Insights Remediations

Insights Remediations is a generator of Ansible playbooks that remediate issues discovered by Red Hat Insights.

Insights Remediations supports the following types of remediations:

1. Rule-based

   This remediation type is used by Insights. Templates from insights-playbooks repository are used. See project wiki for more details.

2. CVE-based

   This remediation type is used by the Vulnerability application. A single generic template, which remediates the given set of CVEs by upgrading relevant packages, is used.

3. Erratum-based

   This remediation type is used by the System Patch Manager application. A single generic template, which remediates the given set of erratum by upgrading relevant packages, is used.

4. SCAP Security Guide (SSG)

   This remediation type is used by the Compliance application. Templates from SCAP Security Guide are used.

Documentation

• API Documentation
• Analysis and Design document
• Insights Playbooks Wiki

Getting started

Prerequisities

• node.js 16

Running the application locally

1. docker-compose -f build/docker-compose.yml up
2. open http://localhost:9002

Local development

1. docker-compose -f build/docker-compose.yml up db
2. docker-compose -f build/docker-compose.yml up redis
3. npm ci
4. npm run db:ims
5. npm start
6. open http://localhost:9002

To use the demo database seeder, prepend DEMO_MODE=true to each of the above commands.

Running tests

Database container has to be running as a prerequisite for tests:

docker-compose -f build/docker-compose.yml up db

To run the linter, unit and integration tests run:

npm run verify

To run a single test run:

npm test <path-to-test-file>

Running RBAC and Kessel

To develop with RBAC and Kessel for permissions and access features you will need the inventory-api repository which implements a common inventory system with eventing.

• Clone https://github.com/project-kessel/inventory-api
• Run make inventory-up

Configuration

Application configuration can be changed using environmental variables.

Feature Flags

The application supports feature flags via Unleash. In Clowder-managed environments, the Unleash connection is automatically configured. For local development, you can configure it manually.

Environment Variable	Description	Default
FEATURE_FLAGS_ENABLED	Enable Unleash feature flags integration	false
FEATURE_FLAGS_HOST	Unleash API URL (auto-configured by Clowder)	``
FEATURE_FLAGS_TOKEN	Unleash client access token (auto-configured by Clowder)	``
FEATURE_FLAGS_APP_NAME	Application name for Unleash client identification	remediations
FEATURE_FLAGS_REFRESH_INTERVAL	Interval in ms to poll Unleash for flag updates	15000
FEATURE_FLAGS_METRICS_INTERVAL	Interval in ms to send metrics to Unleash	60000
FEATURE_FLAGS_IMPL	Set to mock to use mock implementation for testing	``

Usage in code:

const featureFlags = require('./connectors/featureFlags');

// Check if a feature is enabled
if (featureFlags.isEnabled('my-feature', { userId: '123' })) {
    // feature is enabled
}

// Get a variant
const variant = featureFlags.getVariant('my-feature');

Troubleshooting

If your local database isn't updating, or it's not running as expected, run this command to remove old containers:

docker-compose -f build/docker-compose.yml rm -vf

Then, rebuild the image:

docker-compose -f build/docker-compose.yml build

Releases

Upon any change in the master branch the branch is tested, an image is built and deployed in CI and QA environments automatically. This process is controlled by the deployment Jenkinsfile.

The image can then be promoted to production using a Jenkins job. Use the git commit SHA as the REVISION when running the job.

Contact

For questions or comments join #platform-data-pipeline-standup at ansible.slack.com.