This use case shows how Event Driven Automation can be integrated with Red Hat Insights.
Using native integration, it is possible to configure Event Driven Automation destination.
Note that you will need a public reachable URL/IP to be able to receive events coming from Insights.
You can use ngrok to set-up a temporary public address to use for the use case. Follow the instructions on the site to get a free address to use for your EDA Controller machine.
The easiest way is to create an account on their website, download the client and install it as a systemd service on your EDA Controller host. By creating an account you ensure you are able to use all the basic features that are needed to run the integration.
To config Red Hat Insights for EDA integration, from the Red Hat Insights Dashboard:
- go on Configure Integrations and add a new integration:
- Fill the fields ensuring you use the same value you will assign to the insights_integration_token (defaults to: redhatinsightstoken) as the Secret token to match the rulebook configuration.
Now configure the notifications, to do so:
- Go on the Notification Settings
- Create a new notification Group that uses the Integration: Event-Driven Ansible created before at point 2) and notifies about ALL the events:
Verify from the Integrations Settings that the connection is successful.
Before running the configuration, ensure you follow the instructions to create a Service Now instance. It will take just a few minutes to register and have your instance up and running.
Configure the following variables in the common variables file with your Red Hat Credentials and Service Now Credentials, as they will be used to configure them on the AAP2 Controller to interact with Insights and SNOW:
aap2_controller_host:
aap2_controller_username:
aap2_controller_password:
eda_controller_url:
eda_controller_user:
eda_controller_password:
rhsm_account_username:
rhsm_account_password:
insights_integration_token:
servicenow_instance_url:
servicenow_instance_user:
servicenow_instance_password:
You can delete the unused vars.
The use case comes with a pre-configured set of playbooks, credentials and rulebooks that you can use, to create them, from the repository root:
cd eda-demo-setup
ansible-playbook configure-use-case.yml -e @use-cases/use-case-insights-setup.ymlThis use case will react to a Red Hat Insights advisory event. The advisory for a system will report all known issues affecting a systems, any related CVE and resolution. Once triggered, the job template will:
- Receive the information from the Red Hat Insights event
- Retrieve the list of remediation for the system
- Generate remediation playbooks for the system-
- Ensure a Red Hat Insights project and a Red Hat Insights credential exists in the AAP2 controller
- Generate a workflow Template with the playbook recommendation
- Execute it on the affected system(s)
On any RHEL system, run the following command to trigger registration on Red Hat Insights:
sudo insights-client --registerIf any security advisory is available for the machine, on AAP Controller, it will use a Job Template called [EDA] Insights - Handle Advisories that will handle the advisory event, generating a remediation and executing it against the system.
On the Controller, it will create a Workflow with Approval for advisories that need a reboot when installed and without approval for those that don't need approvals.
The setup will configure a playbook you can use to simulate a recommendation on Insights, in our case it will trigger a suggestion to disable SSH Root Login on a RHEL machine.
In order to replicate this use case, you will need to:
- have a RHEL Machine up and running
- a service user with sudo privileges on the machine with sysadmin/redhat credentials
- edit the inventory accordingly
The machine needs to be reachable from the EDA Controller.
On AAP Controller, run [EDA] Insights - Generate recommendation job template on your RHEL machine to generate the recommendation, it will configure PermitRootLogin, and wait a few seconds before the event is triggered and handled.
The setup will configure a job template on AAP to simulate malware on a RHEL machine, named The EDA rulebook detects a malware event and reports information in a Service Now Incident for further investigation.
- have a RHEL Machine up and running
- a service user with sudo privileges on the machine with sysadmin/redhat credentials
- edit the inventory accordingly
- a Service Now instance
On AAP Controller execute the following actions:
- Run "[EDA] Insights - Configure Malware Detection" job template, that will configure malware detection with Insights on the RHEL machine
- When malware detection is configured, run "[EDA] Insights - Trigger Malware" on your machine to trigger malwared detection, and wait a few seconds before the event is triggered and handled.