Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Assessing RHEL configuration issues by using the Red Hat Lightspeed advisor service

Red Hat Lightspeed 1-latest

Assess and monitor the configuration issues impacting your Red Hat Enterprise Linux systems

Red Hat Customer Content Services

Abstract

Use the Red Hat Lightspeed Advisor service to assess and monitor configuration issues affecting the availability, stability, performance, and security of your Red Hat Enterprise Linux systems.

Chapter 1. About the Red Hat Lightspeed advisor service assessment and monitoring
Copiar o link

Use the advisor service to assess and monitor the health of your Red Hat Enterprise Linux (RHEL) infrastructure. Whether you are concerned with individual systems or groups of systems, or with your whole infrastructure, the advisor service helps you to be aware of the exposure of your systems to configuration issues that can affect availability, stability, performance, and security.

1.1. Manage user permissions for Red Hat Lightspeed services
Copiar o link

Manage user permissions to control access to Red Hat Lightspeed applications. Use the User Access feature to apply role-based access control (RBAC). Red Hat provides predefined groups and a set of predefined roles to make it easier for Organization Administrators to assign, restrict, and remove user permissions to Red Hat Lightspeed.

1.1.1. User Access overview
Copiar o link

Understand how the role-based access control (RBAC) User Access feature of the Red Hat Hybrid Cloud Console manages user permissions through roles instead of individual user assignments. User Access simplifies permission management by assigning specific permissions to roles, which can then be assigned to user groups.

You can also create custom groups and roles to provide more fine-tuned control over specific features of Red Hat Lightspeed to suit the needs of your organization.

If you are an Organization Administrator, you can use the User Access feature under Identity & Access Management in the Hybrid Cloud Console to:

  • Control user permissions and organize roles.
  • Create groups that include roles and their corresponding permissions.
  • Assign users to these groups, allowing them to inherit the permissions associated with their group’s roles.

1.1.2. Predefined groups in User Access
Copiar o link

Understand the two predefined groups available in User Access: Default access and Default admin access. Create custom groups to align permissions with specific personas, job functions, or teams in your organization.

The Default access group
By default, the Default access group is assigned many granular predefined roles, such as Remediations viewer and Inventory Hosts viewer, so that group members have basic visibility. Because all users in your organization are members of the Default access group, they inherit all permissions assigned to that group. The Default access group is automatically updated by Red Hat.
Important

If your Organization Administrator modifies the Default access group, for example, by removing roles to restrict access to specific applications or to use the consolidated roles, the group is automatically renamed to Custom default access. Once converted, this group is no longer automatically updated by Red Hat.

The Default admin access group
The Default admin access group contains only users who have Organization Administrator permissions. This group is automatically maintained, and users and roles in this group cannot be changed.

The Default admin access group includes many (but not all) predefined roles that provide update and delete permissions. The roles in this group usually include administrator in their names.

1.1.3. Predefined roles assigned to groups
Copiar o link

Understand how predefined roles in Red Hat Hybrid Cloud Console bundle permissions across multiple Red Hat Lightspeed applications to align with common user personas. Use predefined roles to reduce administrative effort, or create custom roles for more fine-tuned control over specific features.

The predefined roles are a starting point to help you to control and manage user permissions. You can then use these roles to create custom roles that are tailored to your specific use cases and organization. For example, you can use the predefined granular roles to create custom roles that provide more fine-tuned control over specific features of Red Hat Lightspeed.

By default, Red Hat provides a set of consolidated roles and a set of granular roles in the Red Hat Hybrid Cloud Console User Access UI. The consolidated roles significantly reduce the administrative effort required to manage user permissions, while the granular roles provide more fine-tuned control over specific features of Red Hat Lightspeed.

You can use the predefined consolidated and granular roles in User Access simultaneously, but using consolidated roles can significantly reduce the administrative effort.

Select from the predefined consolidated roles library

The Red Hat Hybrid Cloud Console provides three predefined, consolidated User Access roles to help you manage user permissions to Red Hat Lightspeed applications and services that run on registered Red Hat Enterprise Linux systems. These roles help simplify how the Organization Administrator creates groups and permissions for various levels of access to the Red Hat Lightspeed services. If you want to reduce the administrative effort required to manage user permissions and your use case aligns with the permissions included in these roles, select from the consolidated roles library.

The consolidated roles are as follows:

RHEL viewer: The RHEL viewer role provides users visibility without the ability to make changes. It allows read-only access to Red Hat Lightspeed. You can view system configurations, compliance reports, inventory data, patch information, vulnerabilities, and overall resource states and activities. The only action permitted with this role is to generate activation keys.

RHEL operator: The RHEL operator role allows active management of your Red Hat Lightspeed environment. With this role, you can edit system configurations, inventory details, policies, and notification/integration settings. The RHEL operator role allows many of the RHEL administrator role functions, but it is restricted from editing compliance policies, content source templates, policies, or tasks. In addition, the RHEL operator role cannot execute remediation plans.

RHEL administrator: The RHEL administrator role provides comprehensive administrative privileges across your RHEL systems and Red Hat Lightspeed. With this role, you can manage system configurations, inventory, compliance policies, notifications, patch management, remediations, malware detection, and advisor recommendations. The role can also view and modify all vulnerability settings.

Important

To use the consolidated roles effectively, you might need to remove the granular RHEL roles from the Default access group to prevent permission conflicts. This action automatically changes the name of the predefined Default access group to Custom default access group, after which, it is no longer automatically updated by Red Hat.

