rhsmcertd man page

rhsmcertd — Periodically scans and updates the entitlement certificates on a registered system.

Synopsis

rhsmcertd [--cert-check-interval=MINUTES] [--auto-attach-interval=MINUTES] [--now] [--debug] [--help]

Deprecated usage

rhsmcertd [certInterval autoattachInterval]

Description

Red Hat provides content updates and support by issuing subscriptions for its products. These subscriptions are applied to systems (machines). Red Hat Subscription Manager is a tool which allows administrators to manage those subscriptions by registering systems and people, applying subscriptions, and viewing subscriptions.

When subscriptions are applied to a system or when new subscriptions are available, the subscription management system issues that machine an X.509 certificate which contains all of the details of that subscription. The rhsmcertd process runs periodically to check for changes in the subscriptions available to a machine by updating the entitlement certificates installed on the machine and by installing new entitlement certificates as they're available.

At a defined interval, the process checks with the subscription management service to see if any new subscriptions are available to the system. If there are, it pulls in the associated subscription certificates. If any subscriptions have expired and new subscriptions are available, then the rhsmcertd process will automatically request those subscriptions.

This rhsmcertd process invokes the rhsmcertd-worker.py script to perform the certificate add and update operations.

Both the certificate interval and the auto-attach interval are configurable and can be reset through the rhsmcertd daemon itself or by editing the Subscription Manager /etc/rhsm/rhsm.conf file.

rhsmcertd is started with the machine, by default, and is always running in the background.

Options

-h, --help
Prints the specific help information for the given command.
-d, --debug
Records more verbose output to the /var/log/rhsm/rhsmcertd.log log file.
-n, --now
Runs the rhsmcertd scan immediately, rather than waiting for the next scheduled interval.
-c, --cert-check-interval=MINUTES
Resets the interval for checking for new subscription certificates. This value is in minutes. The default is 240, or four hours. This interval is in effect until the daemon restarts, and then the values in the /etc/rhsm/rhsm.conf file are used (unless the argument is passed again).
-i, --auto-attach-interval=MINUTES
Resets the interval for checking for and replacing expired subscriptions. This value is in minutes. The default is 1440, or 24 hours. This interval is in effect until the daemon restarts, and then the values in the /etc/rhsm/rhsm.conf file are used (unless the argument is passed again).

Usage Examples

NOTE
Be sure to stop the running rhsmcertd daemon before making any configuration changes, or the new configuration is not applied.

Resetting the Certificate Scan Interval

service rhsmcertd stop
rhsmcertd --cert-check-interval=240

Running Certificate and Healing Scans Immediately

Normally, the certificate and auto-attach scans are run periodically, on a schedule defined in the rhsmcertd configuration. The scans can be run immediately -- which is useful if an administrator knows that there are new subscriptions available -- and then the scans resume their schedules.

service rhsmcertd stop
rhsmcertd -n

Deprecated Usage

rhsmcertd used to allow the certificate and auto-attach intervals to be reset simply by passing two integers as arguments.

rhsmcertd certInterval autoAttachInterval

For example:

service rhsmcertd stop
rhsmcertd 180 480

This usage is still allowed, but it is deprecated and not recommended.

Associated Files

* /usr/share/rhsm/certmgr.py

* /etc/rhsm/rhsm.conf

* /var/log/rhsm/rhsmcertd.log

Bugs

This daemon is part of Red Hat Subscription Manager. To file bugs against this daemon, go to https://bugzilla.redhat.com, and select Red Hat > Red Hat Enterprise Linux > subscription-manager.

Authors

Deon Lackey, <dlackey@redhat.com> and Jeff Ortel, <jortel@redhat.com>. rhsmcertd was written by Jeff Ortel.

Referenced By

rhsmcertd_selinux(8), rhsm.conf(5).

Subscription Management