Red Hat SummitChapter 4. Executing remediation plans
After you create a remediation plan, you can download and run the generated playbook by using your organization’s Ansible workflow, or you can execute the playbook on remote systems from the Insights for Red Hat Enterprise Linux application.
4.1. Executing remediation plans from the Insights UI
You can execute the playbooks generated by your remediation plans from the Insights user interface (UI) on the Red Hat Hybrid Cloud Console providing you have the required permissions and pass the readiness check.
Execution readiness check
When you open the Remediations window for one of your systems, a readiness check is automatically activated. The readiness check ensures that you have completed the prerequisites necessary to execute the playbook on the system.
If the readiness check fails, the Execute playbook button is disabled. This does not mean that there is an issue with your plan. It might mean that you do not have the required permissions to connect and trigger the execution readiness checks.
Only a user with the Remediations administrator role can execute remediation plans on remote systems. The Remediations administrator role is a predefined role granted by an Organization Administrator in the Identity and Access Management (IAM) settings on the Red Hat Hybrid Cloud Console.
- The Remediations user role does not have the required permissions to execute remediation plans on remote systems. The Remediations administrator role permits access to all remediations capabilities and also allows you to discover whether your systems are connected.
- If you do not have the required permissions, the connection status for your system will be set to Unknown, even though you can connect to that system for other use cases in the console.
- The Remediations administrator role is not a default role. You must create the group and add yourself to the group. For more information about User Access permissions, see the following: Managing group access with roles and members
To pass the remediations execution readiness check, complete all of the following prerequisite steps.
Prerequisites
- You must be logged in to the Red Hat Hybrid Cloud Console.
-
You must enable the Remote Host Configuration client (
rhc connect) in the command line. - You must enable Remote Host Configuration Manager in the UI.
- You must be a member of a User Access group with the Remediations administrator role.
Information is provided after this procedure to help you to complete the prerequisites.
Procedure
- Navigate to Automation Toolkit > Remediations.
- Select a remediation plan by clicking the plan name.
Click Execute playbook.
NoteIf the Execute playbook button is disabled, hover your cursor over the button to see the Execution Readiness Check tooltip, which identifies the prerequisites that are not complete. Click the incomplete prerequisite to see the detailed instructions for completing it, or see the following chapters:
- On the menu, click Execute playbook on systems. The Ansible playbook that Red Hat Insights generates runs on those systems.
Additional resources
User Access Configuration Guide for Role-based Access Control (RBAC)
4.1.1. Enabling Remote Host Configuration client (RHC connect) in the command line
You must run RHC client (rhc connect) in the command line to enable host communication. Follow this procedure to learn if your host is connected:
Procedure
- Navigate to Automation Toolkit > Remediations.
- Choose the playbook you want to run.
- Click on the Systems tab and view the Connection Status to the right of your remediation.
If your Connection Status is Unknown, this means you do not have the correct User Access permissions to view the status. Click the ? icon to the left to learn how to change User Access permissions to view this data.
Additional Resources
For more information on the rhc connect command, see the following: Enabling the rhc client on systems directly managed by Insights
4.1.2. Enabling Remote Host Configuration Manager in the UI
To allow your users to execute a remediation plan’s playbook on a remote system, you must configure the Remote Host Configuration Manager settings in the Insights UI.
Complete the following steps:
Procedure
- Navigate to Remote Host Configuration Manager.
- Under Permission, find the option Allow permitted Insights users to execute remediation playbooks on rhc-connected systems, and check the status value.
If the status is set to Disabled:
- Click Change settings.
- Change the value of Status from Disabled to Enabled.
- Click Save changes. A confirmation box with the message Changes saved displays at the top right corner of the UI.
4.2. Executing remediations from the Satellite User Interface
You can also remediate using the Satellite User Interface.
Prerequisites
- You are a Cloud Administrator.
- You are a Remediations Administrator.
- You have completed Host registration using the Insights client.
For specific instructions, see Creating an Insights Remediation Plan for Hosts in the Satellite Managing Hosts documentation.
When you introduce a new host into your Satellite inventory, by means of provisioning or registration, two automatic background tasks will initiate. It will take 24 hours for these tasks to complete. This is a typical time frame for the automatic synchronization.
If you identify security issues or another scenario that warrants not waiting 24 hours for the automatic sync, you can manually synchronize by clicking the sync button in the UI. This manual sync will complete in a few minutes.
To see the procedures for enabling automatic and manual synchronization, see the Configuring Synchronization of Insights Recommendations for Hosts in the Satellite documentation.