See Predefined User Access roles for a list of the roles included in the Default admin access group and a reference table that lists most of the predefined groups and roles that are available in the Red Hat Hybrid Cloud Console and the permissions included in each role.

Granular roles
The granular roles are specific roles for individual services that allow for fine-tuned control over specific features of Red Hat Lightspeed, for example, Inventory Hosts administrator or Compliance viewer. If you want to have more control over specific features of Red Hat Lightspeed and your use case does not align with the permissions included in the consolidated roles, use the granular predefined roles.
Tip

Across the Red Hat Lightspeed product documentation, the Prerequisites section for each procedure lists which predefined roles provide the permissions needed to use the features in that procedure. For example, if a procedure requires permissions to view and manage remediations, the Prerequisites section for that procedure lists the Remediations administrator or other valid role as a recommended predefined role to use for that procedure.

1.1.4. Check your permissions
Copiar o link

Verify your current permissions and the roles or groups assigned to you in the Red Hat Hybrid Cloud Console. Check your permissions to troubleshoot access issues or understand your level of access to Red Hat Lightspeed applications.

Note

Only users with the Organization Administrator role can view the permissions of other users in the User Access settings and manage user permissions to Red Hat Lightspeed services. For more information, see the Configure user permissions section.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console.

Procedure

  1. In the Hybrid Cloud Console, click the Settings icon (⚙), then navigate to My User Access.
  2. Optional: If you require additional permissions, use the Red Hat Hybrid Cloud Console Virtual Assistant to ask "Contact my Organization Administrator". The assistant sends an email to the Organization Administrator on your behalf.

Results

All of the applications that you have permissions to access are listed on this page and are grouped by product, for example, RHEL, OpenShift Container Platform, and Ansible Automation Platform.

You can also filter your permissions by application, for example, by advisor, cost management, inventory, and remediations.

1.1.5. Configure user permissions
Copiar o link

If you are an Organization Administrator, you can view and manage user permissions for all users in your organization. Control access to Red Hat Lightspeed and other Red Hat Hybrid Cloud Console services through the User Access interface.

Important

If you are not an Organization Administrator, you will be unable to complete this task. However, you can check your own permissions for different applications by navigating to My User Access. Contact your Organization Administrator to request more permissions.

Prerequisites

  • You have logged in to the Red Hat Hybrid Cloud Console as an Organization Administrator, or you have the required administrator User Access role permissions.

Procedure

Results

From here, you can create and manage:

  • Roles to determine permissions to Red Hat Lightspeed services and features
  • Groups to include one or more roles to align with a specific persona, job function, or team in your organization
  • Users and their assignment to groups to inherit permissions from the roles assigned to those groups

1.2. How the advisor service works
Copiar o link

After you install and register the insights-client, the client runs daily to check systems against a database of Recommendations. Recommendations are sets of conditions that can leave your RHEL systems at risk. When the daily check is complete, insights-client uploads your data to the Operations > Advisor > Recommendations page in the Red Hat Hybrid Cloud Console, where you can perform the following actions:

  • See all of the recommendations for your entire RHEL infrastructure.
  • Use robust filtering capabilities to refine your results to those recommendations, systems, groups, or workloads that are of greatest concern to you, including SAP workloads, Satellite host collections, and custom tags.
  • Learn more about individual recommendations, view details about the risks they present, and get resolutions tailored to your individual systems.
  • Share results with other stakeholders. For more information, see Generating advisor service reports.
  • Create and manage remediation plans to fix issues right from the Red Hat Lightspeed application. For more information, see Red Hat Lightspeed remediations guide.

1.2.1. User Access roles for permissions to the advisor service
Copiar o link

Understand the predefined roles that control access to the advisor service of Red Hat Lightspeed.. Use these role definitions to assign appropriate permissions to users based on their responsibilities.

The following table shows the standard and enhanced access permissions provided by the predefined roles in User Access for the advisor service:

Expand
Table 1.1. Permissions provided by the User Access roles
User Access roleGrants access to …​Included in the Default access group

RHEL Advisor administrator

  • Do any available Do any available operations on any RHEL advisor resource.
 

RHEL Advisor viewer

  • Read RHEL advisor data.

X

RHEL administrator

  • Do everything that a RHEL operator can do.
  • Administer RHEL system configs, inventory, compliance, notifications, patch management, execute remediation plans, malware detection, and advisor.
  • View and modify vulnerability settings.
 

RHEL operator

  • Do everything that a RHEL viewer can do.
  • Edit system configs, inventory, policies, notifications, and integrations.
  • View compliance reports, patch info, malware detections, and recommendations.
  • Create remediation plans, manage stale data, and change vulnerability settings.
Note

The RHEL operator role is restricted from editing compliance policies, content source templates, policies, or tasks. Also, the RHEL operator role cannot execute remediation plans.

 

RHEL viewer

  • Read all available data across Red Hat Lightspeed services and features.

    • View system configs, compliance reports, inventory data, patch info, vulnerabilities, and more to observe the state of resources or activities.
Note

Cannot perform actions other than generating activation keys.

 

Chapter 2. Advisor service recommendations
Copiar o link

The advisor service bundles information about known configuration issues that might negatively affect the availability, stability, performance, or security of your RHEL systems. Use this information bundle to create recommendations about how you can fix or remediate issues on your systems. (A recommendation was formerly called a rule in Red Hat Lightspeed.) insights-client publishes recommendations to the advisor service database. You can access them through the advisor Recommendations page.

