Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Red Hat Lightspeed remediations guide with FedRAMP

Red Hat Lightspeed 1-latest

Fixing issues on Red Hat Enterprise Linux systems by using remediation plans

Red Hat Customer Content Services

Abstract

Create and execute remediation plans to remediate issues on any system registered with Red Hat Lightspeed with FedRAMP®.

Chapter 1. Remediations overview
Copy link

After identifying the highest remediation priorities in your Red Hat Enterprise Linux (RHEL) infrastructure, you can create remediation plans to fix those issues.

1.1. About remediations
Copy link

Remediations enables you to address the following topics on your connected RHEL systems:

  • Advisor recommendations
  • Content advisories
  • Vulnerability CVEs
  • Failed compliance rules found by Red Hat Lightspeed

You can remediate a single issue or a related group of issues by using a pathway in Red Hat Lightspeed. Pathways group multiple advisor recommendations under common actions for better efficiency. For more information, see Remediating pathways.

For some issues, Red Hat Lightspeed provides several different remediation paths.

When you create a remediation plan, Red Hat Lightspeed generates an Ansible Playbook to implement the required remediation actions and apply any required patches on affected systems in your RHEL infrastructure.

Some issues require a manual fix and cannot be resolved by creating a remediation plan. You can determine whether it’s possible to remediate a problem with an Ansible Playbook by checking the Resolution type value of the issue or recommendation.

1.2. Remediation types
Copy link

In Red Hat Lightspeed, an issue or recommendation for remediation can be one of the following two types:

  • Manual: Red Hat Lightspeed provides the manual remediation steps needed to fix or address all issues and recommendations, including whether the system requires a reboot for the remediation to take effect.
  • Playbook: For many issues, Red Hat Lightspeed also provides a pre-built remediation playbook that automates the required resolution steps. You can download the playbook and run it externally in your Ansible Playbooks environment.

1.3. Red Hat Lightspeed remediations workflow
Copy link

You can use the following outline of a remediations workflow to design how you will create and execute a remediation plan.

  • Choose an issue or recommendation

    • Choose an issue or recommendation that Red Hat Lightspeed has detected on one or more of your RHEL systems.

  • Review the recommended resolution path

    • Determine which versions of RHEL are affected and whether or not a playbook is available. You can only create a remediation plan in Red Hat Lightspeed if a pre-built playbook exists.

  • Decide which RHEL systems to remediate

    • After you review the recommended resolution steps and determine if a playbook is available to remediate the issue, choose which systems to include in the plan.

      Important

      To create a remediation plan for a group of systems, you must ensure that all systems in the group are running the same RHEL major and minor versions so that the resolution applied by the Red Hat Lightspeed-generated playbook is compatible.

  • Create a remediation plan

    • The wizard in the Red Hat Lightspeed UI can help you create a remediation plan that you can access from the advisor, compliance, vulnerability, and patch service pages.

      To start the wizard and create a remediation plan, click Plan remediation after you select at least one system and one issue or recommendation for remediation. You can also create a remediation plan from the details page of a system, as long as Red Hat Lightspeed has detected issues that impact the system.

1.4. Prerequisites for remediations
Copy link

To create and execute remediation plans, you must meet the following criteria:

Subscription
Red Hat Lightspeed is included with every RHEL subscription. No additional subscriptions are required to use Red Hat Lightspeed remediation features.
User access role
By default, all Red Hat Lightspeed users automatically have access to read, create, and manage remediation plans.

User Access is the Red Hat implementation of role-based access control (RBAC). Your Organization Administrator uses User Access to configure what users can see and do on the Red Hat Hybrid Cloud Console (the console):

  • Control user access by organizing roles instead of assigning permissions individually to users.
  • Create groups that include roles and their corresponding permissions.
  • Assign users to these groups, allowing them to inherit the permissions associated with their group’s roles.

All users on your account have access to most of the data in Red Hat Lightspeed.

