in inventory. You can run this tool manually.
Red Hat Satellite

Satellite provides an integration with the Red Hat Hybrid Cloud Console. When configured, Satellite uploads its inventory of registered systems daily and synchronizes it with the inventory application. This includes all systems registered with Satellite and Capsule servers.

Note

Data collected and reported by the Subscription manager and Satellite alone will NOT result in analysis and recommendations. Red Hat Lightspeed must also be enabled.

View data collector name, status, and last upload time for a system by checking the Data collectors card in system details.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is a member of a User Access group with at least one of the following roles:

    • Inventory Hosts viewer
    • RHEL viewer

Procedure

  1. On the Hybrid Cloud Console, navigate to InventorySystems.
  2. Click the system you want to view.
  3. You will notice that you are in the General information tab. Remain in that tab and scroll to the bottom of the page.

  4. Reference the Data collectors card at the bottom of the page. There you will see the data collector(s) Name, Status and Last upload details.

    Note

    You can also filter your systems by data collectors in the inventory Systems page, as outlined in Refining your view of systems in inventory.

1.3. System facts
Copy link

System facts are the metadata that data collectors collect about your RHEL systems that describe configuration, health, and performance for analysis and recommendations.

insights-client uses system facts to populate inventory data in Red Hat Lightspeed and to update existing data. Red Hat Lightspeed also uses system facts to analyze system performance and to create recommendations for services such as Advisor or remediations.

1.4. Red Hat Lightspeed analysis and monitoring
Copy link

Red Hat Lightspeed performs initial and daily system analyses to monitor status, identify issues, and flag systems for deletion based on staleness criteria.

When you register systems, Red Hat Lightspeed performs an initial analysis and then runs daily analyses to monitor your system status. Red Hat Lightspeed stores the status information in inventory. You can view the system details from the Inventory Systems page in the Hybrid Cloud Console.

Red Hat Lightspeed analysis results can include alerts that identify issues in your systems, and recommendations about how to resolve those issues.

Red Hat Lightspeed also monitors for system staleness by using specific staleness criteria to flag systems that are not reporting regularly. If systems do not report for a specified period of time, Red Hat Lightspeed flags them for deletion.

Chapter 2. Assessing and filtering your inventory
Copy link

Use inventory assessment and filtering to identify and eliminate security, operations, and business risks in your fleet.

Red Hat Lightspeed provides REST APIs with token-based authentication for secure interaction with applications to obtain system details and recommendations.

All Red Hat Lightspeed APIs are Representational State Transfer (REST) APIs. REST APIs are stateless, meaning servers do not save client data between requests. Token-based authentication provides granular control over access permissions and enhances security.

2.2. Refine your view of systems in inventory
Copy link

Filter inventory systems by name, status, operating system, data collector, RHC status, last seen, workspace, or tags to focus on specific systems.

There are several ways to refine your inventory view to help you focus on the issues and systems that matter the most. Using the following steps, you can filter your systems inventory by several criteria, including:

  • Name
  • Status
  • operating system
  • Data Collector
  • remote host configuration status
  • Last seen
  • Workspace
  • Tags

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console as a user who is a member of a User Access group with at least one of the following roles:

    • Inventory Hosts viewer
    • RHEL viewer

Procedure

  1. On the Hybrid Cloud Console, navigate to InventorySystems.
  2. Click the Name filter drop-down. Choose an option from the drop-down menu, such as Name, Status, operating system, Data Collector, RHC status, Last seen, Workspace or Tags.
  3. Select additional filters within your query. For example, if you chose the operating system filter, click Filter by operating system in the header to choose a specific version of RHEL.
  4. Click the checkbox next to the RHEL version you want to filter.
  5. Optional: To add multiple filters to your query, click an additional filter (such as Data Collector). A second drop-down is displayed to the right of the Data Collector filter, called Filter by data collector.
  6. Choose the required data collector. This first filter then is displayed just below the header. If needed, choose a second filter. You can apply all 8 available filters to your query.
  7. Click Reset filters to clear your query.

2.3. Assigned system display names
Copy link

Each system in Red Hat Lightspeed has a display name that is assigned either automatically by data collectors or manually by users. Display names identify systems within the Red Hat Hybrid Cloud Console.

There are two ways to assign a display name to a system:

Automatically
Red Hat Lightspeed inventory assigns a display name to the system. Red Hat Lightspeed receives the display name from a data collector, such as Red Hat Subscription Manager (RHSM), and applies it to the system. If a system has an automatically assigned name, a higher-priority data collector can change the display name. A lower-priority data collector cannot change the display name.
Manually
You create the display name and manually apply it to the system. If a system has a manually assigned display name, that name persists in the Red Hat Hybrid Cloud Console. Unlike some automatically assigned display names, another application cannot overwrite the display name.

Data collectors assign display names to systems based on priority, with higher-priority collectors overriding lower-priority ones.

A data collector is a specific application or service responsible for sending host information, updates, or system profile data to Red Hat Lightspeed inventory. For example, Red Hat Subscription Manager (RHSM) and Red Hat Satellite act as data collectors for Red Hat Lightspeed.

A data collector can provide a display name to Red Hat Lightspeed during registration or a registration update. If the system has a manually assigned name, the data collector uses that name as the display name. Otherwise, the data collector does not provide a display name, so Red Hat Lightspeed uses the system fully qualified domain name (FQDN) as a display name.

Each data collector that interacts with Red Hat Lightspeed has an assigned priority. Red Hat Lightspeed inventory uses the display name provided by the data collector with the highest priority. That means that the display name reported by a higher-priority data collector overrides the display name set by a data collector with a lower priority.

Important

Red Hat Lightspeed ignores a display name provided by a lower-priority data collector if a higher-priority data collector has already set the display name. The system always shows the display name from the highest priority data collector and ignores the rest.

The following table shows the data collectors in order of priority.

Expand
PriorityData CollectorDescription

1

Red Hat Lightspeed UI, insights-client, or manual API request

Manually assigned display names have the highest priority.

2

rhsm-system-profile-bridge or system-conduit

These RHSM data collectors mirror display names from RHSM to Red Hat Lightspeed. system-conduit is involved in updates. It runs nightly every 24 hours.

3

default (any other data collector)

Default priority for all non-specific data collectors that provide a display name, such as Red Hat Discovery Tool or Satellite.

4

no data collector

If no data collector provides a display name, Red Hat Lightspeed automatically assigns the Fully Qualified Domain Name (FQDN) as the system display name.

2.5. Manually assigning system display names
Copy link

You can manually assign custom display names to systems in inventory by using the UI, insights-client, or API to override automatic naming conventions.

System display names that you assign through a data collector (for example, during registration with RHSM) receive the highest priority. This means that lower-priority data collectors cannot override names that you set manually.

You can assign display names by using three methods:

  • Red Hat Lightspeed UI - Use the web interface to assign display names to individual systems.
  • insights-client - Use the insights-client command-line tool to set display names on systems.
  • Inventory API - Use the API to programmatically assign display names for automation and bulk operations.
Note

If you manually assign a name to a system outside of the data collectors (for example, by using the hostname command at the command line), Red Hat Lightspeed automatically uses the assigned name as its display name in inventory. If you want to use a different display name for the system within Red Hat Lightspeed, then manually assign the different display name. The system retains its original hostname, but is displayed in inventory with the assigned display name.

Manually assign a custom display name to a system in inventory by using the UI to override automatic naming conventions.

System display names that you assign manually receive the highest priority. This means that lower-priority data collectors cannot override names that you set manually.

Procedure

  1. On the Hybrid Cloud Console, navigate to InventorySystems. The Systems page displays a list of all of the systems in your environment.
  2. Click the options icon (⋮) for the system for which you want to set the display name.
  3. Select Edit display name from the drop-down menu. The Edit display name dialog box opens.
  4. Enter the name you want to assign to the system.
  5. Click Save to save the new display name.

Use the insights-client command-line tool to set a custom display name for a system in inventory.

With the insights-client, you can set the system display name on the system itself. This method is useful for automating display name assignment during system configuration or deployment.

Procedure

Use the inventory API to programmatically set custom display names for systems to enable automation and bulk operations.

Procedure

  1. Issue the PATCH /hosts/{host_id_list} API call to set the display name.
  2. For detailed information about using this API call, see the hosts section in the Red Hat Lightspeed host inventory API catalog.

Red Hat Lightspeed tags systems that use the Red Hat Lightspeed proxy in inventory to help you identify proxy-connected systems and manage connectivity from a centralized location.

Red Hat Lightspeed detects systems that communicate through a proxy server. This helps you to ensure that all systems are routed through the proxy server in disconnected environments. You can manage connectivity in your environment from a single point.

When you use the configure-client.sh script to configure systems to use the Red Hat Lightspeed proxy, the script uses the Red Hat Lightspeed system tagging capability to identify the proxy server on the client systems.

Note

The script adds an entry in the /etc/insights-client/tags.yaml file on the client system that tags the proxy server. The entry takes the following format: 

insights-proxy: <rhproxy-hostname>

For example, a client system that connects to the server myproxy.example.com could have the following line added to the tags.yaml file. In this example, myproxy.example.com has the hostname myproxy-example in Red Hat Lightspeed inventory. 

insights-proxy: myproxy-example

When a client system uses a proxy server to communicate with Red Hat Lightspeed, you can view the proxy server in inventory in the Red Hat Hybrid Cloud Console. The Filter by tags filter displays the proxy server tag grouped under the insights-client heading. You can select the proxy server tag to view the client systems connected to it.