2.1. Advisor service recommendations
Copiar o link

When you navigate to the Recommendations page, you can use various sort and filter methods to access information about advisor service recommendations. The information includes the type of recommendation, the severity of the issue, and the number of systems in your environment that the recommendation affects. Use this information to assess a recommendation and decide whether to remediate it.

The Recommendations page shows the following information about advisor service recommendations:

  • Modified. Shows the date or time frame when a recommendation was last modified (or published) to the advisor service database.
  • Category. Shows the type of issue or what the issue affects—​whether the issue has the potential to negatively affect the availability, stability, performance, or security of RHEL systems.
  • Impact. Shows the impact (Low, Medium, High or Critical) on system operations if an incident related to the recommendation were to happen.
  • Incidents. Shows the issue has been classified as an incident and is an issue that is already affecting your systems.
  • Likelihood. Shows the likelihood (Low, Medium, High or Critical) that the issue will negatively affect your infrastructure.
  • Name. Shows a brief description of the issue, including how it affects RHEL systems.
  • Reboot Required. Shows whether a system reboot is required (Required or Not Required) as part of remediation steps.
  • Remediation type. Shows if the fix or remediation requires manual steps or has an automated playbook.
  • Risk of change. Shows the risk of change (Very Low, Low, Moderate, or Important) for systems if a remediation is executed.

  • Status. Describes a recommendation’s status. (All, Enabled, Disabled, or Red Hat disabled).

    • All. Shows results for all status options.
    • Enabled and Disabled. Show business-critical recommendations that are visible, or not visible. A disabled recommendation indicates that someone in your organization turned the visibility of a recommendation off.
    • Red Hat disabled. Shows recommendations that Red Hat makes available for you to enable when you are performing specific actions, like upgrading Red Hat Enterprise Linux major versions.
  • Systems or Systems impacted. Shows the number of systems (1 or more or None) on which a recommendation is detected. 1 or more systems shows one or more systems that have recommendations. None Shows systems that do not have recommendations.
  • Total risk. Describes total risk level (Low, Moderate, Important, or Critical), which is determined by the likelihood that the issue will negatively affect your infrastructure, and the impact on system operations if that were to happen.

The default advisor service recommendations view shows a smaller subset of information. The information is filtered to show recommendation information for one or more systems. These recommendations have a status of Enabled.

Additional resources

2.2. System and recommendation pairing
Copiar o link

When a recommendation exists on a system, the advisor service identifies whether, and how, the system has been affected and provides specific mitigation or resolution instructions. This information is visible when you view a recommendation and then select an affected system.

After selecting an affected system, view all recommendations available for the system along with the following information:

  • Detected issues. Specific information about the fault on that system
  • Steps to resolve. Steps to resolve the issue on that system
  • Related knowledgebase articles. KB articles or solutions about the general issue
  • Additional info. Other support articles on the issue or solutions for resolution
  • Ansible. Playbook remediation availability

2.3. Recommendation impact date
Copiar o link

A system is said to be impacted by a recommendation when the conditions described in that recommendation exist on the system. The advisor service informs users of when a system first became impacted by a recommendation.

You can apply the Systems impacted primary filter to the list of recommendations, and select the 1 or more secondary filter to show only recommendations impacting systems. By clicking on a recommendation from the filtered list, you can see when that recommendation first impacted each of the systems on the list.

You can view this information in the First impacted column on the following pages in the advisor service web console:

  • On the Recommendations list for a single system, for each recommendation where applicable.
  • In the details view of a single recommendation, Affected systems list, for each system impacted by that recommendation.

Chapter 3. Refining advisor service recommendations
Copiar o link

You can filter, sort, and exclude specific recommendations from your advisor results so you can concentrate on the recommendations that are most important.

3.1. Viewing all advisor-service recommendations
Copiar o link

When you first enter the advisor service Recommendations view, you see the default view and results of Systems Impacted and Status filters applied to the list of recommendations. By default, the Systems Impacted filter is set to 1 or more systems impacted, and Status is set to Enabled.

To get a comprehensive view of all recommendations, including those not affecting your systems and those in the advisor database, close all the filters.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console as a user who is a member of a User Access group with at least one of the following roles:

    • RHEL Advisor viewer
    • RHEL viewer

Procedure

  1. Navigate to the Operations > Advisor > Recommendations page.
  2. Click the Close icon Close next to the Systems Impacted and Status filters. You can now browse through all of the potential recommendations for your systems.
  3. Optional: Click Reset filters to return to the default recommendations view.

3.2. Filtering advisor-service recommendations
Copiar o link

You can set filters and subfilters to refine advisor service recommendations.

Select from the following filters to refine your recommendations list:

  • Name. In the subfilter field, start typing the recommendation description or a keyword and select from the options presented.
  • Total risk. In the subfilter field, select from one or more: Critical, Important, Moderate, or Low.
  • Risk of change. In the subfilter field, select from High, Moderate, Low, or Very low.
  • Impact. In the subfilter field, select from Critical, Important, Moderate, or Low.
  • Likelihood. In the subfilter field, select from Critical, Important, Moderate, or Low.
  • Category. In the subfilter field, select from Availability, Performance, Stability, or Security.
  • Incidents. In the subfilter field, select to show recommendations with or without incidents having occurred.
  • Remediation. In the subfilter field, select Ansible playbook or Manual for the remediation method.
  • Reboot required. In the subfilter field, select either Required or Not required.
  • Ansible support. In the subfilter field, select to show recommendations with or without Ansible Playbook support.
  • Status. In the subfilter field, select from All, Enabled, Disabled, Red Hat disabled.
  • Systems impacted. In the subfilter field, select either 1 or more or None.