1.5.1. Predefined User Access groups and roles
Copy link

To make groups and roles easier to manage, Red Hat provides two predefined groups and a set of predefined roles:

  • Predefined groups

    The Default access group contains all users in your organization. Many predefined roles are assigned to this group. It is automatically updated by Red Hat.

    Note

    If the Organization Administrator makes changes to the Default access group its name changes to Custom default access group and it is no longer updated by Red Hat.

    The Default admin access group contains only users who have Organization Administrator permissions. This group is automatically maintained and users and roles in this group cannot be changed.

    On the Hybrid Cloud Console navigate to Red Hat Hybrid Cloud Console > the Settings icon (⚙) > Identity & Access Management > User Access > Groups to see the current groups in your account. This view is limited to the Organization Administrator.

  • Predefined roles assigned to groups

    The Default access group contains many of the predefined roles. Because all users in your organization are members of the Default access group, they inherit all permissions assigned to that group.

    The Default admin access group includes many (but not all) predefined roles that provide update and delete permissions. The roles in this group usually include administrator in their name.

    On the Hybrid Cloud Console navigate to Red Hat Hybrid Cloud Console > the Settings icon (⚙) > Identity & Access Management > User Access > Roles to see the current roles in your account. You can see how many groups each role is assigned to. This view is limited to the Organization Administrator.

1.5.2. Access permissions
Copy link

The Prerequisites for each procedure list which predefined role provides the permissions you must have. As a user, you can navigate to Red Hat Hybrid Cloud Console > the Settings icon (⚙) > My User Access to view the roles and application permissions currently inherited by you.

If you cannot access Red Hat Lightspeed because of permissions issues, contact your Organization Administrator or the User Access administrator for your organization.

Additional resources

For more information about user access and permissions, see User Access configuration guide for role-based access control (RBAC) with FedRAMP.

The Remediations user role enables standard or enhanced access to remediations features in Red Hat Lightspeed. The Remediations user role is included in the Default access group and permits access to view existing remediation plans and to create new plans. Remediations users cannot execute remediation plans on systems.

For more information about user access and permissions, see User Access configuration guide for role-based access control (RBAC) with FedRAMP.

If you use Red Hat Ansible Automation Platform (AAP) to view, download, and execute remediation plans, you can configure a token-based service account for use with both Red Hat Lightspeed and AAP. This configuration provides a more secure, scalable, and automation-friendly integration.

In addition, you can view the remediation plans associated with the service account in both Red Hat Lightspeed and AAP.

2.1. About service accounts
Copy link

After you configure the service account and set up User Access in Red Hat Lightspeed, the service account can securely access all remediation plans connected to that service account. You can also view, download, and execute playbooks for remediations from within AAP.

Note

Token-based service accounts replace Basic Authentication, which is no longer supported for connecting to the Red Hat Hybrid Cloud Console and Red Hat Lightspeed APIs.

Additional resources

2.2. Configuring the service account
Copy link

You can create a new token-based service account in the Red Hat Hybrid Cloud Console to integrate with both Red Hat Lightspeed and AAP, or you can select an existing service account.

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console as an Organization administrator.

Procedure

  1. In the Red Hat Hybrid Cloud Console, navigate to Red Hat Hybrid Cloud Console > the Settings icon (⚙) > Service Accounts.

  2. Create a token-based service account, or select an existing service account. For more information about creating service accounts, see Creating a service account.

    Important

    If you create a new service account, make sure to save the Client ID and Client secret to a safe location. If you select an existing service account, ensure that you have access to the Client ID and Client secret.

  3. Create a User Access group to associate to the service account, or assign the service account to an existing User Access group that has the required permissions. For more information about creating User Access groups, see Managing group access with roles and members.

  4. Assign the following permissions to the group, if the group does not already have them. For more information about how to add roles and permissions to a User Access group, see Adding a role to a group.

    • inventory:hosts:read (included in the Inventory Hosts viewer role)
    • patch:*:read* (included in the Patch viewer role)

    • remediations:remediation:read and playbook-dispatcher:run:read (included in the Remediations User role)

      Note

      You can also grant the RHEL viewer role to the service account in the User Access group. The RHEL viewer role includes the correct permissions for inventory:hosts:read and remediations:remediation:read.