Important

After you configure the client system to use a proxy server, insights-client must perform an upload to Red Hat Lightspeed before the server can be identified by tag in inventory.

Note

If the proxy server for a client changes, re-run the configure-client.sh script. The script correctly handles the reconfiguration entry in the /etc/insights-client/tags.yaml file.

To disable the proxy connection, unconfigure the client system. Unconfiguring the client system removes the system tags that connect to the proxy server.

Important

After you unconfigure the client system to disable the connection to the proxy server, insights-client must perform an upload to Red Hat Lightspeed before its system tags are updated in inventory.

Identify systems connected through the Red Hat Lightspeed proxy by viewing the insights-proxy tag in the Red Hat Hybrid Cloud Console.

Once you have configured an insights-client system to use a proxy server, you can identify the system by its tag in the Red Hat Hybrid Cloud Console. The insights-proxy tag also indicates the Red Hat Lightspeed proxy to which the system is connected.

Prerequisites

  • You have user permissions for the client systems in inventory.
  • The client systems are configured to communicate with Red Hat Lightspeed through the proxy server. For more information about the configuration script, see Configuring client systems.

Procedure

  1. On the Hybrid Cloud Console, navigate to InventorySystems. The list of systems displays.
  2. Select the client system you want to view. The client system name displays in a pop-up.
  3. Click the tag icon to the right of the system name. The tag icon links to a list of all system tags associated with the selected client system. This list includes the insights-proxy tag, along with the Red Hat Lightspeed proxy server hostname that the system uses.

Use the inventory API to identify Red Hat Lightspeed proxy servers and query which client systems use specific proxy servers to communicate with Red Hat Lightspeed.

For step-by-step instructions about how to authenticate and query the inventory API, download the Red Hat Lightspeed API Cheat Sheet.

Note

You must have login access to developers.redhat.com to access the API cheat sheet.

For information about how to make API calls, see Making API calls.

Prerequisites

  • You have authenticated to the inventory API.

Procedure

  1. To obtain a list of deployed Red Hat Lightspeed proxy servers in your environment, use the following API call: 

    GET /api/inventory/v1/tags?search=insights-client/insights-proxy

  2. To view the list of insights-client systems configured to use a specific proxy server, use the following API call. Substitute the name of the proxy server for <rhproxy-hostname>. 

    GET /api/inventory/v1/hosts?tags=insights-client/insights-proxy=<rhproxy-hostname>

Disable the proxy connection when you no longer need to route systems through the Red Hat Lightspeed proxy. Unconfiguring the client system removes the proxy-related system tags from inventory.

Unconfiguring the client system removes the system tags that connect to the proxy server. After unconfiguring, insights-client must perform an upload to Red Hat Lightspeed before the system tags are updated in inventory.

Prerequisites

  • The client system is currently configured to communicate with Red Hat Lightspeed through the Red Hat Lightspeed proxy.

Procedure

  1. Follow the steps in Unconfiguring client systems when you want to disable the Red Hat Lightspeed proxy to unconfigure the client system.
  2. Wait for insights-client to perform an upload to Red Hat Lightspeed.

Verification

  1. On the Hybrid Cloud Console, navigate to InventorySystems.
  2. Click the client system that you unconfigured.
  3. Verify that the insights-proxy tag no longer appears in the system’s tag list.

2.10. Connecting image-based systems to inventory
Copy link

Red Hat Lightspeed provides a unified view of RPM, image mode, and OSTree-based systems with filtering options for image-based systems.

Red Hat Lightspeed unifies all system types into a single, streamlined view. You can view and manage RPM (package mode), image mode, and OSTree-based systems from the same page in inventory. Red Hat Lightspeed also includes filters that you can use to select and display image-based systems.

You can connect an image-based system to Red Hat Lightspeed in the following ways:

  • Connect automatically during image building
  • Use rhc (Remote host configuration) to connect manually
  • Use Red Hat Satellite to register the system

Configure an image-based RHEL system to automatically connect to Red Hat Lightspeed by pre-configuring the image with an activation key so that systems automatically register with remote host configuration (rhc) on first boot.

Procedure

  • To connect an image-based system to Red Hat Lightspeed, add an activation key to your build configuration by using the sample code and examples that are provided in the Fedora/CentOS bootc project git repository.

You can manually connect an image-based RHEL system to Red Hat Lightspeed by using the rhc command with an activation key and Organization ID.

If your image-based system is directly connected to Red Hat services or connects through a proxy server, use rhc to connect the system to Red Hat Lightspeed.

Prerequisites

Procedure

  • Use the following rhc command to configure the connection and register your system to Red Hat Lightspeed. Substitute the activation key for <AK> and your Organization ID for <org_id>. 

    # rhc connect -s <AK> -o <org_id>

Register image-based RHEL systems with Satellite by using your preferred method to enable centralized management and Red Hat Lightspeed monitoring.

Procedure

  1. For more information about how to register systems, see Registering hosts and setting up host integration.

  2. For more information about how to use global registration, see Registering hosts by using global registration.

    Important

    Make sure that Red Hat Lightspeed registration is enabled in Satellite before you generate the registration command. Select HostsRegister HostAdvanced and make sure that Set up Red Hat Lightspeed is enabled.

2.14. View image-based systems in inventory
Copy link

Use the Image-based system filter to view image-based systems in inventory.

To show details for a system, click the system name. The System Details page includes the image URL and its corresponding hash value.

The bootc panel on the System Details page shows information about the following:

  • Booted image
  • Booted image digest
  • Staged image
  • Staged image digest
  • Available image
  • Available image digest
  • Rollback image
  • Rollback image digest

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console as a user who is a member of a User Access group with at least one of the following roles:

    • inventory-host-read
    • inventory-groups-read
    • RHEL viewer

For more information about how to configure User Access permissions, see User Access configuration guide for role-based access control (RBAC).

Procedure

  1. On the Hybrid Cloud Console, navigate to InventorySystems.
  2. Select Filter by System type from the filter drop-down, and then select Image-based system to display all image-based systems in inventory.
  3. Click the name of the system you want to view. The System Details page for that system opens.

2.15. Add an image-based system to a workspace
Copy link

Add an image-based RHEL system to a workspace to organize and manage systems according to your environment requirements.

Prerequisites

  • You have created a workspace in inventory.

  • You are logged in to the Hybrid Cloud Console as a user who is an Organization Administrator (member of the Default admin access group) or who has one of the following roles:

    • Workspace administrator
    • RHEL administrator
    • RHEL operator
    • inventory:groups:write and inventory:groups:read permissions for that particular workspace

Procedure

  1. On the Hybrid Cloud Console, navigate to InventoryWorkspaces and select a workspace.
  2. Click Add systems. The Add systems dialog box displays.
  3. Use the filters to locate the system you want to add.
  4. Select the checkbox next to the name of the system you want to add.
  5. Click Add systems. The console responds with a success message.
  6. Click Refresh to view the system in the workspace.

2.16. Delete systems from inventory
Copy link

Remove obsolete or decommissioned systems from inventory to maintain an accurate record of your active infrastructure.

Use the following procedure to remove obsolete or decommissioned systems from inventory.

Important

Deleting a system removes it from ALL console.redhat.com applications and services.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is a member of a User Access group with the Inventory Hosts administrator role.

Procedure

  1. On the Hybrid Cloud Console, navigate to InventorySystems.
  2. Check the box to the left of the systems that you want to remove.
  3. Click the Delete button to the right of the filter. A Delete from Inventory confirmation dialog box is displayed.
  4. Click Delete to confirm this action.

Results

A message box is displayed in the upper right corner of the screen, stating that the delete operation initiated. When the deletion is complete, a message box confirms that the deletion was successful.

Note

A system might reappear in inventory if data collectors are uploading data from systems that are still registered and subscribed. Refer to the documentation for the specific data collector(s) to determine how to permanently unregister or unsubscribe.

Manage user permissions to control access to Red Hat Lightspeed applications. Use the User Access feature to apply role-based access control (RBAC). Red Hat provides predefined groups and a set of predefined roles to make it easier for Organization Administrators to assign, restrict, and remove user permissions to Red Hat Lightspeed.

3.1. User Access overview
Copy link

Understand how the role-based access control (RBAC) User Access feature of the Red Hat Hybrid Cloud Console manages user permissions through roles instead of individual user assignments. User Access simplifies permission management by assigning specific permissions to roles, which can then be assigned to user groups.

You can also create custom groups and roles to provide more fine-tuned control over specific features of Red Hat Lightspeed to suit the needs of your organization.

If you are an Organization Administrator, you can use the User Access feature under Identity & Access Management in the Hybrid Cloud Console to:

  • Control user permissions and organize roles.
  • Create groups that include roles and their corresponding permissions.
  • Assign users to these groups, allowing them to inherit the permissions associated with their group’s roles.

3.2. Predefined groups in User Access
Copy link

Understand the two predefined groups available in User Access: Default access and Default admin access. Create custom groups to align permissions with specific personas, job functions, or teams in your organization.

The Default access group
By default, the Default access group is assigned many granular predefined roles, so that group members have basic visibility. Because all users in your organization are members of the Default access group, they inherit all permissions assigned to that group. The Default access group is automatically updated by Red Hat.
Important

If your Organization Administrator modifies the Default access group, for example, by removing roles to restrict access to specific applications or to use the consolidated roles, the group is automatically renamed to Custom default access. Once converted, this group is no longer automatically updated by Red Hat.

The Default admin access group
The Default admin access group contains only users who have Organization Administrator permissions. This group is automatically maintained, and users and roles in this group cannot be changed.

