Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 1. Remediations overview
After identifying the highest remediation priorities in your Red Hat Enterprise Linux (RHEL) infrastructure, you can create remediation plans to fix those issues.
1.1. About remediations
Remediations enables you to address the following topics on your connected RHEL systems:
- Advisor recommendations
- Content advisories
- Vulnerability CVEs
- Failed compliance rules found by Red Hat Lightspeed
You can remediate a single issue or a related group of issues by using a pathway in Red Hat Lightspeed. Pathways group multiple advisor recommendations under common actions for better efficiency. For more information, see Remediating pathways.
For some issues, Red Hat Lightspeed provides several different remediation paths.
When you create a remediation plan, Red Hat Lightspeed generates an Ansible Playbook to implement the required remediation actions and apply any required patches on affected systems in your RHEL infrastructure.
Some issues require a manual fix and cannot be resolved by creating a remediation plan. You can determine whether it’s possible to remediate a problem with an Ansible Playbook by checking the Resolution type value of the issue or recommendation.
1.2. Remediation types
In Red Hat Lightspeed, an issue or recommendation for remediation can be one of the following two types:
- Manual: Red Hat Lightspeed provides the manual remediation steps needed to fix or address all issues and recommendations, including whether the system requires a reboot for the remediation to take effect.
- Playbook: For many issues, Red Hat Lightspeed also provides a pre-built remediation playbook that automates the required resolution steps. You can download the playbook and run it externally in your Ansible Playbooks environment.
1.3. Red Hat Lightspeed remediations workflow
You can use the following outline of a remediations workflow to design how you will create and execute a remediation plan.
Choose an issue or recommendation
- Choose an issue or recommendation that Red Hat Lightspeed has detected on one or more of your RHEL systems.
Review the recommended resolution path
- Determine which versions of RHEL are affected and whether or not a playbook is available. You can only create a remediation plan in Red Hat Lightspeed if a pre-built playbook exists.
Decide which RHEL systems to remediate
After you review the recommended resolution steps and determine if a playbook is available to remediate the issue, choose which systems to include in the plan.
ImportantTo create a remediation plan for a group of systems, you must ensure that all systems in the group are running the same RHEL major and minor versions so that the resolution applied by the Red Hat Lightspeed-generated playbook is compatible.
Create a remediation plan
The wizard in the Red Hat Lightspeed UI can help you create a remediation plan that you can access from the advisor, compliance, vulnerability, and patch service pages.
To start the wizard and create a remediation plan, click Plan remediation after you select at least one system and one issue or recommendation for remediation. You can also create a remediation plan from the details page of a system, as long as Red Hat Lightspeed has detected issues that impact the system.
1.4. Prerequisites for remediations
To create and execute remediation plans, you must meet the following criteria:
- Subscription
- Red Hat Lightspeed is included with every RHEL subscription. No additional subscriptions are required to use Red Hat Lightspeed remediation features.
- User access role
- By default, all Red Hat Lightspeed users automatically have access to read, create, and manage remediation plans.
1.5. Manage user permissions for Red Hat Lightspeed services
Manage user permissions to control access to Red Hat Lightspeed applications. Use the User Access feature to apply role-based access control (RBAC). Red Hat provides predefined groups and a set of predefined roles to make it easier for Organization Administrators to assign, restrict, and remove user permissions to Red Hat Lightspeed.
1.5.1. User Access overview
Understand how the role-based access control (RBAC) User Access feature of the Red Hat Hybrid Cloud Console manages user permissions through roles instead of individual user assignments. User Access simplifies permission management by assigning specific permissions to roles, which can then be assigned to user groups.
You can also create custom groups and roles to provide more fine-tuned control over specific features of Red Hat Lightspeed to suit the needs of your organization.
If you are an Organization Administrator, you can use the User Access feature under Identity & Access Management in the Hybrid Cloud Console to:
- Control user permissions and organize roles.
- Create groups that include roles and their corresponding permissions.
- Assign users to these groups, allowing them to inherit the permissions associated with their group’s roles.
All users on your account have access to most of the data in Red Hat Lightspeed.
1.5.2. Predefined groups in User Access
Understand the two predefined groups available in User Access: Default access and Default admin access. Create custom groups to align permissions with specific personas, job functions, or teams in your organization.