      For more information about assigning a service account to a User Access group, see Adding service accounts to a User Access group.

      Note

      If your organization uses Workspaces, ensure that your User Access group has the necessary permissions for full visibility into your inventory in AAP. For more information about workspaces, see Workspaces.

Additional resources

Once you have configured the service account and User Access in the Red Hat Hybrid Cloud Console, you can create credentials in AAP.

Prerequisites

  • The Client ID and Client secret for the service account, which you obtained when you created or selected a service account in the Red Hat Hybrid Cloud Console.
  • Access to the Ansible Automation Platform (AAP) interface.

Procedure

  1. Create a new credential in AAP. The Create credential screen displays. For more information about how to create and configure credentials in AAP, see Creating Red Hat Insights credentials.
  2. In the Credential Type drop-down menu, select Insights as the credential type.
  3. Paste the Client ID and Client secret for the service account into the respective fields in the Type Details section.
  4. Click Create credential.

After you set up the service account in both Red Hat Lightspeed and AAP, you can view the remediation plans associated to the service account in Red Hat Lightspeed.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console as an Organization Administrator.

Procedure

Additional resources

To fix issues that Red Hat Lightspeed identifies for a system or group of RHEL systems in your organization, create a remediation plan.

You can create a remediation plan to fix one or more issues identified by Red Hat Lightspeed for a system or group of RHEL systems in your organization.

To create a remediation plan in Red Hat Lightspeed, you need to do the following:

  1. Find an issue to resolve
  2. Review the recommended remediation steps
  3. Select the systems to remediate

You can create a remediation plan to address recommendations and issues found by the following services of Red Hat Lightspeed:

  • advisor
  • compliance
  • vulnerability
  • patch

The workflow to create a remediation plan is similar for all services in Red Hat Lightspeed that support remediations. For more information, see Red Hat Lightspeed remediations workflow in the Remediations overview section.

Important

Some of the Red Hat recommended solutions for fixing or remediating a problem can only be resolved by applying a manual action, and a playbook to automate the solution might not be applicable or available to run or download. In these instances, the advisor recommendation displays a Remediation type value of Manual.

You can create a remediation plan for any Red Hat Lightspeed recommendations or remedial actions that have a Remediation type value of Playbook.

When you create a remediation plan, Red Hat Lightspeed generates an Ansible Playbook from the built-in play for that issue to implement the required remediation actions and the reboot instructions on the selected host systems.

You can create a remediation plan to address an advisor service recommendations.

The advisor service assesses and monitors the health of your Red Hat Lightspeed infrastructure and provides recommendations to address availability, stability, performance, and security issues. Red Hat Lightspeed detects the systems in your infrastructure that are impacted and provides a set of recommended actions that can help you prioritize and plan how to remediate your systems.

For more information about the Red Hat Lightspeed advisor service, see Assessing RHEL configuration issues using the Red Hat Lightspeed advisor service with FedRAMP.

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console.

    Note

    By default, all Red Hat Lightspeed users have permissions to create remediation plans.

Procedure

  1. Choose a Red Hat Lightspeed advisor service recommendation to remediate:

    1. Navigate to Operations > Advisor > Recommendations.
    2. Review the Recommendations table to see which recommendations are applicable for your systems and whether they have a playbook already created.

    3. Use the search and filtering function in the table to sort the items by Resolution type.

      Important

      Look for recommendations that have a Resolution type of Playbook. You cannot create a remediation plan if the Resolution type is set to Manual.

    4. Click the recommendation name. The full details of the recommendation are displayed, and a list of impacted systems is displayed on the lower part of the page.

  2. Select which systems to include in the remediation plan:

    1. Scroll to view all of the registered RHEL systems that are impacted by the recommendation.

    2. Find the systems to include. If needed, use the search and filter functions in the table. For example, you can use the filtering options to list the affected systems by version.

