In this video, we’re going to cover some of the integrations that Red Hat Satellite has with Insights and Ansible. We’re going to start this one off straight with a demo. But if you recall from earlier videos we have set up the Insights client and registered our hosts with Insights. Looking at the dashboard I can see here at the very beginning that I have two systems with critical issues. These are issues that Insights has detected are present on my hosts that need to be remediated.

I will click right on those two issues and get a little bit more detail. The two issues are listed as critical because the likelihood of hitting them is high. The impact is high. Thus the total risk is high. This affects both hosts in this environment. And Ansible playbooks are available for both of these, which means Insights has a playbook available to remediate this risk.

I’m going to click on the OpenSSH vulnerability to get a little bit more detail. Here’s the information about the vulnerability, the flaw, as well as the suggested remediation. It’s also worth noting that the risk of change is very low. To affect this, I’m going to click the Select All button so we can create a plan that remediates this risk on both of my hosts. On Actions, I’ll click Create a new Plan or Playbook. And I’ll create the new plan. And let’s call this critissues and click Save.

This particular issue has two different ways of remediating the risk. We can either update the OpenSSH server and restart the service. Or we can update the parameters in the SSHD config file and then hope that naturally the next time the service restarts, that’ll remediate the risk. On these particular hosts, that OpenSSH server, it’s okay for me to restart them so I’ll just take that default and click Save. I can change these settings later. 

So I have created a plan to remediate the risk on both of my hosts for this OpenSSH vulnerability. This is a risk that Insights has detected and this plan can remediate it with an Ansible playbook. If you’ll recall I had two critical vulnerabilities. So I could go through this process again and create a second plan, but I’m simply going to click Add Actions and I can review the list of vulnerabilities that have been detected. The other issue was this Dnsmasq issue. I’m going to open that up in a new tab and again, I can take a look and see more information about this vulnerability as well as the fix.

This information should contain everything that you need to file a change request in order to get this fixed. So again the risk of change is very low so I definitely want to address this. I close my tab, go back to my planner, and select this second critical vulnerability, and click Save. Now my plan critical issues has two different risks that it is remediating on both of my hosts.

I can click the Systems view and view this by the order of the systems. Or I can also take a look at the playbook that’s going to address these issues. Notice at the bottom there is a System reboot summary which tells me that this playbook does not require a system reboot. In order to go ahead and run this playbook, simply click the Run Playbook button. And that completed the remediation. 

If I scroll down the page, I can see an example of the playbook that was executed and from the Hosts view I can see the success for each host. I’ve only got two hosts that I ran this on but if I had 200, it would be the same. You can easily see the status and both of these were a success.

If I return to the dashboard, I’ll see that both of my systems with critical issues are fixed and I’m now reporting no critical issues. I do have additional security vulnerabilities that I can go through and fix in a similar manner. So this has taken a look at taking from within the Satellite UI. We’ve integrated with Insights. All of our hosts that detected risks have reported to the dashboard. We’ve looked at those risks and for many of them we have Ansible playbooks. Within Satellite we create an Insights plan to address the risk, remediating it with that Ansible playbook which was executed all through the Satellite UI. So that’s integrations with Satellite, Insights, and Ansible all in one place. This is a really great feature. And that is the end of this section. See you in the next video.