Skip to main content

Simplifying Patch Management | Modernizing RHEL Management 03

This week we tackled the thing every sysadmin does constantly: patching. John showed how Insights helps you manage advisories across a whole RHEL fleet, control what content is installable with patch templates, and turn a fix into a signed Ansible playbook you can run without ever leaving the console. We even watched new patches land live mid-demo, which is exactly how patching feels in the real world.

A few things worth carrying away from this one:

  • Patch templates give you content control. By setting a template to a specific date, I could see advisories flagged as applicable but not installable, which mirrors how I used to hold back untested patches until a QA cycle cleared them.
  • You can work backward from an advisory. When something drops, you can open the advisory, see every affected system, and export the list to CSV or JSON. That beats the RPM-and-cut-and-paste reporting I used to do host by host.
  • Remediation playbooks are signed on purpose. John stressed that you cannot inject your own code into these playbooks. That signature is there so Insights never becomes a man-in-the-middle vector, and running them requires an explicitly granted remediations role.

If you want to schedule these or add pre and post steps, that is where Ansible Automation Platform or Satellite come in. Insights keeps the generated playbooks locked down for a reason.