      Important

      To create a remediation plan for a group of systems, all systems in the group must be running the same RHEL major and minor versions to ensure that the resolution applied by the Red Hat Lightspeed-generated playbook is compatible.

    3. Select at least one system to include in a remediation plan by clicking the checkbox to the left of the system ID.

  3. Create and save the plan:

    1. Click Plan remediation to start the wizard.

    2. Select Create new playbook, and enter a name for the playbook.

      Note

      You can also add this recommendation or the selected systems to an existing remediation plan by choosing Add to existing playbook, and then selecting the plan name from the list presented.

    3. Under Review systems, review the systems included in the plan, and if applicable, clear the checkbox next to any systems that you do not want to include.
    4. Click Next.

    5. Under Review and edit actions, review the resolution steps for the action. Some actions will present different steps that you can choose from in the wizard. Complete one of the following steps:

      • If the action has a choice of methods to remediate:

        • Select Review and/or change the resolution steps for this 1 action, and click Next.
        • Choose one of the step choices, and click Next.
      • If there are no choices to be made and you are satisfied with the actions for this plan, select Accept all recommended resolution steps for all actions, and then click Next.

  4. On the Remediation review pane, review the summary of your remediation plan and use the back button to make changes if needed.

    Note

    If a reboot is required to fix the issue or risk, all systems in the remediation plan will be automatically rebooted. If you prefer to reboot manually after the plan has been executed, toggle the Auto-reboot button accordingly.

  5. Click Submit.

Verification

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Search for your remediation plan in the table and click its name to open the plan.

You can create a remediation plan in the Red Hat Lightspeed vulnerability service. When you create a remediation plan, Red Hat Lightspeed uses Ansible Playbooks to remediate or mitigate CVE vulnerabilities on your systems and apply any required patches.

The Red Hat Lightspeed advisor service analyzes and detects which systems in your organization are affected by known problems.

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console.

    Note

    By default, all Red Hat Lightspeed users have permissions to create remediation plans.

Procedure

  1. Navigate to the Security > Vulnerability > CVEs page.
  2. Set the filters as needed and select a CVE.
  3. Scroll down to view all of the affected systems. Use the filtering options to list the affected systems by version.

  4. Select systems to include in a remediation plan by clicking the box to the left of the system ID.

    Important

    To create a remediation plan for a group of systems, all systems in the group must be running the same RHEL major and minor versions to ensure that the resolution applied by the Red Hat Lightspeed-generated playbook is compatible.

  5. Click Plan remediation.

  6. Choose whether to add the remediations to an existing or new remediation plan, and then do one of the following actions, and then click Next:

    • Click Add to existing playbook, and then select a remediation plan from the list presented.
    • Click Create new playbook, and enter a name for the playbook.

  7. Review the systems to include in the remediation plan, then click Next.

    Note

    Only affected systems can be selected and included in a remediation plan.

  8. Review the information under the remediation review summary.

    1. If a reboot is required to fix the issue or risk, all systems in the remediation plan will be automatically rebooted. If you prefer to reboot manually after the plan has been executed, toggle the Auto-reboot button accordingly.
    2. Click Submit.

Verification

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Search for your remediation plan. You should see the plan that you just created showing in the list.

Most CVEs in Red Hat Lightspeed will have one remediation option for you to use to resolve an issue. Remediating a CVE with security rules might include more than one resolution from which to choose.

For example, you might have a recommended action to take, and one or more alternate resolutions. The workflow to create remediation plans for CVEs that have one or more resolution options is similar to the remediation steps in the advisor service.

For more information about security rules, see Security rules and Filtering lists of systems exposed to security rules in Assessing and monitoring security vulnerabilities on RHEL systems with FedRAMP .

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console.

    Note

    By default, all Red Hat Lightspeed users have permissions to create remediation plans.

Procedure

  1. Navigate to Security > Vulnerability > CVEs.

  2. Set filters if needed (for example, filter to see CVEs with security rules to focus on issues that have elevated risk associated with them). Or, click the CVEs with security rules tile on the dashbar.