The Default admin access group includes many (but not all) predefined roles that provide update and delete permissions. The roles in this group usually include administrator in their names.

Tip

For a list of explicitly defined roles that are included in the Default access and Default admin access groups, log in to the Hybrid Cloud Console, go to Groups and select the respective group.

3.3. Predefined roles assigned to groups
Copy link

Understand how predefined roles in Red Hat Hybrid Cloud Console bundle permissions across multiple Red Hat Lightspeed applications to align with common user personas. Use predefined roles to reduce administrative effort, or create custom roles for more fine-tuned control over specific features.

The predefined roles are a starting point to help you to control and manage user permissions. You can then use these roles to create custom roles that are tailored to your specific use cases and organization. For example, you can use the predefined granular roles to create custom roles that provide more fine-tuned control over specific features of Red Hat Lightspeed.

By default, Red Hat provides a set of consolidated roles and a set of granular roles in the Red Hat Hybrid Cloud Console User Access UI. The consolidated roles significantly reduce the administrative effort required to manage user permissions, while the granular roles provide more fine-tuned control over specific features of Red Hat Lightspeed.

You can use the predefined consolidated and granular roles in User Access simultaneously, but using consolidated roles can significantly reduce the administrative effort.

Select from the predefined consolidated roles library

The Red Hat Hybrid Cloud Console provides three predefined, consolidated User Access roles to help you manage user permissions to Red Hat Lightspeed applications and services that run on registered Red Hat Enterprise Linux systems. These roles help simplify how the Organization Administrator creates groups and permissions for various levels of access to the Red Hat Lightspeed services. If you want to reduce the administrative effort required to manage user permissions and your use case aligns with the permissions included in these roles, select from the consolidated roles library.

The consolidated roles are as follows:

RHEL viewer: The RHEL viewer role provides users visibility without the ability to make changes. It allows read-only access to Red Hat Lightspeed. You can view system configurations, compliance reports, inventory data, patch information, vulnerabilities, and overall resource states and activities. The only action permitted with this role is to generate activation keys.

RHEL operator: The RHEL operator role allows active management of your Red Hat Lightspeed environment. With this role, you can edit system configurations, inventory details, policies, and notification/integration settings. The RHEL operator role allows many of the RHEL administrator role functions, but it is restricted from editing compliance policies, content source templates, policies, or tasks. In addition, the RHEL operator role cannot execute remediation plans.

RHEL administrator: The RHEL administrator role provides comprehensive administrative privileges across your RHEL systems and Red Hat Lightspeed. With this role, you can manage system configurations, inventory, compliance policies, notifications, patch management, remediations, malware detection, and advisor recommendations. The role can also view and modify all vulnerability settings.

Important

To use the consolidated roles effectively, you might need to remove the granular RHEL roles from the Default access group to prevent permission conflicts. This action automatically changes the name of the predefined Default access group to Custom default access group, after which, it is no longer automatically updated by Red Hat.

See Predefined User Access roles for a list of the roles included in the Default admin access group and a reference table that lists most of the predefined groups and roles that are available in the Red Hat Hybrid Cloud Console and the permissions included in each role.

Granular roles
The granular roles are specific roles for individual services that allow for fine-tuned control over specific features of Red Hat Lightspeed, for example, Inventory Hosts administrator or Compliance viewer. If you want to have more control over specific features of Red Hat Lightspeed and your use case does not align with the permissions included in the consolidated roles, use the granular predefined roles.
Tip

Across the Red Hat Lightspeed product documentation, the Prerequisites section for each procedure lists which predefined roles provide the permissions needed to use the features in that procedure. For example, if a procedure requires permissions to create and view remediations, the Prerequisites section for that procedure lists the Remediations user or other valid role as a recommended predefined role to use for that procedure.

3.4. Check your permissions
Copy link

Verify your current permissions and the roles or groups assigned to you in the Red Hat Hybrid Cloud Console. Check your permissions to troubleshoot access issues or understand your level of access to Red Hat Lightspeed applications.

Note

Only users with the Organization Administrator role can view the permissions of other users in the User Access settings and manage user permissions to Red Hat Lightspeed services. For more information, see the Configure user permissions section.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console.

Procedure

  1. In the Hybrid Cloud Console, click the Settings icon (⚙), then navigate to My User Access.
  2. Optional: If you require additional permissions, use the Red Hat Hybrid Cloud Console Virtual Assistant to ask "Contact my Organization Administrator". The assistant sends an email to the Organization Administrator on your behalf.

Results

All of the applications that you have permissions to access are listed on this page and are grouped by product, for example, RHEL, OpenShift Container Platform, and Ansible Automation Platform.

You can also filter your permissions by application, for example, by advisor, cost management, inventory, and remediations.

3.5. Configure user permissions
Copy link

If you are an Organization Administrator, you can view and manage user permissions for all users in your organization. Control access to Red Hat Lightspeed and other Red Hat Hybrid Cloud Console services through the User Access interface.

Important

If you are not an Organization Administrator, you will be unable to complete this task. However, you can check your own permissions for different applications by navigating to My User Access. Contact your Organization Administrator to request more permissions.

Prerequisites

  • You have logged in to the Red Hat Hybrid Cloud Console as an Organization Administrator, or you have the required administrator User Access role permissions.

Procedure

Results

From here, you can create and manage:

  • Roles to determine permissions to Red Hat Lightspeed services and features
  • Groups to include one or more roles to align with a specific persona, job function, or team in your organization
  • Users and their assignment to groups to inherit permissions from the roles assigned to those groups

Understand the predefined roles that control access to the inventory service of Red Hat Lightspeed. Use these role definitions to assign appropriate permissions to users based on their responsibilities.

The following roles enable standard or enhanced access to inventory features:

Expand
Table 3.1. Permissions provided by the User Access roles
User Access roleGrants permissions to …​Included in the Default access group

Inventory administrator

Do any available operations against any Inventory resource:

  • inventory:*:

(* denotes all permissions on all resources)

 

Inventory Hosts administrator

Read and edit Inventory Hosts data:

  • inventory: hosts: write and inventory: hosts: read
 

Inventory Hosts viewer

Read Inventory Hosts data:

  • inventory: hosts: read

X

RHEL administrator

Do any available operations against any Inventory resource:

  • inventory:*:*
 

RHEL operator

  • Do everything that a RHEL viewer can do,for example, read inventory data:

    • inventory: hosts: read
  • Edit system configs, inventory, policies, notifications, and integrations.
  • View compliance reports, patch info, malware detections, and recommendations.
  • Create remediation plans, manage stale data, and change vulnerability settings.
Note

The RHEL operator role is restricted from editing compliance policies, content source templates, policies, or tasks. Also, the RHEL operator role cannot execute remediation plans.

 

RHEL viewer

  • Read all available data across Red Hat Lightspeed services and features, for example:

    • inventory:*: read
  • View system configs, compliance reports, inventory data, patch info, vulnerabilities, and more to observe the state of resources or activities.
Note

Cannot perform actions other than generating activation keys.

 

Workspaces administrator

Read and edit Workspaces data:

  • inventory: groups: write and inventory: groups: read
 

Workspaces viewer

Read Workspaces data:

  • inventory: groups: read

X

Control workspace access with custom User Access roles that define permissions for specific workspaces. Workspaces group systems by location, department, or purpose, with each system belonging to only one workspace, ensuring users access only relevant systems.

Workspaces support role-based access control (User Access) to restrict system visibility and management based on user roles and group membership. Use User Access settings to set custom permissions on workspaces according to user role.

Workspace access roles

You can create and modify a workspace if you are an Organization Administrator or your user account is a member of a group with at least the following role permissions:

  • Workspace administrator - This role is automatically included in the Default access group and cannot be removed from it. However, users with this role can modify any workspace. Provide this role only to those users who are entitled to access the entire system inventory.

  • RHEL administrator

    Note

    To use workspaces and the User Access feature to restrict access to specific systems, that user must either have Default admin access, or have both the Workspace administrator and the User Access administrator roles.

Workspace-level permissions

Workspace users have group-level User Access permissions. A user cannot view the systems inside the workspace without inventory:hosts:read permissions. Custom permissions include the following:

  • inventory:groups:read

    • View workspace details page

  • inventory:groups:write

    • Rename the workspace
    • Add systems to the workspace
    • Remove systems from the workspace
System-level permissions

Systems users have system-level User Access permissions. They can perform the following workspace operations:

  • inventory:hosts:read

    • View all the systems in the workspace and their details, or view the Ungrouped Hosts system-generated workspace
    • View information about the systems for other Red Hat Lightspeed services

  • inventory:hosts:write

    • Rename the system
    • Delete the system
Managing user access to workspaces
If you do not have access to workspaces, when you go to the Inventory > Workspaces page, you will see the message Workspace access permissions needed.

Be aware that you can still view the workspace name assigned to the system for which you have read access, even if you do not have access to the workspace itself. To view the workspace that contains the system, you need to have at least the Workspaces Viewer role, the RHEL viewer role, or have Workspace view permissions assigned. Before making changes in the User Access settings UI, review the list of known limitations in the User Scenarios section of the documentation.

