Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Red Hat Lightspeed remediations guide

Red Hat Lightspeed 1-latest

Fixing issues on Red Hat Enterprise Linux systems by using remediation plans

Red Hat Customer Content Services

Abstract

Create and execute remediation plans to remediate issues on any RHEL system registered with Red Hat Lightspeed.

Chapter 1. Remediations overview
링크 복사

After identifying the highest remediation priorities in your Red Hat Enterprise Linux (RHEL) infrastructure, you can create and execute remediation plans to fix those issues.

1.1. About remediations
링크 복사

Remediations enables you to address the following topics on your connected RHEL systems:

  • Advisor recommendations
  • Content advisories
  • Vulnerability CVEs
  • Failed compliance rules found by Red Hat Lightspeed

You can remediate a single issue or a related group of issues by using a pathway in Red Hat Lightspeed. Pathways group multiple advisor recommendations under common actions for better efficiency. For more information, see Remediating pathways.

For some issues, Red Hat Lightspeed provides several different remediation paths.

When you create a remediation plan, Red Hat Lightspeed generates an Ansible Playbook to implement the required remediation actions and apply any required patches on affected systems in your RHEL infrastructure.

Some issues require a manual fix and cannot be resolved by executing a remediation plan in Red Hat Lightspeed. To determine if you can remediate a problem in Red Hat Lightspeed, check the Resolution type value of the issue or recommendation.

1.2. Remediation types
링크 복사

In Red Hat Lightspeed, an issue or recommendation for remediation can be one of the following two types:

  • Manual: Red Hat Lightspeed provides the manual remediation steps needed to fix or address all issues and recommendations, including whether the system requires a reboot for the remediation to take effect.

  • Playbook: For many issues, Red Hat Lightspeed also provides a pre-built remediation playbook that automates the required resolution steps, which you can either:

    • Run on your systems from within Red Hat Lightspeed
    • Download and run externally in your Ansible Playbooks environment

1.3. Red Hat Lightspeed remediations workflow
링크 복사

You can use the following outline of a remediations workflow to design how you will create and execute a remediation plan.

  • Choose an issue or recommendation

    • Choose an issue or recommendation that Red Hat Lightspeed has detected on one or more of your RHEL systems.

  • Review the recommended resolution path

    • Determine which versions of RHEL are affected and whether or not a playbook is available. You can only create a remediation plan in Red Hat Lightspeed if a pre-built playbook exists.

  • Decide which RHEL systems to remediate

    • After you review the recommended resolution steps and determine if a playbook is available to remediate the issue, choose which systems to include in the plan.

      Important

      To create a remediation plan for a group of systems, you must ensure that all systems in the group are running the same RHEL major and minor versions so that the resolution applied by the Red Hat Lightspeed-generated playbook is compatible.

  • Create a remediation plan

    • The wizard in the Red Hat Lightspeed UI can help you create a remediation plan that you can access from the advisor, compliance, vulnerability, and patch service pages.

      To start the wizard and create a remediation plan, click Plan remediation after you select at least one system and one issue or recommendation for remediation. You can also create a remediation plan from the details page of a system, as long as Red Hat Lightspeed has detected issues that impact the system.

  • Decide how you want to execute your remediation plan

    • You can execute a remediation plan in Red Hat Lightspeed on directly connected Red Hat Enterprise Linux systems without additional subscriptions or tools. You can also download and run the associated playbook on your organization’s Ansible Automation Platform (AAP) workflow.

1.4. Prerequisites for remediations
링크 복사

To create and execute remediation plans, you must meet the following criteria:

Subscription
Red Hat Lightspeed is included with every RHEL subscription. No additional subscriptions are required to use Red Hat Lightspeed remediation features.
User access role

By default, all Red Hat Lightspeed users automatically have access to read, create, and manage remediation plans.

  • To remediate your Red Hat Enterprise Linux systems from Red Hat Lightspeed, you also need:

    • Access to Red Hat Lightspeed on the Red Hat Hybrid Cloud Console (Hybrid Cloud Console).
    • If you are using Red Hat Satellite, you need access to Satellite-managed systems on the console or in the Satellite application UI.
    • The required Hybrid Cloud Console User Access roles for managing and executing remediation plans.
Important

All Red Hat Lightspeed users automatically have access to read, create, and manage remediation plans, but you need the Remediations administrator predefined User Access role to execute a remediation plan in Red Hat Lightspeed. Your Organization Administrator can grant User Access roles in Identity & Access Management settings on the Hybrid Cloud Console.

Remote host connectivity
To execute remediations, you must set up and enable the remote host configuration (rhc) within Red Hat Lightspeed. You will also need to permit Red Hat Lightspeed users to execute remediation playbooks on rhc-connected systems, which can be done by enabling the Remote Host Configuration Manager (rhc) setting in Red Hat Lightspeed, provided you have the required administrative permissions.

1.5. Getting started with remediations by using an interactive quick start
링크 복사

To help you get started with remediations, an interactive quick start is available in Red Hat Lightspeed on the Hybrid Cloud Console.

The Creating and executing remediation plans quick start guides you through the process in under 10 minutes and provides links to additional resources.

Prerequisites

  • You must have a Red Hat Hybrid Cloud Console account and be subscribed to the Red Hat Lightspeed services.

Procedure

  1. Log on to Red Hat Hybrid Cloud Console and then navigate to the Red Hat Lightspeed services.

  2. To access the quick start, use one of the following steps:

1.6. User Access settings in the Red Hat Hybrid Cloud Console
링크 복사

User Access is the Red Hat implementation of role-based access control (RBAC). Your Organization Administrator uses User Access to configure what users can see and do on the Red Hat Hybrid Cloud Console (the console):

  • Control user access by organizing roles instead of assigning permissions individually to users.
  • Create groups that include roles and their corresponding permissions.
  • Assign users to these groups, allowing them to inherit the permissions associated with their group’s roles.

1.6.1. Predefined User Access groups and roles
링크 복사

To make groups and roles easier to manage, Red Hat provides two predefined groups and a set of predefined roles:

  • Predefined groups

    The Default access group contains all users in your organization. Many predefined roles are assigned to this group. It is automatically updated by Red Hat.

    Note

    If the Organization Administrator makes changes to the Default access group its name changes to Custom default access group and it is no longer updated by Red Hat.

    The Default admin access group contains only users who have Organization Administrator permissions. This group is automatically maintained and users and roles in this group cannot be changed.

    On the Hybrid Cloud Console navigate to Red Hat Hybrid Cloud Console > the Settings icon (⚙) > Identity & Access Management > User Access > Groups to see the current groups in your account. This view is limited to the Organization Administrator.

