Hello Guys,
While working i got a request that client want to patch the rhel servers with a specific CVES not the whole and at last they want to reboot the system as well so i have work on it and come to know its a very straight forward flow where i can build the playbook in a insights and patch it using ansible
Login into the insights and make sure your system which you are planning to patch is registered with insights and move to security --> Vulnerability --> systems here you will find the list of system which you are planning to patch
select the system and you will see the list of CVEs you can select the cves and click on plan remediation
a dialog box will open you can select the existing playbook or you can select new playbook and click next for couple of time and your playbook is ready
now you need to create a project in Ansible of type insights
Once done you have your playbook is downloaded and ready to patch create a template just shown in the picture and you are all set just make sure name of host in your inventory in ansible and name of server in the insight show be the same
when you will run it you will be able to see the same CVE get getting patch on your rhel machine
and its not only batch but also rebooted the system and its also informing the insight using insights client utility which all patches are applied in the system so insights based on this info remove the CVEs for that system.
No comments:
Post a Comment