    A screen capture of a dashbar with two different ways to search or filter CVEs with security rules

  3. Click a CVE in the list.

  4. Scroll to view affected systems, and select the systems you want to include in a remediation plan by clicking the box to the left of the system ID on the Review systems page. When you select at least one system, the Plan remediation button gets activated.

    Note

    Recommended: Include systems of the same RHEL major or minor version by filtering the list of affected systems.

  5. Click Plan remediation.

  6. Decide whether to add the selected remediations to an existing or new remediation plan by taking one of the following actions:

    • Click Add to existing playbook and select the required playbook from the dropdown list.
    • Click Create new playbook, and add a playbook name.

  7. Click Next. The systems impacted by the CVE are listed.

    Note

    Only impacted systems can be selected and included in a remediation plan.

  8. Review the systems to include in the playbook and clear the checkbox beside any systems that you do not want to include.

  9. Click Next to see the Review and edit actions page, which shows you options to remediate the CVE. The number of items to remediate can vary. You will also see additional information (that you can expand and collapse) about the CVE, such as:

    • Action: Shows the CVE ID.
    • Resolution: Displays the recommended resolution for the CVE and also confirms whether you have alternate resolution options.
    • Reboot required: Confirms whether you must reboot your systems.
    • Systems: Confirms the number of systems you are remediating.

  10. On the Review and edit actions page, choose one of two options to finish creating your remediation plan and to generate the Ansible Playbook:

    • Option 1: To review all of the recommended and alternative remediation options available (and choose one of those options):

      1. Select Review and/or change the resolution steps for this 1 action or similar based on your actual options.
      2. Click Next.
      3. On the Choose action: <CVE information> page, click a tile to select your preferred remediation option. The bottom edge of the tile highlights when selected. The recommended solution is highlighted by default.
      4. Click Next.

    • Option 2: To accept all recommended remediations:

      1. Choose Accept all recommended resolution steps for all actions.
      2. Click Next.

  11. On the final Remediation review pane, review the summary of your remediation plan and use the back button to make changes to the actions or resolution options if required.

    Note

    If a reboot is required to fix the issue or risk, all systems in the remediation plan will be automatically rebooted. If you prefer to reboot manually after the plan has been executed, toggle the Auto-reboot button accordingly.

  12. Click Submit.

Results

A notification confirming the total number of remediation actions and other information about your remediation plan is displayed.

Next steps

To view your remediation plan:

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Search for your remediation plan.

Red Hat Lightspeed provides a central location under Automation Toolkit > Remediation Plans to help you find, view the full details of, and manage the remediation plans that have been created for your organization. You can also download, delete, or modify your remediation plans from the main Remediation Plans page.

Important

You cannot create a remediation plan from Automation Toolkit > Remediation Plans. To create a new remediation plan, you must use the Red Hat Lightspeed service that generated the recommendation and its underlying Ansible Playbook, such as the advisor, compliance, or vulnerability service.

For more information, see Creating a remediation plan in Lightspeed.

4.1. Viewing remediation plans
Copy link

The Remediation Plan view provides a comprehensive overview of all of the remediation plans that were created for your organization in Red Hat Lightspeed.

4.1.1. About remediation plans table view
Copy link

You can access a table listing of all your remediation plans by navigating to the Automation Toolkit page and selecting Remediation Plans.

The table view in Remediation Plans provides a quick overview of all remediation plans.

You can search, sort, and filter the list of all of the remediation plans for your organization. For example, filter the table to show only specific remediation plans based on status.

By default, the columns in the table contain the following information:

Name
The name of the remediation plan.
Actions
The number of actions that will run when the remediation plan is executed.
Systems
The number of systems that the remediation plan is selected to run on.
Created
The date and time when the remediation plan was created.
Last Modified
The date and time when the remediation plan was last modified.

4.1.2. Customizing the Remediation Plan table
Copy link

You can customize the Remediation Plan table to suit your needs. You can add or remove columns and sort the table by any column.