Procedure

  1. Navigate to the Operations > Advisor > Recommendations page and log in if necessary.
  2. Click the filter icon and select a filter category from the drop-down list.

  3. Click the drop-down arrow in the subfilter menu and select the required options to activate a subfilter.

    Note

    For some filter options, for example Name, type the name or description of a recommendation to refine the list further.

3.3. Recommendations table columns and sorting
Copiar o link

Use these parameters to sort columns in the advisor recommendations table.

  • Name. Alphabetize by A to Z or Z to A.
  • Modified. Order by number of days since the recommendation was last modified or published, from newest or oldest.
  • Total risk. View in order of criticality.
  • Systems. View by the number of your systems that are impacted.
  • Remediation. Sort by recommendations that have or do not have Ansible Playbook support.

3.4. Disabling an advisor-service recommendation
Copiar o link

You can disable specific recommendations that affect your systems so that they no longer appear in your results.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console as a user who is a member of a User Access group with at least one of the following roles:

    • RHEL Advisor administrator
    • RHEL administrator

Procedure

  1. In the Hybrid Cloud Console, navigate to the Operations > Advisor > Recommendations page.
  2. Locate the recommendation to disable.
  3. Click More-options ( More options ) at the right end of the row, and then click Disable recommendation. A confirmation dialog appears.
  4. Under Justification note, enter a comment to explain why you are disabling the recommendation, and then click Save.

Results

The recommendation is disabled and no longer appears in your reports and dashboards.

3.4.1. Viewing and enabling a previously disabled recommendation
Copiar o link

When a recommendation is disabled, you will no longer see the recommendation in your advisor results. To reverse this action, use the Status filter.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console as a user who is a member of a User Access group with at least one of the following roles:

    • RHEL Advisor administrator
    • RHEL administrator

Procedure

  1. Navigate to the Operations > Advisor > Recommendations page and log in if necessary.
  2. Click the Filter drop-down and select Status.
  3. In the subfilter drop-down list, select Disabled.
  4. Locate the recommendation to enable.
  5. Navigate to the right side of the row, and click the More-options icon More options followed by Enable recommendation.

Chapter 4. Refining your view of systems in the advisor service
Copiar o link

The Systems view shows all of your systems that have the insights-client installed and reporting advisor data. You can refine the Systems list in the following ways:

  • Filter by name
  • Use the sorting options
  • Filter by tags

Shows one system that has four recommendations

4.1. Filter by name
Copiar o link

Search for the host or system name.

4.2. Sorting options
Copiar o link

Use the sorting arrows in the column headings to reorder your systems table:

  • Name. Alphabetize by A to Z or Z to A.
  • Number of recommendations. Order by the number of recommendations impacting each system.
  • Last seen. Order by the number of minutes, hours, or days since an archive was last uploaded from the system to the advisor service.

4.3. Filtering systems by tags, SAP workloads, and groups in the advisor service
Copiar o link

To quickly locate and view the systems you want to focus on, filter results in the advisor service UI by custom group tags, SAP workloads, and Satellite groups.

In the advisor service, use the Filter results box to access tag, workload, and group filters. The Filter drop-down menu shows all of the tags associated with the account. Click one or more parameters to apply filters.

Procedure

  1. Navigate to the Operations > Advisor > Systems page and log in if necessary. The Filter results box is in most views in the Red Hat Lightspeed application and these procedures work anywhere you access Filter results.
  2. Click the arrow on the Filter results box and scroll to see the tags available for systems on this account.
  3. Select one or more tags to filter by SAP workloads, Satellite host group, or a custom group. Applied tags are visible next to the Filter results box.
  4. View the filtered results throughout the advisor service.
  5. To remove the tag, click Clear filters.

Chapter 5. System tags and groups
Copiar o link

Red Hat Lightspeed enables administrators to filter groups of systems in inventory and in individual services using group tags. Groups are identified by the method of system data ingestion to Red Hat Lightspeed. Red Hat Lightspeed enables filtering groups of systems by those running SAP workloads, by Satellite host group, by Microsoft SQL Server workload, and by custom tags that are defined by system administrators with root access to configure the insights-client on the system.

Note

As of Spring 2022, the inventory, advisor, compliance, vulnerability, and patch services enable filtering by groups and tags. Other services will follow.

Important

Unlike the other services that enable tagging, the compliance service sets tags within lists of systems in the compliance service UI. For more information, see the following section Group and tag filters in the compliance service.

Use the global, Filter results box to filter by SAP workloads, Satellite host groups, MS SQL Server workloads, or by custom tags added to the insights-client configuration file.

Prerequisites

The following prerequisites and conditions must be met to use the tagging features in Red Hat Lightspeed:

  • The insights-client is installed and registered on each system.
  • You must have root permissions, or their equivalent, to create custom tags or change the /etc/insights-client/tags.yaml file.

5.1. Group and tag filters in the compliance service
Copiar o link

The compliance service enables users to apply tag and group filters to systems that report compliance data. However, they are not set by using the Filter by status drop-down.