Inventory permissions

The four inventory permissions available for workspace access include:

  • inventory:hosts:read - Allows users to view systems (needed to view systems both inside and outside the workspace).
  • inventory:hosts:write - Allows users to rename or delete systems.
  • inventory:groups:read - Allows users to view workspaces and general information (not including systems in them).
  • inventory:groups:write - Allows users to edit workspace membership (add and remove systems from workspaces).
Example access scenarios

The following examples describe different access patterns for workspace permissions:

  • To allow users to only see systems in specific workspaces, but to not see systems that do not belong to any workspaces, select only those workspaces.
  • To allow users to see systems in specific workspaces and any systems that do not belong to any workspaces, select those workspaces for all permissions and select Ungrouped Hosts for inventory:hosts permissions.
  • To allow users to see everything in the inventory, you do not need to create a custom role.
  • To give a group of system administrators the same access to workspaces A, B, and C, create a single custom role and assign permissions to those three workspaces. However, if you want to give different users access to different workspaces, create a separate custom role for each workspace.

From the User Access view, you can create custom roles that define specific workspace access permissions for users.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is an Organization Administrator or who has User Access administrator permissions.
  • You have created at least one workspace and added systems to it.

Procedure

  1. On the Hybrid Cloud Console, navigate to User AccessRoles. The Identity & Access Management main page displays.
  2. Click Create role. The Create Role wizard displays.

  3. Select whether you want to create a new role, or copy an existing role.

    1. To create a new role, select create a role from scratch.
    2. To copy an existing role, select Copy an existing role. A list of roles is displayed. Select the role you want to copy, and then click Next.
  4. Name the new role. You can optionally add a description.
  5. Click Next. The Add permissions page displays.
  6. The Applications filter displays by default. Click the Filter by application drop-down and select inventory to display all the available inventory permissions.

  7. Select the inventory permissions that you need. Here are some examples:

    1. To give a user full access to the workspace and all systems in that workspace, select all four permissions.
    2. To give a user full access to the systems inside a workspace without granting workspace editing access, select inventory:hosts:read, inventory:hosts:write, and inventory:groups:read, but do not select inventory:groups:write.
    3. To give a user full access to the Ungrouped Hosts workspace, select all four permissions.
  8. Click Next. The Define workspace access page displays.
  9. Click the drop-down arrow next to each permission in the list, and then select the workspaces you want to apply to those permissions. You must select at least one workspace for each permission.
  10. Click Next. The Review details page displays.
  11. Review the permissions for the custom role and click Submit.

Next steps

  • Repeat this process for each workspace or for each group of users that requires specific workspace access.

3.7.2. Assign custom User Access roles to users
Copy link

Create a User Access group and assign custom workspace roles to users by adding them as group members.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is an Organization Administrator or who has User Access administrator permissions.
  • You have created a custom User Access role for workspaces.

Procedure

  1. At the top right of the screen, click the Settings icon (⚙), and then click User Access.
  2. In the left navigation menu, click User Access > Groups.
  3. Click Create group. The Create group wizard displays the Name and description page.
  4. Add a group name. If desired, add a description for the group.
  5. Click Next. The Add roles page displays.
  6. Select the custom role you created, and then click Next. The Add members page displays.
  7. Select the users to whom you want to assign the custom role.
  8. Click Next. The Add service accounts page is displayed.
  9. Optional: If you want to assign a service account or accounts to the selected users, select one or more service accounts from the list.
  10. Click Next. Review the details of your selections and click Submit.

Next steps

Repeat this procedure for each custom role that you want to assign to one or more users.

Remove the Inventory Hosts administrator role from the Default access group to enforce workspace restrictions defined in custom roles. Without this step, all users retain full inventory access through the Default access group regardless of custom role assignments.

The Default access group assigns the Inventory Hosts administrator role to all organization users by default, granting permissions to view and edit all hosts.

After you create and assign a custom role, all users in your organization still have unrestricted access to inventory because they still have the Inventory Hosts administrator role assigned. Default access group permissions apply in addition to custom role permissions.

To restrict the default permissions whereby all users can view and edit all hosts, edit the Default access group to remove the Inventory Hosts administrator role.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is an Organization Administrator or who has User Access administrator permissions.
  • You have created custom User Access roles for workspace access.
  • You have assigned custom roles to users or groups.

Procedure

  1. At the top right of the screen, click the Settings icon (⚙), and then click User Access.
  2. In the left navigation menu, click User Access > Groups. The list of User Access groups displays.
  3. Click the Default access group. The list of roles displays.
  4. Select the checkbox for the Inventory Hosts administrator role.
  5. Click the options icon (⋮) at the far right of the row. The Remove role option is displayed.
  6. Click Remove role. The Remove role dialog box is displayed.
  7. Click the Remove role button. If you have never edited the Default access group before, a warning message displays.
  8. Select the I understand, and I want to continue checkbox, and then click Continue.

Verification

After you have finished configuring access, specific users within your organization have full inventory access, and others have limited inventory access based on their assigned custom roles.

Create a User Access group with Inventory Hosts administrator permissions for users who need full access to all systems after removing the role from the Default access group.

After you edit the Default access group to remove the Inventory Hosts administrator role, you might want to create a User Access group of users who should have Inventory Hosts administrator permissions.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is an Organization Administrator or who has User Access administrator permissions.
  • You have removed the Inventory Hosts administrator role from the Default access group.

Procedure

  1. On the Hybrid Cloud Console, navigate to User AccessGroups, which you will also find under the Settings icon (⚙).
  2. Click Create group. The Create group wizard is displayed.
  3. Add a name for the group. If needed, add a description.
  4. Click Next. The Add roles page displays.
  5. Select the Inventory Hosts administrator role from the list of roles.
  6. Click Next. The Add members page displays.
  7. Select the users to whom you want to assign the role.
  8. Click Next. The Add service accounts page is displayed.
  9. Optional: If you want to assign a service account or accounts to the selected users, select one or more service accounts from the list.
  10. Click Next. The Review details page displays.
  11. Review the details of your selections, and click Submit.

3.8. User scenarios
Copy link

Workspace access control supports two common organizational needs: isolating infrastructure between multiple IT teams, and restricting users to ungrouped systems only. Understanding these patterns and their limitations helps you to plan effective workspace configurations.

Use custom User Access roles to restrict users to viewing only the systems in specific workspaces while preventing them from accessing other workspaces or ungrouped systems in your organization.

3.8.1. Common workspace access patterns
Copy link

Organizations typically implement workspace access control in two scenarios:

Multiple teams managing separate infrastructure
Different IT teams manage distinct sets of systems and should not access each other’s infrastructure. Each team gets its own workspace with restricted access.
Restricted access to ungrouped systems
Users need access to systems in a specific workspace but should not view ungrouped systems that appear in the Default workspace.

3.8.2. Known limitations
Copy link

  • Users who are Organization Administrators (members of the Default admin access group) will always have full access to systems and workspaces.
  • A user without permission on the system will not be able to add it to a Remediation. However, if an existing Remediation with active systems was created in the past, the user will still be able to run it, even if the permissions have been removed on that system for the current user.
Note

Before enabling workspaces in your organization, review your Notifications configuration to ensure that only appropriate groups of users receive Email notifications. If you do not review your Notifications configuration, users might receive alerts triggered by systems outside of their workspace permission scope.

Create separate workspaces and custom User Access roles to isolate system access between different IT teams in your organization. This ensures each team can only view and manage their own assigned systems.

This procedure outlines a scenario for when you might need to configure separate workspace access for multiple IT teams. In this scenario, two different IT teams working for the same company share the same Red Hat Lightspeed organization within their Red Hat account.

Each IT team must have complete control of their systems on the Red Hat Hybrid Cloud Console, but should not be able to see or modify the systems belonging to the other team. All users within the same team have the same level of access on both their workspaces and their systems. Access levels can be adjusted as needed.

Regular users of both IT teams will not be able to see or modify systems that are not part of any workspaces. Organization Administrators, or anyone with Workspace administrator and Inventory Hosts administrator roles, have access to the entire inventory. Any other users without those roles cannot access the entire inventory.

By default, Organization Administrators (who are members of the Default admin access group) on the Red Hat Hybrid Cloud Console always have read and write access to all workspaces and read and write access to all systems, regardless of how permissions are defined for the workspace objects and systems assigned to them.

These users are the only ones who can configure user access for workspaces. If any regular users need to manage user access, the administrators can grant them Workspace admin and Inventory Hosts admin roles separately.

By default, users who are not Organization Administrators are assigned the Inventory Hosts administrator role from the Default access group. The Default access group gives these users inventory:hosts:read and inventory:hosts:write access across the entire inventory. Those permissions grant read and write permissions on all systems and all workspaces.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is an Organization Administrator (member of the Default admin access group), or who has the RHEL administrator role, or who has both the Workspace administrator and Inventory Hosts administrator roles.
Important

In this scenario, it is assumed that your users all still have access to all systems through the Inventory Hosts administrator role assigned from the Default access group. This role allows users to see all systems, whether or not they are grouped into workspaces. The procedure removes this role to restrict access.

Systems not assigned to any workspace appear in the Ungrouped Hosts workspace. To view them, users need inventory:hosts:read permissions for ungrouped systems, or the Inventory Hosts administrator role. For more information, see Configure Inventory Hosts administrator access.

Procedure

  1. On the Hybrid Cloud Console, navigate to InventoryWorkspaces and click Create workspace to create two separate workspaces:

    • Workspace 1: IT team A - Systems

    • Workspace 2: IT team B - Systems

      Note

      This example shows two workspaces, but you can create as many as you need.

