Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 3. Using token-based service accounts with remediation plans
If you use Red Hat Ansible Automation Platform (AAP) to view, download, and execute remediation plans, you can configure a token-based service account for use with both Red Hat Lightspeed and AAP. This configuration provides a more secure, scalable, and automation-friendly integration. In addition, you can view the remediation plans associated with the service account in both Red Hat Lightspeed and AAP.
3.1. About service accounts
Once you have configured the service account and set up User Access in Red Hat Lightspeed, the service account can securely access all remediation plans connected to that service account. You can also view, download, and execute playbooks for remediations from within AAP.
Token-based service accounts replace Basic Authentication, which is no longer supported for connecting to the Red Hat Hybrid Cloud Console and Red Hat Lightspeed APIs.
3.2. Configuring the service account
You can create a new token-based service account in the Red Hat Hybrid Cloud Console to integrate with both Red Hat Lightspeed and AAP, or you can select an existing service account.
Prerequisites
- You are logged into the Red Hat Hybrid Cloud Console as an Organization administrator.
Procedure
- In the Red Hat Hybrid Cloud Console, navigate to Red Hat Hybrid Cloud Console > the Settings icon (⚙) > Service Accounts.
Create a token-based service account, or select an existing service account. For more information about creating service accounts, see Creating a service account.
ImportantIf you create a new service account, make sure to save the Client ID and Client secret to a safe location. If you select an existing service account, ensure that you have access to the Client ID and Client secret.
- Create a User Access group to associate to the service account, or assign the service account to an existing User Access group that has the required permissions. For more information about creating User Access groups, see Managing group access with roles and members.
Assign the following permissions to the group, if the group does not already have them. For more information about how to add roles and permissions to a User Access group, see Adding a role to a group.
- inventory:hosts:read (included in the Inventory Hosts viewer role)
- patch:*:read* (included in the Patch viewer role)
remediations:remediation:read and playbook-dispatcher:run:read (included in the Remediations User role)
NoteYou can also grant the RHEL viewer role to the service account in the User Access group. The RHEL viewer role includes the correct permissions for inventory:hosts:read and remediations:remediation:read.
For more information about assigning a service account to a User Access group, see Adding service accounts to a User Access group.
NoteIf your organization uses Workspaces, ensure that your User Access group has the necessary permissions for full visibility into your inventory in AAP. For more information about workspaces, see Workspaces.
3.3. Configuring credentials in the Ansible Automation Platform
Once you have configured the service account and User Access in the Red Hat Hybrid Cloud Console, you can create credentials in AAP.
Prerequisites
- The Client ID and Client secret for the service account, which you obtained when you created or selected a service account in the Red Hat Hybrid Cloud Console.
- Access to the Ansible Automation Platform (AAP) interface.
Procedure
- Create a new credential in AAP. The Create credential screen displays. For more information about how to create and configure credentials in AAP, see Creating Red Hat Insights credentials.
- In the Credential Type drop-down menu, select Insights as the credential type.
- Paste the Client ID and Client secret for the service account into the respective fields in the Type Details section.
- Click Create credential.
Additional resources
3.4. Viewing the remediation plans associated with the service account
After you set up the service account in both Red Hat Lightspeed and AAP, you can view the remediation plans associated to the service account in Red Hat Lightspeed.
Prerequisites
- You are logged in to the Red Hat Hybrid Cloud Console as an Organization Administrator.
Procedure
- In the Red Hat Hybrid Cloud Console, navigate to Automation Toolkit > Remediation Plans. The remediation plans associated with the service account display in the Remediation Plan table.
Additional resources
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}