rhsmcertd [--cert-check-interval=MINUTES] [--auto-attach-interval=MINUTES] [--auto-registration-interval] [--no-splay] [--now] [--auto-registration] [--debug] [--help]
rhsmcertd [certInterval autoattachInterval]
Red Hat provides content updates and support by issuing subscriptions for its products. These subscriptions are applied to systems (machines). Red Hat Subscription Manager is a tool which allows administrators to manage those subscriptions by registering systems and people, applying subscriptions, and viewing subscriptions.
When subscriptions are applied to a system or when new subscriptions are available, the subscription management system issues that machine an X.509 certificate which contains all of the details of that subscription. The rhsmcertd process runs periodically to check for changes in the subscriptions available to a machine by updating the entitlement certificates installed on the machine and by installing new entitlement certificates as they're available.
At a defined interval, the process checks with the subscription management service to see if any new subscriptions are available to the system. If there are, it pulls in the associated subscription certificates. If any subscriptions have expired and new subscriptions are available, then the rhsmcertd process will automatically request those subscriptions. By default, the initial auto-attach is delayed by a random amount of seconds from zero to the autoAttachInterval. The initial cert check is delayed by a random amount of seconds from zero to certCheckInterval.
This rhsmcertd process can also perform automatic registration, when VM is running in the public cloud. Three public cloud providers are supported: AWS, Azure and GCP. When it is desired to perform automatic registration by rhsmcertd, then it is also necessary to configure mapping of "Cloud ID" to "RHSM organization ID" on https://cloud.redhat.com.
This rhsmcertd process invokes the rhsmcertd-worker.py script to perform the certificate add and update operations.
Both the certificate interval and the auto-attach interval are configurable and can be reset through the rhsmcertd daemon itself or by editing the Subscription Manager /etc/rhsm/rhsm.conf file.
rhsmcertd is started with the machine, by default, and is always running in the background.
- -h, --help
Prints the specific help information for the given command.
- -d, --debug
Records more verbose output to the /var/log/rhsm/rhsmcertd.log log file.
- -n, --now
Runs the rhsmcertd scan immediately, rather than waiting for the next scheduled interval.
- -c, --cert-check-interval=MINUTES
Resets the interval for checking for new subscription certificates. This value is in minutes. The default is 240, or four hours. This interval is in effect until the daemon restarts, and then the values in the /etc/rhsm/rhsm.conf file are used (unless the argument is passed again).
- -i, --auto-attach-interval=MINUTES
Resets the interval for checking for and replacing expired subscriptions. This value is in minutes. The default is 1440, or 24 hours. This interval is in effect until the daemon restarts, and then the values in the /etc/rhsm/rhsm.conf file are used (unless the argument is passed again).
- -r, --auto-registration-interval=MINUTES
Resets the interval for automatic registration. This value is in minutes. The default is 60, or 1 hour. This interval is in effect until the daemon restarts, and then the values in the /etc/rhsm/rhsm.conf file are used (unless the argument is passed again).
- -s, --no-splay
If present this option disables the splay feature entirely. When not present the value of "splay" from the /etc/rhsm/rhsm.conf file is used to determine whether the splay feature is on ("1") or off ("0").
- -a, --auto-registration
If present this option enable automatic registration. When not present the value of "auto_registration" from the /etc/rhsm/rhsm.conf file is used to determine whether the automatic registration feature is on ("1") or off ("0").
Be sure to stop the running rhsmcertd daemon before making any configuration changes, or the new configuration is not applied.
Resetting the Certificate Scan Interval
service rhsmcertd stop rhsmcertd --cert-check-interval=240
Running Certificate and Healing Scans Immediately
Normally, the certificate and auto-attach scans are run periodically, on a schedule defined in the rhsmcertd configuration. The scans can be run immediately -- which is useful if an administrator knows that there are new subscriptions available -- and then the scans resume their schedules.
service rhsmcertd stop rhsmcertd -n
rhsmcertd used to allow the certificate and auto-attach intervals to be reset simply by passing two integers as arguments.
rhsmcertd certInterval autoAttachInterval
service rhsmcertd stop rhsmcertd 180 480
This usage is still allowed, but it is deprecated and not recommended.
This daemon is part of Red Hat Subscription Manager. To file bugs against this daemon, go to https://bugzilla.redhat.com, and select Red Hat > Red Hat Enterprise Linux > subscription-manager.
Deon Lackey, <firstname.lastname@example.org> and Jeff Ortel, <email@example.com>. rhsmcertd was written by Jeff Ortel.
Copyright (c) 2010-2012 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.