  • Predefined roles assigned to groups

    The Default access group contains many of the predefined roles. Because all users in your organization are members of the Default access group, they inherit all permissions assigned to that group.

    The Default admin access group includes many (but not all) predefined roles that provide update and delete permissions. The roles in this group usually include administrator in their name.

    On the Hybrid Cloud Console navigate to Red Hat Hybrid Cloud Console > the Settings icon (⚙) > Identity & Access Management > User Access > Roles to see the current roles in your account. You can see how many groups each role is assigned to. This view is limited to the Organization Administrator.

1.6.2. Access permissions
링크 복사

The Prerequisites for each procedure list which predefined role provides the permissions you must have. As a user, you can navigate to Red Hat Hybrid Cloud Console > the Settings icon (⚙) > My User Access to view the roles and application permissions currently inherited by you.

If you cannot access Red Hat Lightspeed because of permissions issues, contact your Organization Administrator or the User Access administrator for your organization.

Use the Red Hat Hybrid Cloud Console Virtual Assistant to ask "Contact my Organization Administrator". The assistant sends an email to the Organization Administrator on your behalf.

Additional resources

For more information about user access and permissions, see User Access configuration guide for role-based access control (RBAC).

1.7. User Access roles for creating and executing remediation plans
링크 복사

To fix issues on your systems by using the Red Hat Lightspeed remediation features, become familiar with the roles that provide the required access permissions for creating, managing, and executing remediation plans.

The following user access roles provide standard or enhanced access to remediation features in Red Hat Lightspeed:

  • Remediations user: The Remediations user role is included in the default access group. With this role, a user has permissions to:

    • View existing remediation plans
    • Create a remediation plan
    • Delete a remediation plan

  • Remediations administrator: With this role, a user has permissions to:

    • Do everything that a Remediations user can do
    • Execute remediation plans on connected remote host systems from within Red Hat Lightspeed

For more information about user access and permissions, see User Access configuration guide for role-based access control (RBAC).

Chapter 2. Enabling host communication with Red Hat Lightspeed
링크 복사

Before you can execute the playbooks in your remediation plans on remote systems from Red Hat Lightspeed, your systems must be able to communicate with Red Hat Lightspeed.

  • For Red Hat Enterprise Linux systems that are not managed by Red Hat Satellite, you should complete the following procedure to enable the rhc client on those systems.
  • For systems that are managed by Satellite, you will configure Cloud Connector on the host servers for those systems.

2.1. Enabling the rhc client on systems directly managed by Red Hat Lightspeed
링크 복사

To execute Ansible Playbooks from Red Hat Lightspeed, enable the rhc client on the systems in your infrastructure. The rhc connect command does this by registering (RHEL8.6 and later, and 9.0 and later) systems with Red Hat Subscription Manager and Red Hat Lightspeed, and enabling remote host configuration (rhc) features in Red Hat Lightspeed.

Prerequisites

  • Sudo access on the Red Hat Enterprise Linux host system

Procedure

  1. To connect rhc on RHEL 8.5 systems, use the following commands: 

    # subscription-manager repos --enable ansible-2.9-for-rhel-8-x86_64-rpms
# dnf -y install ansible rhc-worker-playbook-0.1.5-3.el8_4
# rhc connect
    Copy to Clipboard Toggle word wrap

    Note, remote host configuration on RHEL 8.5 has dependencies on ansible and rhc-worker-playbook. To install the dependencies, you must first register with Subscription Manager.

  2. To connect rhc on RHEL8.6 and later systems, use the following commands: 

    # dnf -y update rhc
# dnf -y install rhc-worker-playbook
# rhc connect
    Copy to Clipboard Toggle word wrap

  3. To connect rhc on RHEL9.0 and later systems, use the following commands: 

    # dnf -y install rhc rhc-worker-playbook
# rhc connect
    Copy to Clipboard Toggle word wrap

2.2. Enabling Remote Host Configuration Manager in the Red Hat Lightspeed UI
링크 복사

To allow users to execute a remediation plan on a remote system from Red Hat Lightspeed, you must configure the Remote Host Configuration Manager settings in the Red Hat Lightspeed UI.

Prerequisites

  • You have the RHC Administrator and Inventory Hosts Administrator roles. If not, contact your Organization Administrator to obtain these permissions.

Procedure

  1. Navigate to Remote Host Configuration Manager.
  2. Under Permission, set the option Allow permitted Red Hat Lightspeed users to execute remediation playbooks on rhc-connected systems to Enabled.
  3. Click Save changes.

Results

A confirmation box with the message Changes saved displays at the top right corner of the UI.

2.3. Checking the connection status of host systems in the Red Hat Lightspeed UI
링크 복사

After you set up the Remote Host Configuration client rhc connect and enable host communication on the host system, go back to the Red Hat Lightspeed UI and verify that the host system is connected.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console.

  • You have the RHC Administrator and Inventory Hosts Administrator roles. If not, contact your Organization Administrator to obtain these permissions.

    Note

    To execute a remediation plan on remote hosts from Red Hat Lightspeed, you also need the Remediations administrator role.

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. On the Remediation Plans page, choose a remediation plan that includes the system you are interested in checking. The General tab opens.
  3. Open the Systems tab, and locate the system in the table.

  4. Check the Connection Status value for the system.

    Note, if the Connection Status value is Unknown, this means that you do not have the correct User Access permissions to view the status.

2.4. Enabling Cloud Connector for content hosts managed by Satellite
링크 복사

You can remediate issues on Satellite-managed content hosts remotely from the Red Hat Lightspeed UI in the Red Hat Hybrid Cloud Console. Remote remediation from Red Hat Lightspeed requires that you first configure the Cloud Connector plugin on the Satellite Server.

Important

If you want to manage and execute host remediations entirely from the Satellite web console, you do not need to enable the Cloud Connector plugin.

The following prerequisites are comprehensive for Satellite Server configuration:

2.4.1. Prerequisites
링크 복사

  • Satellite must be version 6.9 or later.
  • You have root access to the Satellite server.
  • The content hosts that are managed by the satellite should have the insights-client installed and turned on. See the reference section of this documentation for insights-client installation and enablement procedures.
  • Import a Subscription Manifest into Satellite. For more information, see Importing a Subscription Manifest into Satellite Server in the Red Hat Satellite Content Management Guide.
  • Register your hosts to Satellite using an activation key to attach Red Hat subscriptions. For more information, see Registering Hosts in the Red Hat Satellite Managing Hosts guide.

Before you can run the playbooks in your remediation plans remotely from within Red Hat Lightspeed, you must install and configure the Cloud Connector plugin on the Satellite Server.

