rhsm.conf - Man Page
Configuration file for the subscription-manager tooling
Description
The rhsm.conf file is the configuration file for various subscription manager tooling. This includes subscription-manager, subscription-manager-gui, rhsmcertd, and virt-who.
The format of this file is a simple INI-like structure, with keys and values inside sections. Duplicated keys in sections are not allowed, and only the last occurrence of each key is actually used. Duplicated section names are not allowed.
[Server] Options
- hostname
The hostname of the subscription service being used. The default is the Red Hat Customer Portal which is subscription.rhsm.redhat.com. This default should not be retrofitted to previously installed versions. It should be incorporated as the default going forward.
- prefix
Server prefix where the subscription service is registered.
- port
The port which the subscription service is listening on.
- insecure
This flag enables or disables entitlement server certification verification using the certificate authorities which are installed in /etc/rhsm/ca.
- server_timeout
Set this to a non-blank value to override the HTTP timeout in seconds. The default is 180 seconds (3 minutes).
- proxy_hostname
Set this to a non-blank value if subscription-manager should use a proxy to access the subscription service. This sets the host for the proxy. Overrides hostname from HTTP_PROXY and HTTPS_PROXY environment variables. This value should not contain the scheme to be used with the proxy (e.g. http or https). To specify that use the proxy_scheme option.
- proxy_scheme
This only sets the scheme for the proxy when writing out the proxy to repo definitions. Set this to a non-blank value if you want to specify the scheme used by your package manager for subscription-manager managed repos. This defaults to "http".
Note: subscription-manager tooling does not use this option for connecting proxy and HTTPS is always used.
- proxy_port
Set this to a non-blank value if subscription-manager should use a proxy to access the subscription service. This sets the port for the proxy. Overrides port from HTTP_PROXY and HTTPS_PROXY environment variables.
Please note that setting this to any value other than 3128 (depending on your SELinux configuration) will require an update to that policy.
To add a local policy:
# semanage port -a -t squid_port_t -p tcp <port number>
To change the system back to look at 3128 port, just remove the policy:
# semanage port -d -t squid_port_t -p tcp <port number>
- proxy_username
Set this to a non-blank value if subscription-manager should use an authenticated proxy to access the subscription service. This sets the username for the proxy. Overrides username from HTTP_PROXY and HTTPS_PROXY environment variables.
- proxy_password
Set this to a non-blank value if subscription-manager should use an authenticated proxy to access the subscription service. This sets the password for the proxy. Overrides password from HTTP_PROXY and HTTPS_PROXY environment variables.
- no_proxy
Set this to a non-blank value if subscription-manager should not use a proxy for specific hosts. Format is a comma-separated list of hostname suffixes, optionally with port. '*' is a special value that means do not use a proxy for any host. Overrides the NO_PROXY environment variable.
[Rhsm] Options
- baseurl
This setting is the prefix for all content which is managed by the subscription service. This should be the hostname for the Red Hat CDN, the local Satellite or Capsule depending on your deployment. Prefix depends on the service type. For the Red Hat CDN, the full baseurl is https://cdn.redhat.com . For Satellite 6, the baseurl is https://HOSTNAME/pulp/repos , so for a hostname of sat6.example.com the full baseurl would be for example: https://sat6.example.com/pulp/repos .
- repomd_gpg_url
The URL of the GPG key that was used to sign this repository's metadata. The specified GPG key will be used in addition to any GPG keys defined by the entitlement.
- ca_cert_dir
The location for the certificates which are used to communicate with the server and to pull down content.
- repo_ca_cert
The certificate to use for server side authentication during content downloads.
- productCertDir
The directory where product certificates should be stored.
- entitlementCertDir
The directory where entitlement certificates should be stored.
- consumerCertDir
The directory where the consumers identity certificate is stored.
- manage_repos
Set this to 1 if subscription manager should manage a yum repos file. If set, it will manage the file /etc/yum.repos.d/redhat.repo. If set to 0 then the subscription is only used for tracking purposes, not content. The /etc/yum.repos.d/redhat.repo file will either be purged or deleted.
- full_refresh_on_yum
Set to 1 if the /etc/yum.repos.d/redhat.repo should be updated with every server command. This will make yum less efficient, but can ensure that the most recent data is brought down from the subscription service.
- report_package_profile
Set to 1 if rhsmcertd should report the system's current package profile to the subscription service. This report helps the subscription service provide better errata notifications. If supported by the entitlement server, enabled repos, enabled modules, and packages present will be reported. This configuration also governs package profile reporting when the "dnf uploadprofile" command is executed.
- package_profile_on_trans
Set to 1 if the dnf/yum subscription-manager plugin should report the system's current package profile to the subscription service on execution of dnf/yum transactions (for example on package install). This report helps the subscription service provide better errata notifications. If supported by the entitlement server, enabled repos, enabled modules, and packages present will be reported. The report_package_profile option needs to also be set to 1 for this option to have any effect.
- pluginDir
The directory to search for subscription manager plug-ins
- pluginConfDir
The directory to search for plug-in configuration files
- auto_enable_yum_plugins
When this option is enabled, then yum/dnf plugins subscription-manager and product-id are enabled every-time subscription-manager or subscription-manager-gui is executed.
- inotify
Inotify is used for monitoring changes in directories with certificates. Currently only the /etc/pki/consumer directory is monitored by the rhsm.service. When this directory is mounted using a network file system without inotify notification support (e.g. NFS), then disabling inotify is strongly recommended. When inotify is disabled, periodical directory polling is used instead.
- progress_messages
Set to 0 to disable progress reporting. When subscription-manager waits while fetching certificates or updating user information, it writes temporary informational messages to the standard output. This feature may not be desired in some situations, changing this option prevents those messages from being displayed.
[Rhsmcertd] Options
- certCheckInterval
The number of minutes between runs of the rhsmcertd daemon
- autoAttachInterval
The number of minutes between attempts to run auto-attach on this consumer.
splay
1 to enable splay. 0 to disable splay. If enabled, this feature delays the initial auto attach and cert check by an amount between 0 seconds and the interval given for the action being delayed. For example if the certCheckInterval were set to 3 minutes, the initial cert check would begin somewhere between 2 minutes after start up (minimum delay) and 5 minutes after start up. This is useful to reduce peak load on the Satellite or entitlement service used by a large number of machines.
- disable
Set to 1 to disable rhsmcertd operation entirely.
- auto_registration
Set to 1 to enable automatic registration. Automatic registration can only work on virtual machines running in the public cloud. Currently three public cloud providers are supported: AWS, Azure and GCP. In order for rhsmcertd to perform automatic registration, please link your "Cloud ID" from your cloud provider to your "RHSM Organization ID" using https://cloud.redhat.com.
- auto_registration_interval
The number of minutes between attempts to run auto-registration on this system
[Logging] Options
- default_log_level
The default log level for all loggers in subscription-manager, python-rhsm, and rhsmcertd. Note: Other keys in this section will override this value for the specified logger.
- MODULE_NAME[.SUBMODULE ...] = [log_level]
Logging can be configured on a module-level basis via entries of the format above where:
module_name is subscription_manager, rhsm, or rhsm-app.
submodule can be optionally specified to further override the logging level down to a specific file.
log_level is the log level to set the specified logger (one of: DEBUG, INFO, WARNING, ERROR, or CRITICAL).
Author
Bryan Kearney <bkearney@redhat.com>
See Also
subscription-manager(8), subscription-manager-gui(8), rhsmcertd(8)
Resources
Main web site: http://www.candlepinproject.org/
Copying
Copyright (c) 2010-2012 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.