Unlike most of the other services in the Red Hat Lightspeed application, the compliance service only shows data for systems under the following conditions:

  • The system is associated with a compliance service security policy.
  • The system is reporting compliance data to Red Hat Lightspeed using the insights-client --compliance command.

Because of those conditions, compliance-service users have to set tag and group filters using the primary and secondary filters located above lists of systems in the compliance service UI.

5.2. SAP workloads
Copiar o link

As Linux becomes the mandatory operating system for SAP ERP workloads in 2025, Red Hat Enterprise Linux and Red Hat Lightspeed are working to make Red Hat Lightspeed the management tool of choice for SAP administrators.

As part of this ongoing effort, Red Hat Lightspeed automatically tags systems running SAP workloads and by SAP ID (SID), without any customization needed by administrators. Users can easily filter those workloads throughout the Red Hat Lightspeed application by using the global Filter by tags drop-down menu.

5.3. Satellite host groups
Copiar o link

Satellite host groups are configured in Satellite and recognized automatically by Red Hat Lightspeed.

5.4. Microsoft SQL Server workloads
Copiar o link

Using the global Filter by tags feature, Red Hat Lightspeed users can select groups of systems running Microsoft SQL Server workloads.

In May of 2019, the Red Hat Lightspeed team introduced a new set of Red Hat Lightspeed recommendations for Microsoft SQL Server running on Red Hat Enterprise Linux (RHEL). These rules alert administrators to operating system level configurations that do not conform to the documented recommendations from Microsoft and Red Hat.

A limitation of these rules was that they primarily analyzed the operating system and not the database itself. The latest release of Red Hat Lightspeed and RHEL 8.5, introduces Microsoft SQL Assessment API. The SQL Assessment API provides a mechanism to evaluate the database configuration of MS SQL Server for best practices. The API is delivered with a rule set containing best practice rules suggested by the Microsoft SQL Server Team. While this rule set is enhanced with the release of new versions, the API is built with the intent to give a highly customizable and extensible solution, which enables users to tune the default rules and create their own.

The SQL Assessment API is supported by PowerShell for Linux (available from Microsoft), and Microsoft has developed a PowerShell script that can be used to call the API and store its results as a JSON formatted file. With RHEL 8.5, the insights-client now uploads this JSON file and presents the results in an easy-to-understand format in the Red Hat Lightspeed UI.

For more information about SQL Server assessment in Red Hat Lightspeed, see SQL Server database best practices now available through Red Hat Lightspeed.

5.4.1. Setting up SQL Server assessments
Copiar o link

To configure the Microsoft SQL Assessment API to provide information to Red Hat Lightspeed, the database administrator needs to take the following steps.

Procedure

  1. In the database you wish to assess, create a login for SQL Server assessments using SQL Authentication. The following Transact-SQL creates a login. Replace <*PASSWORD*> with a strong password: 

    USE [master]
GO
CREATE LOGIN [assessmentLogin] with PASSWORD= N'<*PASSWORD*>’
ALTER SERVER ROLE [sysadmin] ADD MEMBER [assessmentLogin]
GO

  2. Store the credentials for login on the system as follows, again replacing <*PASSWORD*> with the password you used in step 1. 

    # echo "assessmentLogin" > /var/opt/mssql/secrets/assessment
# echo "<*PASSWORD*>" >> /var/opt/mssql/secrets/assessment

  3. Secure the credentials used by the assessment tool by ensuring that only the mssql user can access the credentials. 

    # chmod 0600 /var/opt/mssql/secrets/assessment
# chown mssql:mssql /var/opt/mssql/secrets/assessment

  4. Download PowerShell from the microsoft-tools repository. This is the same repository you configured when you installed the mssql-tools and mssqlodbc17 packages as part of SQL Server installation. 

    # yum -y  install powershell

  5. Install the SQLServer module for PowerShell. This module includes the assessment API. 

    # su mssql -c "/usr/bin/pwsh -Command Install-Module SqlServer"

  6. Download the runassessment script from the Microsoft examples GitHub repository. Ensure it is owned and executable by mssql. 

    # /bin/curl -LJ0 -o /opt/mssql/bin/runassessment.ps1 https://raw.githubusercontent.com/microsoft/sql-server-samples/master/samples/manage/sql-assessment-api/RHEL/runassessment.ps1
# chown mssql:mssql /opt/mssql/bin/runassessment.ps1
# chmod 0700 /opt/mssql/bin/runassessment.ps1

  7. Create the directory that will store the log file used by Red Hat Lightspeed. Again, make sure it is owned and executable by mssql. 

    # mkdir /var/opt/mssql/log/assessments/
# chown mssql:mssql /var/opt/mssql/log/assessments/
# chmod 0700 /var/opt/mssql/log/assessments/

  8. You can now create your first assessment, but be sure to do so as the user mssql so that subsequent assessments can be run automatically via cron or systemd more securely as the mssql user. 

    # su mssql -c "pwsh -File /opt/mssql/bin/runassessment.ps1"

  9. Red Hat Lightspeed will automatically include the assessment next time it runs, or you can start the insights-client by running this command: 

    # insights-client
5.4.1.1. Setting up the SQL Assessment on a timer
Copiar o link

Because SQL Server Assessments can take 10 minutes or more to complete, it may or may not make sense for you to run the assessment process automatically every day. If you would like to run them automatically, the Red Hat SQL Server community has created systemd service and timer files to use with the assessment tool.