Complete the following tasks to install, configure, and verify the configuration of Cloud Connector.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console.

  • You have the RHC Administrator and Inventory Hosts Administrator roles. If not, contact your Organization Administrator to obtain these permissions.

    Note

    To execute a remediation plan on remote hosts from Red Hat Lightspeed, you also need the Remediations administrator role.

Procedure

  1. On Satellite Server, enable the remote-execution plugin by entering one of the following commands, based on your version of Satellite Server.

    1. On Satellite Server 6.12 and later. 

      [root]# satellite-installer --foreman-proxy-plugin-remote-execution-script-install-key true
      Copy to Clipboard Toggle word wrap

    2. *On Satellite Server 6.9 - 6.11 

      [root]# satellite-installer --foreman-proxy-plugin-remote-execution-ssh-install-key true
      Copy to Clipboard Toggle word wrap
      Note

      Configuring Cloud Connector requires that the satellite perform a remote execution on itself. This is why the first step is to enable the remote-execution script or plugin.

  2. In the Satellite Server web UI, navigate to Configure > Red Hat Cloud > Inventory Upload. Verify that the Automatic Inventory Upload switch is turned ON, which is the default setting.

  3. Optionally: Toggle the Obfuscate host names switch to the ON position to hide hostnames that Satellite Server reports to the Hybrid Cloud Console.

    Note

    The Obfuscate host names setting only affects rh_cloud reports. If you want to obfuscate hostnames, IP addresses, or Media Access Control (MAC) addresses, configure obfuscation in the insights-client configuration. Satellite Server observes the Red Hat Lightspeed obfuscation configuration settings. For more information, see the following resources:

    • Obfuscating hostnames
    • Obfuscating IP addresses.
    • Obfuscating MAC addresses.

    Automatic inventory upload and Obfuscate host names are global settings. They affect content hosts that belong to all organizations.

  4. Click Configure Cloud Connector. A Notice dialog box warns you that this action also enables auto reports upload.
  5. Click Confirm, and then wait for the task to finish. This should take about one minute.

  6. Go to Monitor > Jobs > Configure Cloud Connector to see the job.

    Note
  7. Click Generate and upload report to generate a data payload from each of the content hosts that have insights-client running, and upload your host inventory to Red Hat Lightspeed.
  8. Repeat the previous step for each organization for which you want to upload a content host inventory.
  9. Under Configure > Red Hat Cloud (after Sat 6.11) > Red Hat Lightspeed, set Auto sync for the organization by using the toggle in the upper right corner of the screen.

Verification

To verify that the upload was successful, log in to Red Hat Hybrid Cloud Console > Red Hat Enterprise Linux > Red Hat Lightspeed > Inventory and search for the satellite_id tag for your content hosts.

Optional: Click Sync all inventory status and wait for the task to finish. It will show you the number of content hosts recognized by Red Hat Lightspeed inventory.

Chapter 3. Using token-based service accounts with remediation plans
링크 복사

If you use Red Hat Ansible Automation Platform (AAP) to view, download, and execute remediation plans, you can configure a token-based service account for use with both Red Hat Lightspeed and AAP. This configuration provides a more secure, scalable, and automation-friendly integration.

In addition, you can view the remediation plans associated with the service account in both Red Hat Lightspeed and AAP.

3.1. About service accounts
링크 복사

After you configure the service account and set up User Access in Red Hat Lightspeed, the service account can securely access all remediation plans connected to that service account. You can also view, download, and execute playbooks for remediations from within AAP.

Note

Token-based service accounts replace Basic Authentication, which is no longer supported for connecting to the Red Hat Hybrid Cloud Console and Red Hat Lightspeed APIs.

Additional resources

3.2. Configuring the service account
링크 복사

You can create a new token-based service account in the Red Hat Hybrid Cloud Console to integrate with both Red Hat Lightspeed and AAP, or you can select an existing service account.

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console as an Organization administrator.

Procedure

  1. In the Red Hat Hybrid Cloud Console, navigate to Red Hat Hybrid Cloud Console > the Settings icon (⚙) > Service Accounts.

  2. Create a token-based service account, or select an existing service account. For more information about creating service accounts, see Creating a service account.

    Important

    If you create a new service account, make sure to save the Client ID and Client secret to a safe location. If you select an existing service account, ensure that you have access to the Client ID and Client secret.

  3. Create a User Access group to associate to the service account, or assign the service account to an existing User Access group that has the required permissions. For more information about creating User Access groups, see Managing group access with roles and members.

  4. Assign the following permissions to the group, if the group does not already have them. For more information about how to add roles and permissions to a User Access group, see Adding a role to a group.

    • inventory:hosts:read (included in the Inventory Hosts viewer role)
    • patch:*:read* (included in the Patch viewer role)

    • remediations:remediation:read and playbook-dispatcher:run:read (included in the Remediations User role)

      Note

      You can also grant the RHEL viewer role to the service account in the User Access group. The RHEL viewer role includes the correct permissions for inventory:hosts:read and remediations:remediation:read.

      For more information about assigning a service account to a User Access group, see Adding service accounts to a User Access group.

      Note

      If your organization uses Workspaces, ensure that your User Access group has the necessary permissions for full visibility into your inventory in AAP. For more information about workspaces, see Workspaces.

Additional resources

3.3. Configuring credentials in the Ansible Automation Platform
링크 복사

Once you have configured the service account and User Access in the Red Hat Hybrid Cloud Console, you can create credentials in AAP.

Prerequisites

  • The Client ID and Client secret for the service account, which you obtained when you created or selected a service account in the Red Hat Hybrid Cloud Console.
  • Access to the Ansible Automation Platform (AAP) interface.

Procedure

  1. Create a new credential in AAP. The Create credential screen displays. For more information about how to create and configure credentials in AAP, see Creating Red Hat Insights credentials.
  2. In the Credential Type drop-down menu, select Insights as the credential type.
  3. Paste the Client ID and Client secret for the service account into the respective fields in the Type Details section.
  4. Click Create credential.

3.4. Viewing the remediation plans associated with the service account
링크 복사

After you set up the service account in both Red Hat Lightspeed and AAP, you can view the remediation plans associated to the service account in Red Hat Lightspeed.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console as an Organization Administrator.

Procedure

Additional resources

Chapter 4. Managing remediation plans in Red Hat Lightspeed
링크 복사

To fix issues that Red Hat Lightspeed identifies for a system or group of RHEL systems in your organization, create a remediation plan.

