NAME¶
rhsm.conf - Configuration file for the subscription-manager
tooling
DESCRIPTION¶
The rhsm.conf file is the configuration file for various
subscription manager tooling. This includes subscription-manager,
subscription-manager-gui, rhsmcertd, and virt-who.
[SERVER] OPTIONS¶
hostname
The hostname of the subscription service being used. The
default is the Red Hat Customer Portal which is subscription.rhsm.redhat.com.
This default should not be retrofitted to previously installed versions. It
should be incorporated as the default going forward.
prefix
Server prefix where the subscription service is
registered.
port
The port which the subscription service is listening
on.
insecure
This flag enables or disables entitlement server
certification verification using the certificate authorities which are
installed in /etc/rhsm/ca.
ssl_verify_depth
Sets the number of certificates which should be used to
verify the servers identity. This is an advanced control which can be used to
secure on premise installations.
server_timeout
Set this to a non-blank value to override the HTTP
timeout in seconds. The default is 180 seconds (3 minutes).
proxy_hostname
Set this to a non-blank value if
subscription-manager should use a reverse proxy to access the
subscription service. This sets the host for the reverse proxy. Overrides
hostname from HTTP_PROXY and HTTPS_PROXY environment variables.
This value should not contain the scheme to be used with the proxy
(e.g. http or https). To specify that use the proxy_scheme
option.
proxy_scheme
This sets the scheme for the reverse proxy when writing
out the proxy to repo definitions. Set this to a non-blank value if you want
to specify the scheme used by your package manager for subscription-manager
managed repos. This defaults to "http".
proxy_port
Set this to a non-blank value if
subscription-manager should use a reverse proxy to access the
subscription service. This sets the port for the reverse proxy. Overrides port
from
HTTP_PROXY and
HTTPS_PROXY environment variables.
Please note that setting this to any value other than 3128
(depending on your SELinux configuration) will require an update to that
policy.
To add a local policy:
# semanage port -a -t squid_port_t -p tcp <port number>
To change the system back to look at 3128 port, just remove the
policy:
# semanage port -d -t squid_port_t -p tcp <port number>
proxy_username
Set this to a non-blank value if
subscription-manager should use an authenticated reverse proxy to
access the subscription service. This sets the username for the reverse proxy.
Overrides username from HTTP_PROXY and HTTPS_PROXY environment
variables.
proxy_password
Set this to a non-blank value if
subscription-manager should use an authenticated reverse proxy to
access the subscription service. This sets the password for the reverse proxy.
Overrides password from HTTP_PROXY and HTTPS_PROXY environment
variables.
no_proxy
Set this to a non-blank value if
subscription-manager should not use a proxy for specific hosts. Format
is a comma-separated list of hostname suffixes, optionally with port. '*' is a
special value that means do not use a proxy for any host. Overrides the
NO_PROXY environment variable.
[RHSM] OPTIONS¶
baseurl
This setting is the prefix for all content which is
managed by the subscription service. This should be the hostname for the Red
Hat CDN, the local Satellite or Capsule depending on your deployment. Prefix
depends on the service type. For the Red Hat CDN, the full
baseurl is
https://cdn.redhat.com . For Satellite 6, the baseurl is
https://HOSTNAME/pulp/repos , so for a hostname of
sat6.example.com the full
baseurl would be for example:
https://sat6.example.com/pulp/repos .
repomd_gpg_url
The URL of the GPG key that was used to sign this
repository's metadata. The specified GPG key will be used in addition to any
GPG keys defined by the entitlement.
ca_cert_dir
The location for the certificates which are used to
communicate with the server and to pull down content.
repo_ca_cert
The certificate to use for server side authentication
during content downloads.
productCertDir
The directory where product certificates should be
stored.
entitlementCertDir
The directory where entitlement certificates should be
stored.
consumerCertDir
The directory where the consumers identity certificate is
stored.
manage_repos
Set this to 1 if subscription manager should
manage a yum repos file. If set, it will manage the file
/etc/yum.repos.d/redhat.repo. If set to 0 then the subscription is only
used for tracking purposes, not content. The /etc/yum.repos.d/redhat.repo file
will either be purged or deleted.
full_refresh_on_yum
Set to 1 if the /etc/yum.repos.d/redhat.repo
should be updated with every server command. This will make yum less
efficient, but can ensure that the most recent data is brought down from the
subscription service.
report_package_profile
Set to 1 if rhsmcertd should report the
system's current package profile to the subscription service. This report
helps the subscription service provide better errata notifications. If
supported by the entitlement server, enabled repos, enabled modules, and
packages present will be reported. This configuration also governs package
profile reporting when the "dnf uploadprofile" command is
executed.
package_profile_on_trans
Set to 1 if the dnf/yum subscription-manager
plugin should report the system's current package profile to the
subscription service on execution of dnf/yum transactions (for example on
package install). This report helps the subscription service provide better
errata notifications. If supported by the entitlement server, enabled repos,
enabled modules, and packages present will be reported. The
report_package_profile option needs to also be set to 1 for this option
to have any effect.
pluginDir
The directory to search for subscription manager
plug-ins
pluginConfDir
The directory to search for plug-in configuration
files
auto_enable_yum_plugins
When this option is enabled, then yum/dnf plugins
subscription-manager and product-id are enabled every-time
subscription-manager or subscription-manager-gui is executed.
inotify
Inotify is used for monitoring changes in directories
with certificates. Currently only the /etc/pki/consumer directory is monitored
by the rhsm.service. When this directory is mounted using a network file
system without inotify notification support (e.g. NFS), then disabling inotify
is strongly recommended. When inotify is disabled, periodical directory
polling is used instead.
[RHSMCERTD] OPTIONS¶
certCheckInterval
The number of minutes between runs of the
rhsmcertd daemon
autoAttachInterval
The number of minutes between attempts to run auto-attach
on this consumer.
splay
1 to enable splay. 0 to disable splay. If enabled, this
feature delays the initial auto attach and cert check by an amount between 0
seconds and the interval given for the action being delayed. For example if
the certCheckInterval were set to 3 minutes, the initial cert check
would begin somewhere between 2 minutes after start up (minimum delay) and 5
minutes after start up. This is useful to reduce peak load on the Satellite or
entitlement service used by a large number of machines.
disable
Set to 1 to disable rhsmcertd operation entirely.
auto_registration
Set to 1 to enable automatic registration. Automatic
registration can only work on virtual machines running in the public cloud.
Currently three public cloud providers are supported: AWS, Azure and GCP. In
order for rhsmcertd to perform automatic registration, please link your
"Cloud ID" from your cloud provider to your "RHSM Organization
ID" using
https://cloud.redhat.com.
auto_registration_interval
The number of minutes between attempts to run
auto-registration on this system
[RHSMD] OPTIONS¶
processTimeout
The time in seconds we will allow the rhsmd cron job to
run before terminating the process.
[LOGGING] OPTIONS¶
default_log_level
The default log level for all loggers in
subscription-manager, python-rhsm, rhsmd, and rhsmcertd. Note: Other keys in
this section will override this value for the specified logger.
MODULE_NAME[.SUBMODULE ...] = [log_level]
Logging can be configured on a module-level basis via
entries of the format above where:
module_name is subscription_manager, rhsm, or
rhsm-app.
submodule can be optionally specified to further override
the logging level down to a specific file.
log_level is the log level to set the specified logger (one
of: DEBUG, INFO, WARNING, ERROR, or CRITICAL).
AUTHOR¶
Bryan Kearney <bkearney@redhat.com>