  2. Add systems to the workspaces by clicking in each workspace and selecting Add systems.

  3. To create custom roles for different workspaces, navigate to User AccessRoles, and click Create role:

    1. Name your role. For example, name the role IT team A - Role. Click Next.

    2. Select the permissions to grant for the workspace and its systems:

      • inventory:groups:read
      • inventory:groups:write
      • inventory:hosts:read
      • inventory:hosts:write
    3. Click Next.
    4. Choose the workspaces to which you want to grant the permissions. For example, assign the role IT team A - Role to the workspace IT team A - Systems for each permission.
    5. Click Next.
    6. Review the details of the role and click Submit.
    7. Repeat sub-steps a-f to create a second custom role called IT team B - Role and assign it to the workspace IT team B - Systems.
  4. Optional: To grant your users access to ungrouped systems, edit the custom roles you created in step 3 and add the Ungrouped Hosts workspace to the Group definition of the host permissions.

  5. To create User Access groups to assign the custom roles to users, navigate to User AccessGroups and click Create group. Name the group, select the newly created role, and select the users to whom you want to give the role.

    Note

    For example, two IT groups would have the following permissions: IT team A - user group with IT team A - role, and IT team B - user group with IT team B - role.

  6. To remove the Inventory Hosts administrator role from the Default access group, navigate to User AccessGroups and select the Default access group. Remove the Inventory Hosts administrator role from this group.
  7. Optional: If your users are also members of additional User Access groups, review those groups and remove the Inventory Hosts administrator role from them as needed.

Verification

Once the role has been removed, the User Access controls behave as expected: Users given custom roles to limit their views to certain workspaces and systems only see those workspaces and systems.

Next steps

  • If you have more than two IT groups, you can create as many custom roles and user groups as you need.

    • To grant the same users access to multiple workspaces, select more than one workspace when defining permissions within the same custom role.

3.8.4. Configure access to ungrouped systems only
Copy link

Create a custom User Access role that grants users access to ungrouped systems while restricting access to systems organized in workspaces. This ensures specific teams can manage only systems that are not yet assigned to any workspace.

This procedure outlines a scenario for when you might need to restrict user access to ungrouped systems only. In this scenario, an admin wants to give a group of users access to ungrouped systems, but not to systems in workspaces. Ungrouped Hosts is a system-generated workspace that automatically contains all systems that are not part of any other workspace.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is an Organization Administrator (member of the Default admin access group), or who has the RHEL administrator role, or who has both the Workspace administrator and Inventory Hosts administrator roles.

Procedure

  1. On the Hybrid Cloud Console, navigate to User AccessRoles and click Create role to create a custom role. The Create Role wizard displays.

    1. Set the role name and description and click Next.
    2. Add the inventory:hosts permissions and click Next.
    3. Configure both of the permissions to apply to the Group definition named Ungrouped Hosts. Click Next.
    4. Review the details of the role and click Submit.

  2. Add the custom role to an RBAC group:

    1. After you create the custom role, navigate to User AccessGroups and click Create group to create a User Access (RBAC) group.

    2. Name the group, select the new custom role, and select the users to whom you want to assign this role.

      Note

      These steps only work when the users do not have the Inventory Hosts administrator role assigned from the Default access group. To check this, navigate to User AccessGroups and click the Default access group at the top. If that role is in the group, remove it, because that role gives users access to the whole inventory, including both ungrouped and grouped hosts.

Verification

After you remove the role, the selected set of users only has access to ungrouped systems in your inventory.

Chapter 4. Exporting inventory data
Copy link

Download system inventory lists and data in CSV or JSON format for offline analysis and reporting.

4.1. Export service features and functionality
Copy link

Use the Red Hat Lightspeed export service to export system inventory data to CSV or JSON format for offline analysis, integration with external tools, and custom reporting workflows. Exported files are retained for 7 days.

The export service runs asynchronously in the background, allowing you to continue working while your export request is processed. You can export data by using either the UI or the Export API, and choose between CSV or JSON output formats based on your analysis needs.

The service is available in both the Red Hat Lightspeed UI and through the export service API.

The exported content includes the following information about each system in your inventory:

  • host_id
  • fqdn (Fully Qualified Domain Name)
  • display_name
  • group_id
  • group_name
  • state
  • os_release
  • updated
  • subscription_manager_id
  • satellite_id
  • tags
  • host_type
Note

The export service currently exports information about all systems in your inventory. Support for filters will be available in a future release.

The inventory export service works differently from the export function in other services, such as advisor. Some of the differences are:

  • The inventory export operates asynchronously
  • Exports the entire inventory to one continuous file (no pagination in the export file)
  • Retains generated files for 7 days
  • Uses token-based service accounts for authorization if using the export service API
Important

Your RBAC User Access permissions affect the system information you can export. You must have inventory:hosts:read permission for a system to export system information.

4.2. Inventory data files
Copy link

The inventory export process creates a zip file containing the data file, a README manifest, and metadata about the export operation.

The zip file contains the following files:

id.suffix
The export data file, with the file name format of id.json for JSON files, or id.csv for CSV files. For example: f26a57ac-1efc-4831-9c26-c818b6060ddf.json
README.md
The export manifest for the JSON/CSV file, which lists the downloaded files, any errors, and instructions for obtaining help
meta.json
Describes the export operation — requester, date, Organization ID, and file metadata (such as the filename of the JSON/CSV file)

Export inventory data directly from the Red Hat Lightspeed UI to download system information in CSV or JSON format for offline analysis, reporting, or integration with external tools.

The inventory data export service works differently from the export service for other Red Hat Lightspeed services, such as advisor. The UI export feature initiates the export request and automatically downloads the file to your browser when the export completes.

Prerequisites

  • RBAC permissions for the systems you want to view and export

    • Inventory:hosts:read (inventory:hosts:read * for all systems in inventory)
  • A User Access role for workspaces. For more information about User Access roles, see User access to workspaces.

Procedure

  1. On the Hybrid Cloud Console, navigate to InventorySystems. The list of systems displays.
  2. Click Export next to the options icon (⋮). The drop-down menu displays.
  3. Select Export to CSV or Export to JSON. A status message displays: Preparing export. Once complete, your download will start automatically.

Results

When the download completes, a browser window automatically opens to display the results. If you stay on the Systems page after you request the download, status messages from Red Hat Lightspeed appear with updates on the progress of the export operation.

4.4. Export Service API
Copy link

The Export Service API is an asynchronous REST API that enables programmatic export of inventory data in JSON or CSV format for integration with external tools and automated workflows.

The API supports the GET, POST, and DELETE HTTP methods and offers the following operations:

  • POST /exports — Submit an export request
  • GET /exports — List all exports
  • GET /exports/id — Download a specific export file
  • DELETE /exports/id — Delete a specific export file
  • GET /exports/id/status — Check the status of an export request

The API works asynchronously. You submit a POST /exports request to initiate the export and receive a reply with a unique ID for that export. You can then use that ID to monitor the progress of the export operation with the GET /exports/id/status request. When the generated export is complete, you can download it (GET /exports/id) or delete it (DELETE /exports/id).

Successful requests return the following HTTP response codes:

  • 200 — Success
  • 202 — Successfully deleted (for the DELETE method)

The server retains generated export files for 7 days.

Use the Export Service API to programmatically export inventory data by submitting requests, monitoring progress, and downloading completed files.

Note

Before requesting the exported data file, you must obtain a unique export ID by issuing a POST /exports request. Use this ID in all subsequent operations.

Prerequisites

  • Token-based service account with the appropriate permissions for your systems

  • RBAC permissions for the systems you want to view and export

    • Inventory:hosts:read (inventory:hosts:read * for all systems in inventory)
  • A User Access role for workspaces. For more information about User Access roles, see User access to workspaces.

Procedure

  1. Create a request for the export service, or use this sample request code: 

    {
 "name": "Inventory Export",
 "format": "json",
 "sources": [
     {
       "application": "urn:redhat:application:inventory",
       "resource": "urn:redhat:application:inventory:export:systems"
     }
  ]
}
    Note

    You can request CSV or JSON as your export format.

  2. On the Red Hat Hybrid Cloud Console, navigate to the API documentation page.

    Note

    You can use the API documentation to experiment and run queries against the API before writing your own custom client and/or use the APIs in your automation.

  3. Select POST /exports.
  4. Remove the existing sample code in the Request Body window and paste the request code into the window.
  5. Click Execute. This request initiates the export process. The curl request and server response appear, along with the result codes for the POST operation.
  6. Look for the id field in the server response. Copy and save the string value for id. Use this value for id in your requests.
  7. Optional: Issue the GET /exports request. The server returns the curl request, request URL, and response codes.
  8. Optional: To request the status of the export request, issue the GET /exports/id/status request.
  9. When the export has completed, issue the GET /exports/id request, with the ID string that you copied in place of id. The server returns a link to download the export file (the payload).
  10. Click Download File. When the download completes, a notification message displays in your browser.

  11. Click the browser notification to locate the downloaded zip file.

    Note

    The server retains export files for 7 days.

  12. Optional: To delete exported files, issue the DELETE /exports/id request.

The inventory export service supports exporting data from multiple services in a single request, returning separate files for each service in a ZIP file archive.

You can use the inventory export service for multiple services within the same request, such as inventory and notifications. To request multiple services, include source information for each service that you want to request in your POST /exports request. For example: 

{
  "name": "Inventory Export multiple sources",
  "format": "json",
  "sources": [
    {
      "application": "urn:redhat:application:inventory",
      "resource": "urn:redhat:application:inventory:export:systems",
      "filters": {}
    },
    {
      "application": "urn:redhat:application:notifications",
      "resource": "urn:redhat:application:notifications:export:events",
      "filters": {}
    }
  ]
}

The POST /exports request returns a unique id for each export.