4.1. Creating a remediation plan in Red Hat Lightspeed
링크 복사

You can create a remediation plan to fix one or more issues identified by Red Hat Lightspeed for a system or group of RHEL systems in your organization.

To create a remediation plan in Red Hat Lightspeed, you need to do the following:

  1. Find an issue to resolve
  2. Review the recommended remediation steps
  3. Select the systems to remediate

You can create a remediation plan to address recommendations and issues found by the following services of Red Hat Lightspeed:

  • advisor
  • compliance
  • vulnerability
  • patch

The workflow to create a remediation plan is similar for all services in Red Hat Lightspeed that support remediations. For more information, see Red Hat Lightspeed remediations workflow in the Remediations overview section.

Important

Some of the Red Hat recommended solutions for fixing or remediating a problem can only be resolved by applying a manual action, and a playbook to automate the solution might not be applicable or available to run or download. In these instances, the advisor recommendation displays a Remediation type value of Manual.

You can create a remediation plan for any Red Hat Lightspeed recommendations or remedial actions that have a Remediation type value of Playbook.

When you create a remediation plan, Red Hat Lightspeed generates an Ansible Playbook from the built-in play for that issue to implement the required remediation actions and the reboot instructions on the selected host systems.

4.2. Creating a remediation plan to remediate an advisor service recommendation
링크 복사

You can create a remediation plan to address an advisor service recommendations.

The advisor service assesses and monitors the health of your Red Hat Lightspeed infrastructure and provides recommendations to address availability, stability, performance, and security issues. Red Hat Lightspeed detects the systems in your infrastructure that are impacted and provides a set of recommended actions that can help you prioritize and plan how to remediate your systems.

For more information about the Red Hat Lightspeed advisor service, see Assessing RHEL configuration issues using the Red Hat Lightspeed advisor service.

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console.

    Note

    By default, all Red Hat Lightspeed users have permissions to create remediation plans. However, you will need the Remediations administrator role to execute a remediation plan on remote hosts from Red Hat Lightspeed. For more information, see the Required permissions for remediation plan execution.

Procedure

  1. Choose a Red Hat Lightspeed advisor service recommendation to remediate:

    1. Navigate to Operations > Advisor > Recommendations.
    2. Review the Recommendations table to see which recommendations are applicable for your systems and whether they have a playbook already created.

    3. Use the search and filtering function in the table to sort the items by Resolution type.

      Important

      Look for recommendations that have a Resolution type of Playbook. You cannot create a remediation plan if the Resolution type is set to Manual.

    4. Click the recommendation name. The full details of the recommendation are displayed, and a list of impacted systems is displayed on the lower part of the page.

  2. Select which systems to include in the remediation plan:

    1. Scroll to view all of the registered RHEL systems that are impacted by the recommendation.

    2. Find the systems to include. If needed, use the search and filter functions in the table. For example, you can use the filtering options to list the affected systems by version.

      Important

      To create a remediation plan for a group of systems, all systems in the group must be running the same RHEL major and minor versions to ensure that the resolution applied by the Red Hat Lightspeed-generated playbook is compatible.

    3. Select at least one system to include in a remediation plan by clicking the checkbox to the left of the system ID.

  3. Create and save the plan:

    1. Click Plan remediation to start the wizard.

    2. Select Create new playbook, and enter a name for the playbook.

      Note

      You can also add this recommendation or the selected systems to an existing remediation plan by choosing Add to existing playbook, and then selecting the plan name from the list presented.

    3. Under Review systems, review the systems included in the plan, and if applicable, clear the checkbox next to any systems that you do not want to include.
    4. Click Next.

    5. Under Review and edit actions, review the resolution steps for the action. Some actions will present different steps that you can choose from in the wizard. Complete one of the following steps:

      • If the action has a choice of methods to remediate:

        • Select Review and/or change the resolution steps for this 1 action, and click Next.
        • Choose one of the step choices, and click Next.
      • If there are no choices to be made and you are satisfied with the actions for this plan, select Accept all recommended resolution steps for all actions, and then click Next.

  4. On the Remediation review pane, review the summary of your remediation plan and use the back button to make changes if needed.

    Note

    If a reboot is required to fix the issue or risk, all systems in the remediation plan will be automatically rebooted. If you prefer to reboot manually after the plan has been executed, toggle the Auto-reboot button accordingly.

  5. Click Submit.

Verification

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Search for your remediation plan in the table and click its name to open the plan.

4.3. Creating a remediation plan to remediate a CVE vulnerability on RHEL systems
링크 복사

You can create a remediation plan in the Red Hat Lightspeed vulnerability service. When you create a remediation plan, Red Hat Lightspeed uses Ansible Playbooks to remediate or mitigate CVE vulnerabilities on your systems and apply any required patches.

The Red Hat Lightspeed advisor service analyzes and detects which systems in your organization are affected by known problems.

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console.

    Note

    By default, all Red Hat Lightspeed users have permissions to create remediation plans. However, you need the Remediations administrator role to execute a remediation plan on remote hosts from Red Hat Lightspeed. For more information, see Required permissions for remediation plan execution.

Procedure

  1. Navigate to the Security > Vulnerability > CVEs page.
  2. Set the filters as needed and select a CVE.
  3. Scroll down to view all of the affected systems. Use the filtering options to list the affected systems by version.

  4. Select systems to include in a remediation plan by clicking the box to the left of the system ID.

    Important

    To create a remediation plan for a group of systems, all systems in the group must be running the same RHEL major and minor versions to ensure that the resolution applied by the Red Hat Lightspeed-generated playbook is compatible.

  5. Click Plan remediation.

  6. Choose whether to add the remediations to an existing or new remediation plan, and then do one of the following actions, and then click Next:

    • Click Add to existing playbook, and then select a remediation plan from the list presented.
    • Click Create new playbook, and enter a name for the playbook.

  7. Review the systems to include in the remediation plan, then click Next.

    Note

    Only affected systems can be selected and included in a remediation plan.

  8. Review the information under the remediation review summary.

    1. If a reboot is required to fix the issue or risk, all systems in the remediation plan will be automatically rebooted. If you prefer to reboot manually after the plan has been executed, toggle the Auto-reboot button accordingly.
    2. Click Submit.

Verification

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Search for your remediation plan. You should see the plan that you just created showing in the list.

Most CVEs in Red Hat Lightspeed will have one remediation option for you to use to resolve an issue. Remediating a CVE with security rules might include more than one resolution from which to choose.

For example, you might have a recommended action to take, and one or more alternate resolutions. The workflow to create remediation plans for CVEs that have one or more resolution options is similar to the remediation steps in the advisor service.