Procedure

  1. Navigate to Automation ToolkitRemediation Plans.
  2. Click Configuration menuManage columns to select which columns to display in the table.
  3. You can also restore the default view by clicking Reset to Default.

4.1.3. Viewing the details of a remediation plan
Copy link

When you select and click a remediation plan in the table view, all of the available details about the plan are displayed.

General
Displays the remediation plan status, summary details, and execution readiness checklist results. The summary details include name, date created, last modified date, total number of actions and systems included, and auto-reboot configuration.
Actions
Displays a table listing the actions included in the plan.
Systems
Displays a table listing the systems included in the plan.

You can also download and view the associated playbook by clicking on Download.

4.2. Downloading remediation plans
Copy link

You can download the generated playbooks for each remediation plan in your organization. When you download a remediation plan, the YAML file for the underlying Ansible Playbook is saved to the preferred download directory on your local browser client.

You might need to download a remediation plan for the following reasons:

  • To execute a remediation plan on your host systems by using the external Ansible Automation Platform (AAP) workflow for your organization instead of from within the Red Hat Lightspeed application.
  • To view the specific plays of a remediation plan.

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Select the checkbox next to the name of the remediation plan you want to download.

  3. Complete one of the following steps:

    • To download a single remediation plan, go to the end of the row, click More options More options icon > Download.
    • To download multiple remediation plans in bulk, click the Download button at the top of the table.

Results

A message is displayed to confirm that the download was successful. A YAML file for each of the selected remediation plans is downloaded to your local drive.

4.3. Deleting remediation plans
Copy link

You can permanently delete remediation plans that are no longer needed.

Important

You cannot recover a deleted remediation plan. Also, you cannot archive and restore a remediation plan from the Red Hat Lightspeed UI.

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. In the table, find the plan you want to delete.
  3. At the end of the row, click the More options More options icon icon, and then click Delete.
  4. When prompted, click Delete to confirm the permanent removal of the plan.

Results

A message is displayed to confirm the successful deletion of the selected remediation plan.

4.4. Renaming a remediation plan
Copy link

You can rename an existing remediation plan in your organization.

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. In the table, find the plan you want to rename.
  3. At the end of the row, click the More options More options icon icon, and then click Rename.
  4. When prompted, enter a unique title for the plan name and click Rename.

Verification

  • A message is displayed to confirm the successful renaming of the selected remediation plan.

4.5. Configuring the actions in a remediation plan
Copy link

You can modify or remove an action or system from the plan, especially if the plan contains many items.

If the Red Hat advisor or another service recommends a new remedial action for one or more systems in your organization, you can add that recommendation to an existing remediation plan.

Procedure

  1. Navigate to Operations > Advisor > Recommendations to view the status of a remediation plan.

  2. In the table, use the search and filtering options to find the recommendation you want to add, and click the recommendation name.

    Important

    The recommendation must have a Resolution type of Playbook. You cannot create a remediation plan if the Resolution type is Manual.

  3. Select at least one impacted system to remediate, and click Plan remediation.
  4. Select Add to existing playbook, and then select the remediation plan name from the list presented. Click Next.
  5. Review the systems in the plan and clear the checkbox next to any systems that you do not want to include. Click Next.
  6. Review the remedial actions of your plan and adjust them if necessary. When you are satisfied, click Next.

  7. On the final Remediation review pane, review the summary of your remediation plan, and click Back to make changes, if needed.

    Note, Auto-reboot is enabled if any of the recommended actions to remediate require a system reboot to take effect. If you prefer to reboot manually after the plan has been executed, toggle Auto-reboot accordingly.

  8. Click Submit.

Verification

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Search for the remediation plan that you created and click the name to open the details.
  3. Click Actions to view the remedial actions included in the plan. The recommendations that you just added are listed.

You can remove a remedial action from a remediation plan.

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans. The remediation plans for your organization are displayed.
  2. Find the remediation plan that you want to change and click the name of the remediation plan to display the details of the plan.
  3. Navigate to the Actions tab.