Procedure

  1. Download the following files from Red Hat public SQL Server Community of Practice GitHub site.

    • mssql-runassessment.service
    • mssql-runassessment.timer

  2. Install both files in the directory /etc/systemd/system/: 

    # cp mssql-runassessment.service /etc/systemd/system/
# cp mssql-runassessment.timer /etc/systemd/system/
# chmod 644 /etc/systemd/system/

  3. Enable the timer with: 

    # systemctl enable --now mssql-runassessment.timer

5.5. Custom system tagging
Copiar o link

By applying custom grouping and tagging to your systems, you can add contextual markers to individual systems, filter by those tags in the Red Hat Lightspeed application, and more easily focus on related systems. This functionality can be especially valuable when deploying Red Hat Lightspeed at scale, with many hundreds or thousands of systems under management.

In addition to the ability to add custom tags to several Red Hat Lightspeed services, you can add predefined tags. The advisor service can use those tags to create targeted recommendations for your systems that might require more attention, such as those systems that require a higher level of security.

Note

To create custom and predefined tags, you must have root permissions, or their equivalent, to add to, or change the /etc/insights-client/tags.yaml file.

5.5.1. Tag structure
Copiar o link

Tags use a namespace/key=value paired structure.

  • Namespace. The namespace is the name of the ingestion point, insights-client, and cannot be changed. The tags.yaml file is abstracted from the namespace, which is injected by the insights-client before upload.
  • Key. The key can be a user-chosen key or a predefined key from the system. You can use a mix of capitalization, letters, numbers, symbols and whitespace.
  • Value. Define your own descriptive string value. You can use a mix of capitalization, letters, numbers, symbols and whitespace.
Note

The advisor service includes Red Hat-supported predefined tags.

5.5.2. Creating a tags.yaml file and adding a custom group
Copiar o link

Create and add tags to /etc/insights-client/tags.yaml simply by using insights-client --group=<name-you-choose>, which performs the following actions:

  • Creates the etc/insights-client/tags.yaml file
  • Adds the group= key and <name-you-choose> value to tags.yaml
  • Uploads a fresh archive from the system to the Red Hat Lightspeed application so the new tag is immediately visible along with your latest results

After creating the initial group tag, add additional tags as needed by editing the /etc/insights-client/tags.yaml file.

The following procedure shows how to create the /etc/insights-client/tags.yaml file and the initial group, then verify the tag exists in the Red Hat Lightspeed inventory.

Procedure to create new group

  1. Run the following command as root, adding your custom group name after --group=: 

    [root@server ~]# insights-client --group=<name-you-choose>

Example of tags.yaml format

The following example of a tags.yaml file shows an example of file format and additional tags added for the new group: 

# tags
---
group: eastern-sap
name: Jane Example
contact: jexample@corporate.com
Zone: eastern time zone
Location:
- gray_rack
- basement
Application: SAP

Procedure to verify your custom group was created

  1. Navigate to Red Hat Lightspeed > RHEL > Inventory > Systems and log in if necessary.
  2. Click the Filter results dropdown menu.
  3. Scroll through the list or use the search function to locate the tag.
  4. Click the tag to filter by it.
  5. Verify that your system is among the results on the advisor systems list.

Procedure to verify that the system is tagged

  1. Navigate to Red Hat Lightspeed > RHEL > Inventory > Systems and log in if necessary.
  2. Activate the Name filter and begin typing the system name until you see your system, then select it.
  3. Verify that, next to the system name, the tag symbol is darkened and shows a number representing the correct number of tags applied.

5.5.3. Editing tags.yaml to add or change tags
Copiar o link

After creating the group filter, edit the contents of /etc/insights-client/tags.yaml as needed to add or modify tags.

Procedure

  1. Using the command line, open the tag configuration file for editing.

    [root@server ~]# vi /etc/insights-client/tags.yaml

  2. Edit content or add additional values as needed. The following example shows how you can organize tags.yaml when adding multiple tags to a system. 

    # tags
---
group: eastern-sap
location: Boston
description:
- RHEL8
- SAP
key 4: value
    Note

    Add as many key=value pairs as you need. Use a mix of capitalization, letters, numbers, symbols, and whitespace.

  3. Save your changes and close the editor.

  4. Optionally, generate an upload to Red Hat Lightspeed. 

    # insights-client

Red Hat Lightspeed advisor service recommendations treat every system equally. However, some systems might require more security than others, or require different networking performance levels. In addition to the ability to add custom tags, Red Hat Lightspeed provides predefined tags that the advisor service can use to create targeted recommendations for your systems that might require more attention.

To opt in and get the extended security hardening and enhanced detection and remediation capabilities offered by predefined tags, you need to configure the tags. After configuration, the advisor service provides recommendations based on tailored severity levels, and preferred network performance that apply to your systems.

To configure the tags, use the /etc/insights-client/tags.yaml file to tag systems with predefined tags in a similar way that you might use it to tag systems in the inventory service. The predefined tags are configured using the same key=value structure used to create custom tags. Details about the Red Hat-predefined tags are in the following table.

Expand
Table 5.1. List of Supported Predefined Tags
KeyValueNote

security

normal (default) / strict

With the normal (default) value, the advisor service compares the system’s risk profile to a baseline derived from the default configuration of the most recent version of RHEL and from often-used usage patterns. This keeps recommendations focused, actionable, and low in numbers. With the strict value, the advisor service considers the system to be security-sensitive, causing specific recommendations to use a stricter baseline, potentially showing recommendations even on fresh up-to-date RHEL installations.

network_performance

null (default) / latency / throughput

The preferred network performance (either latency or throughput according to your business requirement) would affect the severity of an advisor service recommendation to a system.