The GET /exports request returns a ZIP file that includes several JSON or CSV files, one for each service that you request.

Use an Ansible playbook to automate the inventory export process. The playbook is a generic playbook for the export service that uses token-based service accounts for authentication.

Procedure

  1. Navigate to the insights-inventory-export GitHub repository.
  2. Download the inventory-export.yml playbook.
  3. Run the playbook. The playbook does everything from requesting the export id, to requesting download status, to requesting the downloaded payload.

Learn about system lifecycle management and configure custom staleness thresholds for your inventory.

5.1. System lifecycle states
Copy link

Systems follow a lifecycle with fresh, stale, and stale warning states based on reporting activity to maintain an accurate inventory.

A system is a Red Hat Enterprise Linux (RHEL) host that is managed by the Red Hat Lightspeed inventory in the Red Hat Hybrid Cloud Console. System activity is automatically monitored by Red Hat. All systems registered with inventory follow a lifecycle that includes the following states: fresh, stale, and stale warning. The state that a system is in depends on the last time it was reported by a data collector to the inventory application. Systems are automatically deleted from inventory if they do not report within a given time frame. The goal of the deletion mechanism is to maintain an up-to-date, accurate view of your inventory.

The following list shows a description of each state:

Fresh

The default configuration requires systems to communicate with Red Hat daily. A system with the status of fresh is active and is regularly reported to the inventory application. The status is reported by one of the data collectors described in section 1.2. Most systems are in this state during typical operations.

Stale

A system with the status of stale has NOT been reported to the inventory application in the last 24 hours. A system can become stale due to inactivity, a lack of updates, disconnection, or decommissioning without proper retirement processes.

Stale warning

A system with the status of stale warning has NOT been reported to the inventory application in the last 30 days. When a system reaches this state, it is flagged for automatic deletion. After a system is removed from inventory, it will no longer appear in the inventory application and Red Hat Lightspeed data analysis results will no longer be available.

The System became stale event highlights potential system maintenance issues. It can automatically trigger actions, such as notifying administrators or initiating the first steps to diagnose and reactivate Red Hat Lightspeed on the system.

5.2. Determining system state in inventory
Copy link

You can determine system state in inventory by using different methods depending on your access level as a viewer or administrator.

There are two ways to determine which state a system is currently in:

  • Viewer access - Users with Inventory Hosts viewer access can view system state on the Systems page by filtering by status.
  • Administrator access - Users with Inventory Hosts administrator access can view system state from the Dashboard and access detailed system information.

5.3. Determine system state using viewer access
Copy link

View system state by filtering the Systems page by status when you have Inventory Hosts viewer access.

If you have Inventory Hosts viewer access, you can view the system state on the Systems page.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is a member of a User Access group with at least the Inventory Hosts viewer role.

Procedure

  1. On the Hybrid Cloud Console, navigate to InventorySystems.
  2. Click the Filter drop-down list, and select Status.
  3. Click the Filter by status drop-down, and choose the states you want to include in your query.
  4. Click Reset filters to clear your query.

View system state from the Dashboard and access detailed system information when you have Inventory Hosts administrator access.

If you have Inventory Hosts administrator access, you can get the system state of any system from the inventory Dashboard.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is a member of a User Access group with the Inventory Hosts administrator role.

Procedure

  1. On the Hybrid Cloud Console, navigate to the Red Hat Lightspeed dashboard page.
  2. Go to the top left of the screen where you can examine the total number of systems that are registered with Red Hat Lightspeed.
  3. After the total number, towards the right side of this value, you will see the number of stale systems and the number of systems to be removed.

  4. Click either:

    • The stale systems link.
    • The systems to be removed link, if applicable.

Results

The inventory page displays with detailed system information.

Modify system staleness and deletion time limits to prevent active offline systems from being deleted.

By default, system states have the following time limits:

  • Systems are labeled stale if they are not reported in one day. A warning icon displays at the top of the Systems page in the Last seen: field.
  • Systems are labeled stale warning if they are not reported within 7 days. In this case, the Last seen: field displays with a warning indicator, indicating the system is at risk of deletion.
  • Systems that are not reported in 30 days are deleted.

There are situations where a system is offline for an extended time period but is still in use. For example, test environments are often kept offline except when testing. Submarines or Internet of Things (IoT) devices can be out of range of communication for extended time periods. You can modify the system staleness and deletion time limits to ensure that systems that are offline but still active do not get deleted. Staleness and deletion settings get applied to all of your systems.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is a member of a User Access group with at least one of the following roles:

    • Organization staleness and deletion administrator
    • RHEL administrator

Procedure

  1. On the Hybrid Cloud Console, navigate to InventorySystem ConfigurationStaleness and Deletion.
  2. Click Edit. The drop-down arrows next to each value are now enabled.

  3. Click the arrow next to the value that you want to change and then select a new value.

    Note

    The system stale warning value must be less than the system deletion value.

  4. Optional: To revert to the default values for the organization, click Reset.

  5. Click Save.

    Note

    Setting the system deletion maximum time to less than the current maximum time deletes systems that have been stale for longer than the new maximum time.

Use the Red Hat Lightspeed Host Inventory API to configure custom staleness and deletion limits for your systems.

When you do not have custom staleness and deletion settings configured for your system, Red Hat Lightspeed uses the default values to determine whether the system is in a stale state, or whether it should be automatically deleted.

Default staleness and deletion limits
By default, if a system has been stale for at least 30 days, it becomes subject to automatic deletion. A scheduled system process runs hourly to automatically delete stale hosts from inventory if they have reached their deletion limit.

5.6.1. System staleness properties
Copy link

Staleness properties define the time intervals between system states and can be customized using the Red Hat Lightspeed API.

Important

Using the Red Hat Lightspeed API to set custom staleness and deletion limits can lead to non-standard outcomes. If you experience unexpected results, revert to the default staleness and deletion limits for your systems.

You can use the Red Hat Lightspeed API to change the length of time allowed between system states by passing a staleness object to the /api//inventory/v1/account/staleness API endpoint.

A staleness object is an API payload (JSON object) that contains values for the system staleness properties. When you change the value of a property, you trigger the change of that property for all systems in your Inventory.

The staleness object contains the following properties:

  • conventional_time_to_stale — the time period of inactivity before stale_warning comes on. Default: 29 hours (104400 seconds).
  • conventional_time_to_stale_warning — the time period showing stale_warning. Default: 7 days (604800 seconds).
  • conventional_time_to_delete — the time remaining before the system is deleted from the database. Default: 30 days (2592000 seconds).

To change the default values by using the Red Hat Lightspeed API, create a custom staleness object and then edit the time value for the property that you want to change.

Important

The time values in the UI for staleness are expressed in days, but times in the API objects are expressed in seconds.

Important

The value of conventional_time_to_stale must be lower than the conventional_time_to_stale_warning. The value of conventional_time_to_stale_warning must be lower than the conventional_time_to_delete value.

5.6.2. Available API operations
Copy link

The Managed Inventory API provides operations to manage custom staleness and deletion values for your system inventory.

The Managed Inventory API offers the following operations:

  • GET /account/staleness — Reads the custom staleness and deletion values set in your system inventory
  • GET /account/staleness/defaults — Returns the default staleness values that are used when custom staleness is not set
  • POST /account/staleness — Set custom staleness and deletion values for your system inventory
  • PATCH /account/staleness — Update your custom staleness and deletion values
  • DELETE /account/staleness — Delete your custom staleness values
Note

The first time you create a custom configuration, use the POST operation to create the configuration. Once you have created a custom configuration, you can use the PATCH operation to change the values. If you remove the configuration with DELETE, the system reverts to the default staleness configuration.

Retrieve default staleness configuration values by using the API Catalog with sample code in your preferred programming language to understand baseline system lifecycle settings.

Prerequisites

  • You have the programming language you want to use (for example, python) installed on your system.
  • You have a service account set up and configured for authentication in the application or system that will be performing the API calls. For more information about authentication, see Configuring Authentication with Red Hat Lightspeed APIs.
  • You have an access token that you obtained from your service account or from an offline access token.
  • You have the staleness:staleness:read RBAC permission.

Procedure

  1. Open the Red Hat Lightspeed API Catalog in a web browser.
  2. Select Managed Inventory from the catalog. The Red Hat Lightspeed Host Inventory REST Interface page displays.
  3. Under the Operations list, click the drop-down arrow next to GET /account/staleness/defaults. The description for the operation includes expected responses from the server. In addition, the panel on the right side of the page generates an example API call for the GET operation in multiple languages.
  4. In the panel, click the drop-down and select the language you prefer (for example, python) from the list of options. The panel displays sample code for the GET operation, formatted in python syntax.

  5. Copy the sample code and paste it into a python code file where you want to call the GET command. For example: 

    import requests

url = "https://console.redhat.com/account/staleness/defaults"

headers = {
   "Authorization": "Bearer <token>",
   "Content-Type": "application/json"
}

response = requests.get(url, headers=headers)

print(response.json())
  6. Paste your access token for authentication in place of <token>.

  7. Run your code. If the server returns a response of 200, your API call was successful. In addition to a successful response and an optional description of the operation, the server returns the data you requested. The response looks similar to the following: 

    {
"id": "system_default",
"org_id": "7931872",
"conventional_time_to_stale": 104400,
"conventional_time_to_stale_warning": 604800,
"conventional_time_to_delete": 1209600,
"created": null,
"updated": null
}
    Tip

    If the code returns a response other than 200, refer to Response Codes to determine how the API call failed and how to remedy the reason for the failure.