  4. In the table, do one of the following:

    • Select the checkbox next to the actions that you want to remove, and click Remove at the top of the table.
    • Find a single action to remove, go to the end of the corresponding row, and click the More options icon More options icon and click Remove.
  5. When prompted, click Remove.

Verification

  • A message is displayed to confirm that the action was successfully removed from the remediation plan.

You can include more systems in an existing remediation plan.

Important

Ensure that all systems in the remediation plan are running the same RHEL major and minor versions to ensure that the resolution applied by the Red Hat Lightspeed-generated playbook is compatible.

Procedure

  1. Navigate to Operations > Advisor > Recommendations.
  2. Use the search and filtering options to find the recommendation in the existing plan and click the recommendation name.
  3. Select the systems you want to add to the plan, and then click Plan remediation.
  4. Select the option to Add to existing playbook, and then select the existing remediation plan name from the list presented. Click Next.
  5. Review the systems in the plan, and if applicable, clear the checkbox next to any systems that you do not want to include. Click Next.
  6. Review the remedial actions of your plan and adjust if necessary, as outlined in the section titled Creating a remediation plan to remediate an advisor service recommendation. Click Next.

  7. On the final Remediation review pane, review the summary of your remediation plan and click Back to make changes if required.

    Note, the Auto-reboot button is enabled if any of the recommended actions to remediate require a system reboot to take effect. If you prefer to reboot manually after the plan has been executed, toggle the Auto-reboot button accordingly.

  8. Click Submit.

Verification

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Search for your remediation plan in the table, and click the name to open the remediation plan.
  3. Click Systems to view a list of the systems included in the plan. The systems you added should be listed.

4.5.4. Removing a system from a remediation plan
Copy link

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Find the remediation plan to remove a system from and click the name to open the details of the remediation plan.
  3. Navigate to the Planned remediations tab and open the Systems tab.

  4. In the table, complete one of the following steps:

    • Select the systems that you want to remove, then click Remove above the table.
    • Find a single system to remove, go to the end of the corresponding row, click More options More options icon , and click Remove.
  5. When prompted, click Remove.

Verification

  • A message is displayed to confirm that the system was successfully removed from the remediation plan.

4.6. Monitoring remediation status
Copy link

You can view the remediation status for each remediation plan. The status information tells you the results of the latest activity and provides a summary of all activity for that remediation plan. You can also view log information.

Prerequisites

  • You are logged into the Red Hat Lightspeed UI with Remediations user permissions.

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. In the table, find the plan that you want to monitor.
  3. Click the name of the remediation plan to open the Plan details and status card on the General tab.

Providing feedback on Red Hat documentation
Copy link

We appreciate and prioritize your feedback regarding our documentation. Provide as much detail as possible, so that your request can be quickly addressed.

Prerequisites

  • You are logged in to the Red Hat Customer Portal.

Procedure

To provide feedback, perform the following steps:

  1. Click the following link: Create Issue
  2. Describe the issue or enhancement in the Summary text box.
  3. Provide details about the issue or requested enhancement in the Description text box.
  4. Type your name in the Reporter text box.
  5. Click the Create button.

This action creates a documentation ticket and routes it to the appropriate documentation team. Thank you for taking the time to provide feedback.

Legal Notice
Copy link

Copyright © Red Hat.
Except as otherwise noted below, the text of and illustrations in this documentation are licensed by Red Hat under the Creative Commons Attribution–Share Alike 3.0 Unported license . If you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, the Red Hat logo, JBoss, Hibernate, and RHCE are trademarks or registered trademarks of Red Hat, LLC. or its subsidiaries in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
XFS is a trademark or registered trademark of Hewlett Packard Enterprise Development LP or its subsidiaries in the United States and other countries.
The OpenStack® Word Mark and OpenStack logo are trademarks or registered trademarks of the Linux Foundation, used under license.
All other trademarks are the property of their respective owners.
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top