Note

The predefined tag keys names are reserved. If you already use the key security, with a value that differs from one of the predefined values, you will not see a change in your recommendations. You will only see a change in recommendations if your existing key=value is the same as one of the predefined keys. For example, if you have a key=value of security: high, your recommendations will not change because of the Red Hat-predefined tags. If you currently have a key=value pair of security: strict, you will see a change in the recommendations for your systems.

Additional resources

5.5.5. Configuring predefined tags
Copiar o link

You can use the Red Hat Lightspeed advisor service’s predefined tags to adjust the behavior of recommendations for your systems to gain extended security hardening and enhanced detection and remediation capabilities. You can configure the predefined tags by following this procedure.

Prerequisites

  • You have root-level access to your system
  • You have insights-client installed
  • You have systems registered within the insights-client
  • You have created the tags.yaml file. For information about creating the tags.yaml file, see Creating a tags.yaml file and adding a custom group.

Procedure

  1. Using the command line, and your preferred editor, open /etc/insights-client/tags.yaml. (The following example uses Vim.) 

    [root@server ~]# vi /etc/insights-client/tags.yaml

  2. Edit the /etc/insights-client/tags.yaml file to add the predefined key=value pair for the tags. This example shows how to add security: strict and network_performance: latency tags. 

    # cat /etc/insights-client/tags.yaml
group: redhat
location: Brisbane/Australia
description:
- RHEL8
- SAP
security: strict
network_performance: latency
  3. Save your changes.
  4. Close the editor.

  5. Optional: Run the insights-client command to generate an upload to Red Hat Lightspeed, or wait until the next scheduled Red Hat Lightspeed upload. 

    [root@server ~]# insights-client

Confirming that predefined tags are in your production area

After generating an upload to Red Hat Lightspeed (or waiting for the next scheduled Red Hat Lightspeed upload), you can find out whether the tags are in the production environment by accessing Red Hat Lightspeed > RHEL > Inventory > Systems. Find your system and look for the newly created tags. You see a table that shows:

  • Name
  • Value
  • Tag Source (for example, insights-client).

Example of recommendations after applying a predefined tag

The following image of the advisor service shows a system with the network_performance: latency tag configured.

shows a recommendation that has a higher Total Risk that is Important and another recommendation that has a Total Risk of Moderate

The system shows a recommendation with a higher Total Risk level of Important. The system without the network_performance: latency tag has a Total Risk of Moderate. You can make decisions about prioritizing the system with higher Total Risk.

Chapter 6. Using pathways to resolve multiple advisor-service recommendations
Copiar o link

A pathway is a group of advisor-service recommendations that share a common resolution. Pathways present clear paths to follow to maintain your systems more efficiently.

6.1. How pathways work
Copiar o link

By following the remediation steps in a pathway, you can view and address multiple recommendations in one configuration change. Use pathways to see all of the systems that the remediation affects without having to investigate every action within every recommendation.

The specific recommendations that appear in a pathway depend on the issues that affect your infrastructure at a given time. Red Hat Lightspeed dynamically calculates remediation levels based on the most significant recommendations in your environment. The calculation includes the following factors:

  • number of systems impacted by individual recommendations
  • total risk of individual recommendations
  • whether there is an incident detected

Issues grouped into pathways must share the same common resolution type, such as a package update, configuration update, product upgrade, and so on. In addition, the issues must share a common resolution target. Each system must require the same package update or configuration file change.

Red Hat Lightspeed names each pathway after its core remediation, so you can immediately see and understand the configuration change.

6.2. Viewing and assessing advisor pathways
Copiar o link

When planning remediations, you want to identify the most critical recommendations that affect your environment. Identifying the highest-priority issues helps you to assign priority to your remediations and to resolve the most significant issues first. Pathways are groups of recommendations that currently affect your systems. The Recommended Pathways panel shows the most important recommendations that you can remediate for affected systems in your environment. Use the recommendations to focus your troubleshooting and remediation efforts where they matter most.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console as a user who is a member of a User Access group with at least one of the following roles:

    • RHEL Advisor viewer
    • RHEL viewer

Procedure

  1. Navigate to Operations > Advisor > Recommendations. The Recommended Pathways panel appears at the top of the page, and includes up to three of the most significant pathways for your systems.
  2. To view details for a pathway, click View Pathway, or click Pathways in the list of recommendations and then select the pathway from the list. The information for the pathway appears.
  3. Click Systems to view the list of systems that the issue affects.

Next steps

  • After you view the pathways, decide which recommendations you want to add to a remediation plan. Keep in mind that each Advisor issue requires 20 action points for each affected system. Depending on the number of systems that the pathway affects, your plan could quickly exceed the 1000-point hosted execution limit. This means that you would not be able to execute the remediation plan direction on Red Hat Lightspeed, but you can download the plan and run it using Red Hat Ansible Automation Platform (AAP).

6.3. Remediating pathways
Copiar o link

Use pathways to perform remediations on multiple systems at a time. You can select the affected systems from a list, and then remediate using Ansible playbooks or manual remediations.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console as a user who is a member of a User Access group with at least one of the following roles:

    • RHEL Advisor administrator
    • RHEL administrator
  • If you are using Red Hat Ansible Automation Platform playbooks for remediations, you need user access to Ansible Automation Platform.