Retrieve default staleness configuration values by using the Legacy API documentation interface in the Red Hat Hybrid Cloud Console.

Prerequisites

  • You are logged in to the Hybrid Cloud Console.
  • You have the necessary permissions to perform the queries.
  • You have the staleness:staleness:read RBAC permission.

Procedure

  1. On the Hybrid Cloud Console, navigate to the API documentation page. The API Documentation page displays.
  2. Select Managed Inventory from the list of services. The Detail page displays, and shows the operations you can perform using the https://console.redhat.com/api/inventory/v1 endpoint.
  3. Click the drop-down arrow next to the GET /accounts/staleness/defaults operation. The GET request does not need input, so the list of parameters reads No parameters.
  4. Click Try It Out. The page displays the format of a successful server response.
  5. Click Execute. The page displays a curl request to the server, the request URL, and the server response.
  6. To copy the curl request to the clipboard to reuse later, click the clipboard icon on the right side of the curl request. If needed, paste it into a text editor and save it.
  7. To copy the server response to the clipboard, click the clipboard icon in the top right corner. If needed, paste it into a text editor and save it.

  8. To download the server response as a JSON file, click Download.

    Note

    If the server returns a response of 403 or another unsuccessful response, check to make sure you have the correct RBAC permissions and try the request again.

    Optional: To clear the server response and retry the command, click Clear.

Create custom staleness configuration values by using the API Catalog to define when systems move to stale, warning, or delete states.

Prerequisites

  • You have the programming language you want to use (for example, python) installed on your system.
  • You have a service account set up and configured for authentication in the application or system that will be performing the API calls. For more information about authentication, see Configuring Authentication with Red Hat Lightspeed APIs.
  • You have an access token that you obtained from your service account or from an offline access token.
  • You have the staleness:staleness:write User Access permission.

Procedure

  1. Open the Red Hat Lightspeed API Catalog in a web browser.
  2. Select Managed Inventory from the catalog. The Red Hat Lightspeed Host Inventory REST Interface page displays.
  3. Click the drop-down arrow next to the POST /account/staleness operation. The description for the operation includes parameters you can use to refine your API call and expected responses from the server. In addition, the panel on the right side of the page generates an example API call for the POST request in multiple languages.
  4. In the panel, click the drop-down and select the language you prefer (for example, python) from the list of options. The panel displays sample code for the POST request, formatted in python syntax.

  5. Copy the sample code and paste it into a python code file where you want to call the POST request. For example: 

    import requests

url = "https://console.redhat.com/account/staleness"

payload = {
      "conventional_time_to_delete": 1,
   "conventional_time_to_stale": 1,
   "conventional_time_to_stale_warning": 1,
}
headers = {
   "Authorization": "Bearer <token>",
   "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.json())
  6. Add the custom staleness times you want to use in seconds in place of the values of 1 shown in the sample. Remember that a value of 1 in the API equals one second, not one day.
  7. Paste your access token for authentication in place of <token>.
  8. Run your code.

Results

If the server returns a response of 201, your API call was successful.

Create custom staleness configuration values by using the Legacy API documentation to control system state transitions in inventory.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console as a user who is an Organization Administrator (member of the Default admin access group) or who has at least the staleness:staleness:write User Access role permission.

Procedure

  1. On the Hybrid Cloud Console, navigate to the API documentation page. The API Documentation page displays.
  2. Select Managed Inventory from the list of services. The Detail page displays, and shows the operations you can perform using the link:https://console.redhat.com/api/inventory/v1 endpoint.
  3. Click the drop-down arrow next to the POST /accounts/staleness operation.
  4. Click Try It Out. The page displays the format of a successful server response.
  5. Add custom staleness values in place of the number 1 for each parameter in the request body. Remember that the value of 1 in the API equals 1 second, not 1 day.
  6. Click Execute. The page displays a curl request to the server, the request URL, and the server response.
  7. To copy the curl request to the clipboard, click the clipboard icon on the right side of the curl request.
  8. To copy the server response to the clipboard, click the clipboard icon in the top right corner.

  9. To download the server response as a JSON file, click Download.

    Note

    If the server returns a response of 403 or another unsuccessful response, check to make sure you have the correct RBAC permissions and try the request again.

    Optional: To clear the server response and retry the command, click Clear.

Chapter 6. Workspaces
Copy link

Workspaces can group your systems for easier management, filtering across applications, and user access control. Using workspaces can help enhance your operational efficiency and security.

6.1. Workspace characteristics
Copy link

Workspaces in Red Hat Lightspeed organize systems based on criteria such as environment, application, or team ownership to streamline workflows and control access.

In Red Hat Lightspeed, workspaces are only for systems. By assigning systems to specific workspaces, you streamline workflows and ensure that users have access only to the systems relevant to their roles. Systems that are not assigned to a specific workspace are automatically grouped within the Ungrouped Hosts workspace.

6.2. Workspace limits and restrictions
Copy link

Workspace limits and restrictions include a 120-workspace maximum per organization, naming conventions, and structural rules that ensure efficient system organization and access control.

6.2.1. Organization workspace limit
Copy link

  • Each organization can create up to 120 workspaces.

    • This limit includes both workspaces with systems and empty workspaces.
    • If you reach this limit, you cannot create additional workspaces until you free up capacity by deleting existing workspaces.
    • The default Ungrouped Hosts workspace does not count toward this limit.

6.2.2. Workspace naming restrictions
Copy link

  • Names can consist of lowercase letters, numbers, spaces, hyphens (-), and underscores (_).
  • Names must be unique within your organization.

6.2.3. Workspace structure restrictions
Copy link

  • Workspaces cannot be nested.

6.2.4. System assignment restrictions
Copy link

  • Each system can belong to only one workspace at a time.
  • Systems that are not assigned to a workspace are automatically grouped in the Ungrouped Hosts workspace.

6.3. Create a workspace
Copy link

On the Red Hat Hybrid Cloud Console, you can create a workspace to organize systems by environment, team ownership, application type, or geographical location. This enables you to filter system views across applications, control user access to specific systems, and streamline operational workflows.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is an Organization Administrator (member of the Default admin access group) or who has one of the following roles:

    • Workspace administrator
    • RHEL administrator
    • RHEL operator
Important

Each organization can create up to 120 workspaces. If you reach this limit, an error occurs, and you must delete existing workspaces before creating new ones. For more information, see Workspace limits and restrictions.

Procedure

  1. On the Hybrid Cloud Console, navigate to InventoryWorkspaces.
  2. Click Create workspace. The Create workspace dialog box is displayed.
  3. Type a name for the workspace in the Workspace name field. Names can consist of lowercase letters, numbers, spaces, hyphens (-), and underscores (_).
  4. Click Create. The new workspace is displayed in the list of workspaces.

Create a new workspace and add a system to it in a single operation from the Inventory Systems page to quickly organize a specific system without creating the workspace separately first.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is an Organization Administrator (member of the Default admin access group) or is a member of a group that has one of the following roles:

    • Workspace administrator
    • RHEL administrator
    • RHEL operator
    • inventory:groups:write and inventory:groups:read permissions for that particular workspace

Procedure

  1. On the Hybrid Cloud Console, navigate to InventorySystems. The list of systems in your inventory is displayed.
  2. Locate the system that you want to add.
  3. Click the options icon (⋮) on the far right side of the system listing.
  4. Select Add to workspace from the menu. The Add to workspace dialog box displays.
  5. Click Create a new workspace. The Create workspace dialog box displays.
  6. Type a name for the new workspace in the Name field and click Create. The Inventory page is displayed and shows a status (success or failure) message.

6.5. Add systems to an existing workspace
Copy link

Add systems to an existing workspace in the Red Hat Hybrid Cloud Console to organize them by team, environment, or application and to also control user access to those systems.

Note

Each system can belong to only one workspace. To move a system to a different workspace, you must first remove it from its current workspace and then assign it to the new workspace.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is an Organization Administrator (member of the Default admin access group) or who is a member of a group with at least one of the following role permissions:

    • Workspace administrator
    • RHEL administrator
    • inventory:groups:write and inventory:groups:read permissions for that particular workspace

Procedure

  1. On the Hybrid Cloud Console, navigate to InventoryWorkspaces.
  2. Click the name of the group to which you want to add systems.
  3. On the Systems tab, click Add systems. The Add systems dialog box displays and shows the systems available for you to view in inventory.

  4. Select the systems you want to add to the workspace.

    Note

    Make sure that all the systems you have selected are ungrouped, or you will not be able to proceed.

  5. When you have finished selecting systems, click Add systems.

Results

The Workspaces page displays and includes the systems you added to the workspace.

6.6. Remove systems from the workspace
Copy link

On the Hybrid Cloud Console, you can remove systems from a workspace when they no longer belong to that group. Removed systems automatically move to a workspace named Ungrouped Hosts.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is an Organization Administrator (member of the Default admin access group) or who is a member of a group with at least one of the following role permissions:

    • Workspace administrator
    • RHEL administrator
    • RHEL operator
    • inventory:groups:write permissions for that particular workspace

  • Removed systems move to the Ungrouped Hosts workspace. To view them there, you need inventory:hosts:read permissions for ungrouped systems, or the Inventory Hosts administrator role.

    Note

    If you need to grant users these permissions, see Configure Inventory Hosts administrator access.

Procedure

  1. On the Hybrid Cloud Console, navigate to InventoryWorkspaces.
  2. Select the workspace that contains the systems that you want to remove.
  3. Locate the system that you want to remove from the workspace.
  4. Click the More options icon (⋮) on the far right side of the system listing.