For more information about security rules, see Security rules and Filtering lists of systems exposed to security rules in Assessing and monitoring security vulnerabilities on RHEL systems .

Prerequisites

  • You are logged into the Red Hat Hybrid Cloud Console.

    Note

    By default, all Red Hat Lightspeed users have permissions to create remediation plans. However, you will need the Remediations administrator role to execute a remediation plan on remote hosts from Red Hat Lightspeed. For more information, see the Required permissions for remediation plan execution.

Procedure

  1. Navigate to Security > Vulnerability > CVEs.

  2. Set filters if needed (for example, filter to see CVEs with security rules to focus on issues that have elevated risk associated with them). Or, click the CVEs with security rules tile on the dashbar.

    A screen capture of a dashbar with two different ways to search or filter CVEs with security rules

  3. Click a CVE in the list.

  4. Scroll to view affected systems, and select the systems you want to include in a remediation plan by clicking the box to the left of the system ID on the Review systems page. When you select at least one system, the Plan remediation button gets activated.

    Note

    Recommended: Include systems of the same RHEL major or minor version by filtering the list of affected systems.

  5. Click Plan remediation.

  6. Decide whether to add the selected remediations to an existing or new remediation plan by taking one of the following actions:

    • Click Add to existing playbook and select the required playbook from the dropdown list.
    • Click Create new playbook, and add a playbook name.

  7. Click Next. The systems impacted by the CVE are listed.

    Note

    Only impacted systems can be selected and included in a remediation plan.

  8. Review the systems to include in the playbook and clear the checkbox beside any systems that you do not want to include.

  9. Click Next to see the Review and edit actions page, which shows you options to remediate the CVE. The number of items to remediate can vary. You will also see additional information (that you can expand and collapse) about the CVE, such as:

    • Action: Shows the CVE ID.
    • Resolution: Displays the recommended resolution for the CVE and also confirms whether you have alternate resolution options.
    • Reboot required: Confirms whether you must reboot your systems.
    • Systems: Confirms the number of systems you are remediating.

  10. On the Review and edit actions page, choose one of two options to finish creating your remediation plan and to generate the Ansible Playbook:

    • Option 1: To review all of the recommended and alternative remediation options available (and choose one of those options):

      1. Select Review and/or change the resolution steps for this 1 action or similar based on your actual options.
      2. Click Next.
      3. On the Choose action: <CVE information> page, click a tile to select your preferred remediation option. The bottom edge of the tile highlights when selected. The recommended solution is highlighted by default.
      4. Click Next.

    • Option 2: To accept all recommended remediations:

      1. Choose Accept all recommended resolution steps for all actions.
      2. Click Next.

  11. On the final Remediation review pane, review the summary of your remediation plan and use the back button to make changes to the actions or resolution options if required.

    Note

    If a reboot is required to fix the issue or risk, all systems in the remediation plan will be automatically rebooted. If you prefer to reboot manually after the plan has been executed, toggle the Auto-reboot button accordingly.

  12. Click Submit.

Results

A notification confirming the total number of remediation actions and other information about your remediation plan is displayed.

Next steps

To view your remediation plan:

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Search for your remediation plan.
  3. To execute your remediation plan and run the generated Ansible Playbook on the affected systems, see Executing remediation playbooks from the Red Hat Lightspeed UI.

Chapter 5. Viewing and managing your remediation plans
링크 복사

Red Hat Lightspeed provides a central location under Automation Toolkit > Remediation Plans to help you find, view the full details of, and manage the remediation plans that have been created for your organization. You can also download, delete, or modify your remediation plans from the main Remediation Plans page.

Important

You cannot create a remediation plan from Automation Toolkit > Remediation Plans. To create a new remediation plan, you must use the Red Hat Lightspeed service that generated the recommendation and its underlying Ansible Playbook, such as the advisor, compliance, or vulnerability service.

For more information, see Creating a remediation plan in Lightspeed.

5.1. Viewing remediation plans
링크 복사

The Remediation Plan view provides a comprehensive overview of all of the remediation plans that were created for your organization in Red Hat Lightspeed.

5.1.1. About remediation plans table view
링크 복사

You can access a table listing of all your remediation plans by navigating to the Automation Toolkit page and selecting Remediation Plans.

The table view in Remediation Plans provides a quick overview of all remediation plans, including their status and last execution date.

You can search, sort, and filter the list of all of the remediation plans for your organization. For example, filter the table to show only specific remediation plans based on status.

By default, the columns in the table contain the following information:

Name
The name of the remediation plan.
Last Executed
The date and time when the remediation plan was last executed.
Execution Status
The latest execution status of the remediation plan, for example, successful or failed. N/A indicates that the remediation plan has not been executed yet.
Actions
The number of actions that will run when the remediation plan is executed.
Systems
The number of systems that the remediation plan is selected to run on.
Created
The date and time when the remediation plan was created.
Last Modified
The date and time when the remediation plan was last modified.

5.1.2. Customizing the Remediation Plan table
링크 복사

You can customize the Remediation Plan table to suit your needs. You can add or remove columns and sort the table by any column.

Procedure

  1. Navigate to Automation ToolkitRemediation Plans.
  2. Click Configuration menuManage columns to select which columns to display in the table.
  3. You can also restore the default view by clicking Reset to Default.

5.1.3. Viewing the details of a remediation plan
링크 복사

When you select and click a remediation plan in the table view, all of the available details about the plan are displayed.

General
Displays the remediation plan status, summary details, and execution readiness checklist results. The summary details include name, date created, last modified date, latest execution status, total number of actions and systems included, and auto-reboot configuration.
Actions
Displays a table listing the actions included in the plan.
Systems
Displays a table listing the systems included in the plan.
Execution History
Displays a timeline of all executions of the remediation plan, including the dates, status, history, and links to the logs of a plan execution for each included system. From here, you can see any errors that occurred during execution.

You can also download and view the associated playbook by clicking on Download.

5.2. Downloading remediation plans
링크 복사

You can download the generated playbooks for each remediation plan in your organization. When you download a remediation plan, the YAML file for the underlying Ansible Playbook is saved to the preferred download directory on your local browser client.

You might need to download a remediation plan for the following reasons:

  • To execute a remediation plan on your host systems by using the external Ansible Automation Platform (AAP) workflow for your organization instead of from within the Red Hat Lightspeed application.
  • To view the specific plays of a remediation plan.
  • To troubleshoot issues with executing a remediation plan.

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Select the checkbox next to the name of the remediation plan you want to download.

  3. Complete one of the following steps:

    • To download a single remediation plan, go to the end of the row, click More options More options icon > Download.
    • To download multiple remediation plans in bulk, click the Download button at the top of the table.

