The rhsm.conf file is the configuration file for various subscription manager tooling. This includes subscription-manager, subscription-manager-gui, rhsmcertd, and virt-who.
The format of this file is a simple INI-like structure, with keys and values inside sections. Duplicated keys in sections are not allowed, and only the last occurrence of each key is actually used. Duplicated section names are not allowed.
The hostname of the subscription service being used. The default is the Red Hat Customer Portal which is subscription.rhsm.redhat.com. This default should not be retrofitted to previously installed versions. It should be incorporated as the default going forward.
Server prefix where the subscription service is registered.
The port which the subscription service is listening on.
This flag enables or disables entitlement server certification verification using the certificate authorities which are installed in /etc/rhsm/ca.
Sets the number of certificates which should be used to verify the servers identity. This is an advanced control which can be used to secure on premise installations.
Set this to a non-blank value to override the HTTP timeout in seconds. The default is 180 seconds (3 minutes).
Set this to a non-blank value if subscription-manager should use a reverse proxy to access the subscription service. This sets the host for the reverse proxy. Overrides hostname from HTTP_PROXY and HTTPS_PROXY environment variables. This value should not contain the scheme to be used with the proxy (e.g. http or https). To specify that use the proxy_scheme option.
This sets the scheme for the reverse proxy when writing out the proxy to repo definitions. Set this to a non-blank value if you want to specify the scheme used by your package manager for subscription-manager managed repos. This defaults to "http".
Set this to a non-blank value if subscription-manager should use a reverse proxy to access the subscription service. This sets the port for the reverse proxy. Overrides port from HTTP_PROXY and HTTPS_PROXY environment variables.
Please note that setting this to any value other than 3128 (depending on your SELinux configuration) will require an update to that policy.
To add a local policy:
# semanage port -a -t squid_port_t -p tcp <port number>
To change the system back to look at 3128 port, just remove the policy:
# semanage port -d -t squid_port_t -p tcp <port number>
Set this to a non-blank value if subscription-manager should use an authenticated reverse proxy to access the subscription service. This sets the username for the reverse proxy. Overrides username from HTTP_PROXY and HTTPS_PROXY environment variables.
Set this to a non-blank value if subscription-manager should use an authenticated reverse proxy to access the subscription service. This sets the password for the reverse proxy. Overrides password from HTTP_PROXY and HTTPS_PROXY environment variables.
Set this to a non-blank value if subscription-manager should not use a proxy for specific hosts. Format is a comma-separated list of hostname suffixes, optionally with port. '*' is a special value that means do not use a proxy for any host. Overrides the NO_PROXY environment variable.
This setting is the prefix for all content which is managed by the subscription service. This should be the hostname for the Red Hat CDN, the local Satellite or Capsule depending on your deployment. Prefix depends on the service type. For the Red Hat CDN, the full baseurl is https://cdn.redhat.com . For Satellite 6, the baseurl is https://HOSTNAME/pulp/repos , so for a hostname of sat6.example.com the full baseurl would be for example: https://sat6.example.com/pulp/repos .
The URL of the GPG key that was used to sign this repository's metadata. The specified GPG key will be used in addition to any GPG keys defined by the entitlement.
The location for the certificates which are used to communicate with the server and to pull down content.
The certificate to use for server side authentication during content downloads.
The directory where product certificates should be stored.
The directory where entitlement certificates should be stored.
The directory where the consumers identity certificate is stored.
Set this to 1 if subscription manager should manage a yum repos file. If set, it will manage the file /etc/yum.repos.d/redhat.repo. If set to 0 then the subscription is only used for tracking purposes, not content. The /etc/yum.repos.d/redhat.repo file will either be purged or deleted.
Set to 1 if the /etc/yum.repos.d/redhat.repo should be updated with every server command. This will make yum less efficient, but can ensure that the most recent data is brought down from the subscription service.
Set to 1 if rhsmcertd should report the system's current package profile to the subscription service. This report helps the subscription service provide better errata notifications. If supported by the entitlement server, enabled repos, enabled modules, and packages present will be reported. This configuration also governs package profile reporting when the "dnf uploadprofile" command is executed.
Set to 1 if the dnf/yum subscription-manager plugin should report the system's current package profile to the subscription service on execution of dnf/yum transactions (for example on package install). This report helps the subscription service provide better errata notifications. If supported by the entitlement server, enabled repos, enabled modules, and packages present will be reported. The report_package_profile option needs to also be set to 1 for this option to have any effect.
The directory to search for subscription manager plug-ins
The directory to search for plug-in configuration files
When this option is enabled, then yum/dnf plugins subscription-manager and product-id are enabled every-time subscription-manager or subscription-manager-gui is executed.
Inotify is used for monitoring changes in directories with certificates. Currently only the /etc/pki/consumer directory is monitored by the rhsm.service. When this directory is mounted using a network file system without inotify notification support (e.g. NFS), then disabling inotify is strongly recommended. When inotify is disabled, periodical directory polling is used instead.
The number of minutes between runs of the rhsmcertd daemon
The number of minutes between attempts to run auto-attach on this consumer.
1 to enable splay. 0 to disable splay. If enabled, this feature delays the initial auto attach and cert check by an amount between 0 seconds and the interval given for the action being delayed. For example if the certCheckInterval were set to 3 minutes, the initial cert check would begin somewhere between 2 minutes after start up (minimum delay) and 5 minutes after start up. This is useful to reduce peak load on the Satellite or entitlement service used by a large number of machines.
Set to 1 to disable rhsmcertd operation entirely.
Set to 1 to enabled automatic registration. Automatic registration can only work on virtual machines running in the public cloud. Currently three public cloud providers are supported: AWS, Azure and GCP. In order for rhsmcertd to perform automatic registration, please link your "Cloud ID" from your cloud provider to your "RHSM Organization ID" using https://cloud.redhat.com.
The number of minutes between attempts to run auto-registration on this system
The default log level for all loggers in subscription-manager, python-rhsm, and rhsmcertd. Note: Other keys in this section will override this value for the specified logger.
- MODULE_NAME[.SUBMODULE ...] = [log_level]
Logging can be configured on a module-level basis via entries of the format above where:
module_name is subscription_manager, rhsm, or rhsm-app.
submodule can be optionally specified to further override the logging level down to a specific file.
log_level is the log level to set the specified logger (one of: DEBUG, INFO, WARNING, ERROR, or CRITICAL).
Bryan Kearney <firstname.lastname@example.org>
subscription-manager(8), subscription-manager-gui(8), rhsmcertd(8)
Main web site: http://www.candlepinproject.org/
Copyright (c) 2010-2012 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.