  5. Select Remove from workspace from the menu. The Remove from workspace? dialog box displays.

    Note

    To remove multiple systems from the workspace at once, select each system you want to remove, and then select Remove from workspace from the More options menu (the options icon (⋮)) in the toolbar.

  6. Click Remove.

Results

The Workspaces page displays and shows the updated workspace with a success or failure status message.

6.7. Rename the workspace
Copy link

On the Hybrid Cloud Console, you can rename a workspace to better reflect its purpose, such as when team ownership changes or system groupings are reorganized.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is an Organization Administrator (member of the Default admin access group) or who has one of the following roles:

    • Workspace administrator
    • RHEL administrator
    • RHEL operator
    • inventory:groups:write permissions for that particular workspace

Procedure

  1. On the Hybrid Cloud Console, navigate to InventoryWorkspaces.
  2. Click the Workspace actions drop-down menu in the upper right corner of the Workspaces page.
  3. Select Rename from the drop-down menu. The Rename workspace dialog box displays.
  4. Type the new name into the Name field, and click Save.

Results

The Workspaces page shows the renamed workspace in the list of workspaces.

6.8. Delete the workspace
Copy link

On the Hybrid Cloud Console, you can delete a workspace when you no longer need it to organize systems. This helps you manage workspace capacity and stay within the organization limit.

Note

Before you delete a workspace, make sure that the workspace does not contain any systems. You can only delete empty workspaces. If you attempt to delete a workspace that still contains systems, Red Hat Lightspeed returns a warning message.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is an Organization Administrator (member of the Default admin access group) or who has one of the following roles:

    • Workspace administrator
    • RHEL administrator
    • RHEL operator
    • inventory:groups:write permissions for that particular workspace

Procedure

  1. On the Hybrid Cloud Console, navigate to InventoryWorkspaces.
  2. Click the options icon (⋮) on the far right side of the listing for the workspace you want to delete.
  3. Select Delete from the menu. The Delete workspace dialog box displays.
  4. Select the checkbox to acknowledge that the delete operation cannot be undone. Click Delete.

Results

The Workspaces page shows an updated list of workspaces and a status (success or failure) message.

Note

You can also delete the workspace from within the page for the workspace itself. Navigate to the workspace and click the Actions drop-down menu and then select Delete.

6.9. Troubleshoot workspace creation errors
Copy link

On the Hybrid Cloud Console, you might encounter errors when creating workspaces, such as workspace limit errors, permission issues, or duplicate name conflicts. Use this procedure to diagnose and resolve these errors.

Common workspace creation errors include:

  • Workspace limit reached: Your organization has reached the maximum limit of 120 workspaces. Free up capacity by deleting empty workspaces, merging similar workspaces, or removing systems before deletion.
  • Permission errors: You do not have the required permissions to view or create workspaces. Contact your organization administrator to request the Workspace administrator role.
  • Duplicate name errors: Workspace names must be unique within your organization. Choose a different name that consists of lowercase letters, numbers, spaces, hyphens (-), and underscores (_).

Procedure

  1. If you see "Failed to create workspace" or "Workspace limit reached (120/120)", free up workspace capacity by using one of the following methods:

    • Delete empty workspaces: On the Hybrid Cloud Console, navigate to InventoryWorkspaces, identify workspaces that contain no systems, and delete the ones you no longer need. For details, see Deleting workspaces.
    • Merge workspaces: Review your existing workspaces to identify those with similar user groups and role bindings. Move systems from many workspaces into a single workspace and delete the now-empty workspaces.

    • Remove systems before deleting: Before deleting a workspace that has systems, remove the systems from the workspace or move them to another workspace. Systems removed from a workspace automatically move to the Ungrouped Hosts workspace.

      After you delete one or more workspaces, retry creating the new workspace.

  2. If you see "Workspace access permissions needed", contact your organization administrator to request the Workspace administrator role. For details about workspace permissions, see User access to workspaces.
  3. If you see an error that a workspace name already exists, choose a different name for your workspace.

Configure email and integration notifications to receive alerts when inventory events that you are interested in occur in your organization.

7.1. Inventory event types
Copy link

The inventory service triggers event types for validation errors, system registration, deletion, and staleness changes.

7.1.1. Event types
Copy link

The four inventory service events are as follows:

Validation error

When data in a payload from insights-client is not valid (corrupted data, incorrect values, or other issues) a Validation error event is triggered. The validation process includes the following steps:

  • insights-client runs on the system and generates a payload.
  • insights-client uploads the payload to the Hybrid Cloud Console.
  • The Hybrid Cloud Console receives the payload and validates it. The validation event triggers at this step. A validation error means that the payload cannot be processed, and that the console and Red Hat Lightspeed services cannot use its data.
New system registered
When you register a new system in inventory, a New system registered event is triggered.
System deleted
When a system is removed from inventory (either manually or when it becomes stale and Red Hat Lightspeed automatically removes it), a System deleted event is triggered.
System became stale

When a system changes state from active to inactive (stale),a System became stale event is triggered. The Hybrid Cloud Console and Red Hat Lightspeed scan for system staleness every hour, and trigger staleness events for inactive systems. By default, Red Hat Lightspeed marks a system as stale if it remains inactive for 1 day. If the system remains inactive for 30 days, Red Hat Lightspeed marks the system as stale warning and schedules it for deletion.

A system can become stale due to inactivity, a lack of updates, disconnection, or decommissioning without proper retirement processes. This event indicates potential system maintenance issues.

7.1.2. Notifications
Copy link

You can configure notifications for these events using the Notifications service in the Red Hat Hybrid Cloud Console. The Notifications service enables you to configure responses to these events for your account. You can send email notifications to groups of users, or you can forward events to third-party applications, such as Splunk, ServiceNow, Event-Driven Ansible, Slack, Microsoft Teams, or Google Chat. You can also forward notifications, using a generic webhook with the Integrations service.

Note

To receive Notifications emails, users must subscribe to email notifications in their user preferences. Users may choose to receive each email notification individually, or they may subscribe to a daily digest email.

The New system registered, System became stale, and System deleted events are particularly useful for driving automation, and for integrating Red Hat Lightspeed into your operational workflows. For example, you can configure these events to automatically launch compliance or malware checks, validate systems assignments to Workspaces, update external CMDB records, or continuously monitor your RHEL environment.

Configure behavior groups to receive notifications when inventory events occur across your organization.

Note

Make sure that you configure third-party system integrations in the Red Hat Hybrid Cloud Console, as well as any behavior groups that should receive inventory notifications. For more information about third-party system integrations, see Integrating the Red Hat Hybrid Cloud Console with third-party applications.

Prerequisites

  • You are logged in to the Hybrid Cloud Console as a user who is a member of a User Access group with at least one of the following roles:

    • Notifications Administrator
    • RHEL administrator

Procedure

  1. On the Hybrid Cloud Console, navigate to SettingsNotificationsConfigure Events.
  2. In the Configuration tab, select the Service filter.
  3. Click Filter by service, and then select Inventory from the drop-down list. The inventory events appear in the list of events.
  4. Select the event type you want to configure (for example, New system registered).
  5. To configure the event type, click the Edit (pencil) icon at the far right of the event type. A drop-down list displays the list of available behavior groups configured in your organization.
  6. Select the checkboxes next to the behavior groups you want to configure for the Inventory event type.
  7. When you have finished selecting behavior groups, click the checkmark next to the list of behavior groups to save your selections.

Configure user email preferences to receive notifications about inventory events such as system registration and deletion.

Note

Make sure to configure email preferences for each user to receive email notifications. For more information about how to set up user preferences, see Configuring user preferences for email notifications.

Prerequisites

  • You are a member of a user group that receives email notifications as part of a behavior group.
  • The behavior group is configured to trigger email notifications for your systems and to send those notifications to the user group to which you belong.

Procedure

  1. On the Hybrid Cloud Console, navigate to SettingsNotification Preferences.
  2. Select Inventory from the list of services. The list of available notifications for Inventory displays.
  3. Click the checkbox next to each type of notification you want to receive, or click Select All to receive all notifications for all Inventory events.

  4. Click Save.

    Note

    Configuring instant notifications might result in a large volume of email messages.

Providing feedback on Red Hat documentation
Copy link

Provide feedback on Red Hat documentation to report issues or request enhancements. Submit detailed feedback through the Red Hat Customer Portal to help improve documentation quality.

Prerequisites

  • You are logged in to the Red Hat Customer Portal.

Procedure

  1. Click the following link: Create Issue
  2. Describe the issue or enhancement in the Summary text box.
  3. Provide details about the issue or requested enhancement in the Description text box.
  4. Type your name in the Reporter text box.
  5. Click the Create button.

Results

This action creates a documentation ticket and routes it to the appropriate documentation team. Thank you for taking the time to give feedback.

Legal Notice
Copy link

Copyright © Red Hat.
Except as otherwise noted below, the text of and illustrations in this documentation are licensed by Red Hat under the Creative Commons Attribution–Share Alike 3.0 Unported license . If you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, the Red Hat logo, JBoss, Hibernate, and RHCE are trademarks or registered trademarks of Red Hat, LLC. or its subsidiaries in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
XFS is a trademark or registered trademark of Hewlett Packard Enterprise Development LP or its subsidiaries in the United States and other countries.
The OpenStack® Word Mark and OpenStack logo are trademarks or registered trademarks of the Linux Foundation, used under license.
All other trademarks are the property of their respective owners.
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Legal Notice

Theme

© 2026 Red HatBack to top