Results

A message is displayed to confirm that the download was successful. A YAML file for each of the selected remediation plans is downloaded to your local drive.

5.3. Deleting remediation plans
링크 복사

You can permanently delete remediation plans that are no longer needed.

Important

You cannot recover a deleted remediation plan. Also, you cannot archive and restore a remediation plan from the Red Hat Lightspeed UI.

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. In the table, find the plan you want to delete.
  3. At the end of the row, click the More options More options icon icon, and then click Delete.
  4. When prompted, click Delete to confirm the permanent removal of the plan.

Results

A message is displayed to confirm the successful deletion of the selected remediation plan.

5.4. Renaming a remediation plan
링크 복사

You can rename an existing remediation plan in your organization.

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. In the table, find the plan you want to rename.
  3. At the end of the row, click the More options More options icon icon, and then click Rename.
  4. When prompted, enter a unique title for the plan name and click Rename.

Verification

  • A message is displayed to confirm the successful renaming of the selected remediation plan.

5.5. Configuring the actions in a remediation plan
링크 복사

You can modify or remove an action or system from the plan, especially if the plan contains many items.

5.5.1. Adding a new recommendation action to an existing remediation plan
링크 복사

If the Red Hat advisor or another service recommends a new remedial action for one or more systems in your organization, you can add that recommendation to an existing remediation plan.

Procedure

  1. Navigate to Operations > Advisor > Recommendations to view the status of a remediation plan.

  2. In the table, use the search and filtering options to find the recommendation you want to add, and click the recommendation name.

    Important

    The recommendation must have a Resolution type of Playbook. You cannot create a remediation plan if the Resolution type is Manual.

  3. Select at least one impacted system to remediate, and click Plan remediation.
  4. Select Add to existing playbook, and then select the remediation plan name from the list presented. Click Next.
  5. Review the systems in the plan and clear the checkbox next to any systems that you do not want to include. Click Next.
  6. Review the remedial actions of your plan and adjust them if necessary. When you are satisfied, click Next.

  7. On the final Remediation review pane, review the summary of your remediation plan, and click Back to make changes, if needed.

    Note, Auto-reboot is enabled if any of the recommended actions to remediate require a system reboot to take effect. If you prefer to reboot manually after the plan has been executed, toggle Auto-reboot accordingly.

  8. Click Submit.

Verification

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Search for the remediation plan that you created and click the name to open the details.
  3. Click Actions to view the remedial actions included in the plan. The recommendations that you just added are listed.

5.5.2. Removing a remedial action from a remediation plan
링크 복사

You can remove a remedial action from a remediation plan.

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans. The remediation plans for your organization are displayed.
  2. Find the remediation plan that you want to change and click the name of the remediation plan to display the details of the plan.
  3. Navigate to the Actions tab.

  4. In the table, do one of the following:

    • Select the checkbox next to the actions that you want to remove, and click Remove at the top of the table.
    • Find a single action to remove, go to the end of the corresponding row, and click the More options icon More options icon and click Remove.
  5. When prompted, click Remove.

Verification

  • A message is displayed to confirm that the action was successfully removed from the remediation plan.

5.5.3. Adding systems to an existing remediation plan
링크 복사

You can include more systems in an existing remediation plan.

Important

Ensure that all systems in the remediation plan are running the same RHEL major and minor versions to ensure that the resolution applied by the Red Hat Lightspeed-generated playbook is compatible.

Procedure

  1. Navigate to Operations > Advisor > Recommendations.
  2. Use the search and filtering options to find the recommendation in the existing plan and click the recommendation name.
  3. Select the systems you want to add to the plan, and then click Plan remediation.
  4. Select the option to Add to existing playbook, and then select the existing remediation plan name from the list presented. Click Next.
  5. Review the systems in the plan, and if applicable, clear the checkbox next to any systems that you do not want to include. Click Next.
  6. Review the remedial actions of your plan and adjust if necessary, as outlined in the section titled Creating a remediation plan to remediate an advisor service recommendation. Click Next.

  7. On the final Remediation review pane, review the summary of your remediation plan and click Back to make changes if required.

    Note, the Auto-reboot button is enabled if any of the recommended actions to remediate require a system reboot to take effect. If you prefer to reboot manually after the plan has been executed, toggle the Auto-reboot button accordingly.

  8. Click Submit.

Verification

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Search for your remediation plan in the table, and click the name to open the remediation plan.
  3. Click Systems to view a list of the systems included in the plan. The systems you added should be listed.

5.5.4. Removing a system from a remediation plan
링크 복사

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Find the remediation plan to remove a system from and click the name to open the details of the remediation plan.
  3. Navigate to the Planned remediations tab and open the Systems tab.

  4. In the table, complete one of the following steps:

    • Select the systems that you want to remove, then click Remove above the table.
    • Find a single system to remove, go to the end of the corresponding row, click More options More options icon , and click Remove.
  5. When prompted, click Remove.

Verification

  • A message is displayed to confirm that the system was successfully removed from the remediation plan.

5.6. Monitoring remediation status
링크 복사

You can view the latest execution status and activity for each remediation plan that you execute from the Red Hat Lightspeed application. You can also view the execution logs for the remediation plan and see the results of the Ansible Playbook execution.

Prerequisites

  • You are logged into the Red Hat Lightspeed UI with Remediations user permissions.

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. In the table, find the plan that you want to monitor.

  3. Click the name of the remediation plan to open the Plan details and status card on the General tab. The latest execution status of the remediation plan is displayed.

    Note

    A status of N/A indicates that the remediation plan has not yet been executed from within Red Hat Lightspeed.

  4. Optional: Go to the Execution History tab to view the progress or status status of the execution on each individual system included in the plan including links to more detailed execution activity logs.

Next steps

To monitor the status of a playbook in the Satellite web UI, see Monitoring Remote Jobs in the Red Hat Satellite Managing Hosts guide.

Chapter 6. Executing remediation plans
링크 복사

After you create a remediation plan, you can download and run the generated playbook by using your organization’s Ansible Automation Platform (AAP) workflow, or you can execute the playbook on remote systems from the Red Hat Lightspeed application.

6.1. Ensure that your remediation plan is ready to run
링크 복사

When you create a remediation plan, you must ensure that the plan can successfully execute on your systems. Before a plan can execute successfully, it must meet the criteria for execution readiness in the Hybrid Cloud Console.

As a general rule, you can run smaller-scale remediation plans directly within Red Hat Lightspeed. Use Red Hat Lightspeed for rapid, targeted remediations.