Procedure

  1. Navigate to Operations > Advisor > Recommendations.
  2. Locate the pathway you want to remediate and click View Pathway.
  3. Select a recommendation to remediate, or click Systems to see a list of all of the affected systems.
  4. To view more information about each recommendation, expand the table row for the recommendation, or click the recommendation title and navigate to the Recommendation Details page.

  5. Select the systems you want to remediate, and then click Plan remediation.

    1. If the remediation requires an Ansible Automation Platform playbook, follow the steps in the Remediate with Ansible dialog box to create or select a playbook and select the systems to remediate.
    2. If the remediation requires manual remediation, follow the Steps to resolve procedure to perform the remediation on each of the selected systems.
Note

If the remediation shows System reboot is required, Ansible Automation Platform automatically reboots the affected system (or systems) after the remediation is complete.

6.4. Configuring notifications for advisor-service recommendations
Copiar o link

You can receive notifications of new available recommendations through the notifications service.

You can receive notifications for individual recommendations in a pathway, but not for the pathway itself. To view the pathway associated with a recommendation, log in to the Red Hat Hybrid Cloud Console.

Prerequisites

  • You are logged in to the Red Hat Hybrid Cloud Console as a user who is a member of a User Access group with at least one of the following roles:

    • RHEL Advisor administrator
    • RHEL administrator

Procedure

  1. Navigate to Settings > Notifications > Red Hat Enterprise Linux. The available behavior groups appear.
  2. Select an existing behavior group or create a new one.
  3. Click the Options menu icon (vertical dots) for the behavior group and select Edit. The Edit behavior group wizard appears.
  4. Review the behavior group name and click Next. The Actions and recipients page appears.
  5. Review the actions and recipients and click Next. The Associate event types page appears.
  6. Select New recommendation to add it to the behavior group. Click Next.
  7. Review the updated settings for the behavior group and click Finish.

Chapter 7. Deleting a system from Red Hat Lightspeed inventory
Copiar o link

You can delete a system from inventory so that the system is no longer visible in the Red Hat Lightspeed Inventory or in the systems list for the advisor service. The insights-client will be unregistered on the system and will no longer report data to Red Hat Lightspeed.

7.1. Delete a system from the Red Hat Satellite UI
Copiar o link

When you use Satellite to delete a system, you unregister the system from Satellite and remove the system from Red Hat Lightspeed system inventory.

Prerequisites

  • You have root permissions for the system you want to delete.
  • You are logged in to the Satellite web UI.

Procedure

  1. Navigate to Red Hat Lightspeed > Inventory.
  2. Select the system profile for the system that you want to remove.
  3. Click Actions > Unregister.

7.2. Delete using the Red Hat Lightspeed API
Copiar o link

Use this option only when the system has been destroyed or reinstalled. If you use the DELETE API without first unregistering it from the Red Hat Lightspeed client using Satellite, the deleted system will reappear in inventory the next time the client uploads data.

Prerequisites

  • You have root permissions on the system you want to delete.

Procedure

  1. Use the command line to get the list of system profiles from inventory. 

    # curl -k --user PORTALUSERNAME https://console.redhat.com/api/inventory/v1/hosts | json_pp > hosts.json

  2. If the json_pp command does not exist on the system, then install the perl-JSON-PP package. 

    # yum install perl-JSON-PP

  3. Get the ID of the system from the hosts.json file and confirm system details. For example, "id" : "f59716a6-5d64-4901-b65f-788b1aee25cc". 

    # curl -k --user PORTALUSERNAME https://console.redhat.com/api/inventory/v1/hosts/f59716a6-5d64-4901-b65f-788b1aee25cc

  4. Delete the system profile. 

    # curl -k --user PORTALUSERNAME -X "DELETE" https://console.redhat.com/api/inventory/v1/hosts/f59716a6-5d64-4901-b65f-788b1aee25cc

Chapter 8. Reference materials
Copiar o link

To learn more about Red Hat Lightspeed, see the following resources:

Providing feedback on Red Hat documentation
Copiar o link

Provide feedback on Red Hat documentation to report issues or request enhancements. Submit detailed feedback through the Red Hat Customer Portal to help improve documentation quality.

Prerequisites

  • You are logged in to the Red Hat Customer Portal.

Procedure

  1. Click the following link: Create Issue
  2. Describe the issue or enhancement in the Summary text box.
  3. Provide details about the issue or requested enhancement in the Description text box.
  4. Type your name in the Reporter text box.
  5. Click the Create button.

Results

This action creates a documentation ticket and routes it to the appropriate documentation team. Thank you for taking the time to give feedback.

Legal Notice
Copiar o link

Copyright © Red Hat.
Except as otherwise noted below, the text of and illustrations in this documentation are licensed by Red Hat under the Creative Commons Attribution–Share Alike 3.0 Unported license . If you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, the Red Hat logo, JBoss, Hibernate, and RHCE are trademarks or registered trademarks of Red Hat, LLC. or its subsidiaries in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
XFS is a trademark or registered trademark of Hewlett Packard Enterprise Development LP or its subsidiaries in the United States and other countries.
The OpenStack® Word Mark and OpenStack logo are trademarks or registered trademarks of the Linux Foundation, used under license.
All other trademarks are the property of their respective owners.
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2026 Red HatVoltar ao topo