- The Default access group
- By default, the Default access group is assigned many granular predefined roles, so that group members have basic visibility. Because all users in your organization are members of the Default access group, they inherit all permissions assigned to that group. The Default access group is automatically updated by Red Hat.
If your Organization Administrator modifies the Default access group, the group is automatically renamed to Custom default access. Once converted, this group is no longer automatically updated by Red Hat.
- The Default admin access group
- The Default admin access group contains only users who have Organization Administrator permissions. This group is automatically maintained, and users and roles in this group cannot be changed.
The Default admin access group includes many (but not all) predefined roles that provide update and delete permissions. The roles in this group usually include administrator in their names.
For a list of explicitly defined roles that are included in the Default access and Default admin access groups, log in to the Hybrid Cloud Console, go to Groups and select the respective group.
1.5.3. Predefined roles assigned to groups
Understand how predefined roles in Red Hat Hybrid Cloud Console bundle permissions across multiple Red Hat Lightspeed applications to align with common user personas. Use predefined roles to reduce administrative effort, or create custom roles for more fine-tuned control over specific features.
The predefined roles are a starting point to help you to control and manage user permissions. You can then use these roles to create custom roles that are tailored to your specific use cases and organization. For example, you can use the predefined granular roles to create custom roles that provide more fine-tuned control over specific features of Red Hat Lightspeed.
Across the Red Hat Lightspeed product documentation, the Prerequisites section for each procedure lists which predefined roles provide the permissions needed to use the features in that procedure. For example, if a procedure requires permissions to view and manage remediations, the Prerequisites section for that procedure lists the Remediations administrator or other valid role as a recommended predefined role to use for that procedure.
1.5.4. Check your permissions
Verify your current permissions and the roles or groups assigned to you in the Red Hat Hybrid Cloud Console. Check your permissions to troubleshoot access issues or understand your level of access to Red Hat Lightspeed applications.
Only users with the Organization Administrator role can view the permissions of other users in the User Access settings and manage user permissions to Red Hat Lightspeed services. For more information, see the Configure user permissions section.
Prerequisites
- You are logged in to the Red Hat Hybrid Cloud Console.
Procedure
- In the Hybrid Cloud Console, click the Settings icon (⚙), then navigate to My User Access.
- If you try to access Red Hat Lightspeed features and see a message that you do not have permission to perform this action, contact your Organization Administrator or a user with the User Access administrator role to request the permissions required to access those features and complete the actions you want to perform.
Results
All of the applications that you have permissions to access are listed on this page and are grouped by product, for example, RHEL, OpenShift Container Platform, and Ansible Automation Platform.
You can also filter your permissions by application, for example, by advisor, cost management, inventory, and remediations.
1.5.5. Configure user permissions
If you are an Organization Administrator, you can view and manage user permissions for all users in your organization. Control access to Red Hat Lightspeed and other Red Hat Hybrid Cloud Console services through the User Access interface.
If you are not an Organization Administrator, you will be unable to complete this task. However, you can check your own permissions for different applications by navigating to My User Access. Contact your Organization Administrator to request more permissions.
Prerequisites
- You have logged in to the Red Hat Hybrid Cloud Console as an Organization Administrator, or you have the required administrator User Access role permissions.
Procedure
- In the Hybrid Cloud Console, click the Settings icon (⚙), then navigate to Identity & Access Management > User Access.
Results
From here, you can create and manage:
1.5.6. User Access roles for permissions to create and execute remediation plans
Understand the predefined roles that control permissions to view, create, and execute remediation plans on your RHEL systems. Use these role definitions to assign appropriate permissions to users based on their responsibilities.
To remediate issues on your RHEL systems, become familiar with the roles that provide the required access permissions for creating, managing, and executing remediation plans in Red Hat Lightspeed.
The following User Access roles provide standard or enhanced access to remediation features in Red Hat Lightspeed:
| User Access role | Grants permissions to … | Included in the Default access group |
|---|---|---|
| Remediations administrator |
| |
| Remediations user |
| X |
The Remediations user role enables standard or enhanced access to remediations features in Red Hat Lightspeed. The Remediations user role is included in the Default access group and permits access to view existing remediation plans and to create new plans. Remediations users cannot execute remediation plans on systems.
For more information about user access and permissions, see User Access configuration guide for role-based access control (RBAC) with FedRAMP.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}