A larger-scale remediation plan contains large numbers of systems or includes multiple complex remediation operations, or both. If a larger-scale plan cannot execute directly on Red Hat Lightspeed, you can download it to run with Ansible Automation Platform (AAP). AAP allows you to execute at scale with greater functionality designed specifically for enterprise-grade execution, such as advanced orchestration capabilities: scheduling, RBAC, and auditing features.

You can also download a larger-scale remediation plan and use a Red Hat Satellite integration to execute it. For more information about using a Satellite integration, see Creating an Insights remediation plan for hosts.

Additional resources

6.1.1. View execution readiness criteria
링크 복사

Execution readiness criteria are conditions that your remediation plan must meet before the plan is ready to execute. Before you execute a remediation plan, make sure that your plan meets the criteria.

A remediation plan must meet the following criteria before it can execute:

  • You have the required user permissions to run the remediation plan on your systems.
  • The remote host configuration manager is enabled.
  • The rhc client is active on all systems.
  • All systems are connected and visible in Red Hat Lightspeed inventory.

Remediation plans must fall within execution limits before they can be executed remotely using Red Hat Lightspeed. An execution limit is the threshold that determines whether a remediation plan can successfully execute on your systems. If a remediation plan falls outside execution limits, you cannot execute the plan within Red Hat Lightspeed. However, you can download the plan and run it manually with Red Hat Ansible Automation Platform (AAP) or with a Red Hat Satellite integration.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console.
  • You have the required user permissions to run remediation plans on your system.

Procedure

  1. To view readiness criteria in the Red Hat Hybrid Cloud Console, navigate to Automation toolkit > Remediation plans.

  2. Select the remediation plan that you want to view from the list. The details page for the plan displays.

    The General tab shows details about your remediation plan, such as creation date and number of systems in the plan. The Execution Readiness Summary lists the readiness criteria for your plan, and whether or not the plan meets the criteria.

    If your remediation plan meets the criteria, the summary shows checkmarks next to each of the criteria, and the status message shows Ready. The Execute button is available.

    If your remediation plan does not meet readiness criteria, the Execute button is disabled and the status message Not ready (# errors) displays. (# errors) shows the number of Execution readiness steps that failed. If this happens, you must decide whether to modify the remediation plan to run with Red Hat Lightspeed, or to download the plan and execute it with AAP or a Satellite integration.

6.1.2. About action points
링크 복사

When you create a remediation plan, you can use action points to decide how and where to execute it. Red Hat Lightspeed uses a system of action points to calculate the relative complexity and performance impact of a remediation plan. Complex issues require a higher number of action points, and simpler issues require a lower number. Red Hat Lightspeed assigns a specific point value to each type of issue and calculates the plan’s total size against the platform’s performance capabilities.

Red Hat Lightspeed supports execution reliability for plans up to 100 systems and 1,000 action points. If the total number of systems and action points for your plan falls within these limits, you can run the plan directly on Red Hat Lightspeed.

If the plan exceeds those limits, the Execute button on the Remediation Plans page in the Red Hat Hybrid Cloud Console is disabled, and the Execution readiness summary shows how many systems and action points you must remove to execute the remediation plan within Red Hat Lightspeed. You must either remove systems and issues from the remediation plan to execute it within Red Hat Lightspeed, or download the plan and run it with Ansible Automation Platform (AAP) or with a Satellite integration.

Additional resources

6.1.3. Optimize the number of planned remediations
링크 복사

The Execution readiness summary shows the number of systems and action points in your remediation plan. If the number of remediations exceeds 100 systems and 1,000 action points, the summary shows how many systems and action points you must remove to execute the remediation plan within Red Hat Lightspeed.

If your plan falls slightly over the execution limits, you can remove individual systems or issues from the plan to make reductions in your planned remediation. Removing a single Advisor issue frees up 20 points, whereas you would need to remove 10 Patch issues to achieve the same reduction.

Use these guidelines to view the number of action points required to run your remediation plan:

  • Advisor issues: 20 points for each issue (High complexity)
  • Vulnerability issues: 20 points for each issue (High complexity)
  • Compliance issues: 5 points for each issue (Medium complexity)
  • Patch issues: 2 points for each issue (Low complexity)

For example, a plan containing 50 Patch issues would only total 100 points (50 x 2), which falls well within execution limits. However, a plan with 50 Advisor issues would total 1,000 points (50 x 20), reaching the maximum limit immediately. The plan with 50 Advisor issues would still run on Red Hat Lightspeed, but only if the number of systems is fewer than 100.

If your plan falls slightly over the limit of 1,000 action points, you can remove individual issues from the plan to make reductions in your planned remediation. Removing a single Advisor issue frees up 20 points, whereas you would need to remove 10 Patch issues to achieve the same reduction.

If your plan exceeds the limits by a significant number, you can download the plan and execute it with AAP without needing to first remove systems or reduce the number and type of issues that you want to fix.

Additional resources

6.2. Executing remediation plans from the Red Hat Lightspeed UI
링크 복사

You can execute the playbooks generated by your remediation plans from the Red Hat Lightspeed UI on the Red Hat Hybrid Cloud Console, if you have the required permissions and pass the readiness check.

Prerequisites

To pass the remediations execution readiness check, ensure the following prerequisites are met:

  • You can log on to the Red Hat Hybrid Cloud Console.
  • Your user account is a member of a User Access group with the Remediations administrator role, as outlined earlier in this section.
  • You have completed the steps in Enabling host communication with Red Hat Lightspeed
  • The option Allow permitted Red Hat Lightspeed users to execute remediation playbooks on rhc-connected systems is enabled on the Remote Host Configuration Manager page in the Red Hat Lightspeed UI.

  • You have the Organization Administrator or Remediations administrator role.

    IMPORTANT:

    • The Remediations user role does not have the required permissions to execute remediation plans on remote systems. The Remediations administrator role permits access to all remediations capabilities and enables you to discover whether your systems are connected.
    • If you do not have the required permissions, the connection status for your system will be set to Unknown, even though you can connect to that system for other use cases in the console.
    • The Remediations administrator role is not a default role. You must create the group and add yourself. For more information about User Access permissions, see Managing group access with roles and members.
  • You have successfully completed the execution readiness check in the remediation plan in the Red Hat Lightspeed UI. You can find the readiness results in the Execution readiness section of the remediation plan details.

Procedure

  1. Navigate to Automation Toolkit > Remediation Plans.
  2. Scroll through the list and find a remediation plan.
  3. Click the name to open the Remediation plan details view.

  4. Click Execute.

    Important

    If the Execute button is disabled, this means that the execution readiness check failed because one of the requirements was not met. To help you troubleshoot and complete the execution readiness check successfully, see Execution readiness check.

  5. When prompted, click Execute playbook on systems. The playbook runs on the systems included in the remediation plan.

    Note, that a remediation plan with a large number of actions to execute on many systems might take a while to complete.

Next steps

  • To monitor the progress, go to the Execution History tab for the plan you just executed. The Execution History tab displays the status, history and links to the logs of a plan execution for each included system.
  • When the remediation plan is successfully executed, find and open the recommendation or issue that your remediation plan addressed, and verify that the impacted systems you remediated are no longer in the list.

6.3. Executing remediations from the Satellite UI
링크 복사

You can also remediate using the Satellite UI.

Prerequisites

  • You are a Cloud Administrator.
  • You are a Remediations Administrator.
  • You have completed Host registration by using the insights-client.

Procedure

  1. To remediate a recommendation on RHEL systems managed by Red Hat Satellite, see Remediating issues based on Red Hat Lightspeed recommendations in the Satellite Managing hosts documentation.

    Important

    When you introduce a new host into your Satellite inventory, by means of provisioning or registration, two automatic background tasks will initiate. It will take 24 hours for these tasks to complete. This is a typical time frame for the automatic synchronization.

    If you identify security issues or another scenario that warrants not waiting 24 hours for the automatic sync, you can manually synchronize by clicking the sync button in the UI. This manual sync will complete in a few minutes.

  2. To view the procedures for enabling automatic and manual synchronization, see the Configuring Synchronization of Red Hat Lightspeed Recommendations for Hosts in the Satellite documentation.

Chapter 7. Managing remediations in Red Hat Lightspeed associated playbooks
링크 복사

The following information can help you create, configure, and manage remediation plans in Red Hat Lightspeed as well as their associated playbooks.

7.1. Installing the insights-client on Satellite Server content hosts
링크 복사

The insights-client comes preinstalled on most versions of Red Hat Enterprise Linux; however, if you have to install it, use this procedure to install the insights-client on each system.

Prerequisites

  • Register your hosts to Satellite

    • If you already have Red Hat Enterprise Linux hosts, you can use the Global Registration Template to register them to Satellite. For more information, see Registering Hosts in the Satellite documentation.

Procedure

  1. Install the insights-client: 

    # yum install insights-client
    Copy to Clipboard Toggle word wrap

  2. Register the host to Red Hat Lightspeed: 

    # insights-client --register
    Copy to Clipboard Toggle word wrap
  3. Repeat these steps on each host.
  4. Alternatively, you can use the RedHatInsights.insights-client` Ansible role to install the insights-client and register the hosts. For more information, see Monitoring hosts by using Red Hat Lightspeed in the Red Hat Satellite Managing Hosts guide.

7.2. Configuring Cloud Connector after upgrading Satellite Server 6.10 to 6.11
링크 복사

After you upgrade your Satellite Server, configure Cloud Connector to complete the upgrade process.

Important

The following information applies to upgrades from Satellite Server version 6.10 to 6.11.

For more information, see Upgrading and Updating Red Hat Satellite.

Procedure

  • To configure Cloud Connector after upgrading the Satellite Server, click Configure Cloud Connector from ConfigureRH Cloud - Inventory Upload to enable it on the new version of Satellite Server. Simultaneously, you must remove the previous source from the cloud manually on the Red Hat Hybrid Cloud Console after upgrading your Satellite Server.

Verification

  • After you configure the Cloud Connector, it removes the receptor bits and installs the RHC bits. At the same time, the Cloud Connector announces all the organizations in the Satellite to the source and is ready to receive the connections.

7.3. Disabling direct remediations on a Satellite Server content host
링크 복사

You can disable direct remediations to ensure the playbook run does not get invoked from the cloud on a single host.

The enable_cloud_remediations setting in Satellite controls whether your hosts can be directly remediated through the Red Hat Lightspeed console. When the value of enable_cloud_remediations is set to False, direct remediation from Red Hat Lightspeed is disabled for that specific host. The parameter is not set for your systems, which means that by default, direct remediation is enabled with Cloud Connector.

Note, all hosts in the organization inherit the value that is set for enable_cloud_remediations.

For information about how to enable automatic and manual synchronization, see the Configuring Synchronization of Red Hat Lightspeed Recommendations for Hosts in the Satellite documentation.

When Satellite receives the request to run the remediation plan’s playbook from Cloud Connector, the request includes a list of hosts on which to execute the playbook.

Procedure

  1. Go to Hosts menuAll Hosts in the Satellite web UI.
  2. Locate the host, and click EditParameters.
  3. Set the enable_cloud_remediations parameter to False.

7.4. Disabling direct remediation on a Satellite Server content host group
링크 복사

You can disable remediations for the entire organization or host group by changing the Global Parameters in the Red Hat Satellite UI.

Prerequisites

  • You have an Organization Administrator role.

Procedure

  1. Navigate to the Satellite Dashboard.
  2. Click ConfigureGlobal ParametersCreate Parameter.
  3. In the Name field, enter enable_cloud_remediations.
  4. In the Value field, enter false.
  5. Click Submit.

Verification

  • Check to see whether your new parameter is listed in the Global Parameters table. For more information about configuring global parameters, see the Parameters section of the Red Hat Satellite documentation.

Providing feedback on Red Hat documentation
링크 복사

We appreciate and prioritize your feedback regarding our documentation. Provide as much detail as possible, so that your request can be quickly addressed.

Prerequisites

  • You are logged in to the Red Hat Customer Portal.

Procedure

To provide feedback, perform the following steps:

  1. Click the following link: Create Issue
  2. Describe the issue or enhancement in the Summary text box.
  3. Provide details about the issue or requested enhancement in the Description text box.
  4. Type your name in the Reporter text box.
  5. Click the Create button.

This action creates a documentation ticket and routes it to the appropriate documentation team. Thank you for taking the time to provide feedback.

Legal Notice
링크 복사

Copyright © Red Hat.
Except as otherwise noted below, the text of and illustrations in this documentation are licensed by Red Hat under the Creative Commons Attribution–Share Alike 3.0 Unported license . If you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, the Red Hat logo, JBoss, Hibernate, and RHCE are trademarks or registered trademarks of Red Hat, LLC. or its subsidiaries in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
XFS is a trademark or registered trademark of Hewlett Packard Enterprise Development LP or its subsidiaries in the United States and other countries.
The OpenStack® Word Mark and OpenStack logo are trademarks or registered trademarks of the Linux Foundation, used under license.
All other trademarks are the property of their respective owners.
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2026 Red Hat맨 위로 이동