Scroll to navigation

RHSM.CONF(5)   RHSM.CONF(5)

NAME

rhsm.conf - Configuration file for the subscription-manager tooling

DESCRIPTION

The rhsm.conf file is the configuration file for various subscription manager tooling. This includes subscription-manager, subscription-manager-gui, rhsmcertd, and virt-who.

The format of this file is a simple INI-like structure, with keys and values inside sections. Duplicated keys in sections are not allowed, and only the last occurrence of each key is actually used. Duplicated section names are not allowed.

[SERVER] OPTIONS

hostname

The hostname of the subscription service being used. The default is the Red Hat Customer Portal which is subscription.rhsm.redhat.com. This default should not be retrofitted to previously installed versions. It should be incorporated as the default going forward.

prefix

Server prefix where the subscription service is registered.

port

The port which the subscription service is listening on.

insecure

This flag enables or disables entitlement server certification verification using the certificate authorities which are installed in /etc/rhsm/ca.

ssl_verify_depth

Sets the number of certificates which should be used to verify the servers identity. This is an advanced control which can be used to secure on premise installations.

server_timeout

Set this to a non-blank value to override the HTTP timeout in seconds. The default is 180 seconds (3 minutes).

proxy_hostname

Set this to a non-blank value if subscription-manager should use a reverse proxy to access the subscription service. This sets the host for the reverse proxy. Overrides hostname from HTTP_PROXY and HTTPS_PROXY environment variables. This value should not contain the scheme to be used with the proxy (e.g. http or https). To specify that use the proxy_scheme option.

proxy_scheme

This sets the scheme for the reverse proxy when writing out the proxy to repo definitions. Set this to a non-blank value if you want to specify the scheme used by your package manager for subscription-manager managed repos. This defaults to "http".

proxy_port

Set this to a non-blank value if subscription-manager should use a reverse proxy to access the subscription service. This sets the port for the reverse proxy. Overrides port from HTTP_PROXY and HTTPS_PROXY environment variables.

Please note that setting this to any value other than 3128 (depending on your SELinux configuration) will require an update to that policy.

To add a local policy:

# semanage port -a -t squid_port_t -p tcp <port number>

To change the system back to look at 3128 port, just remove the policy:

# semanage port -d -t squid_port_t -p tcp <port number>

proxy_username

Set this to a non-blank value if subscription-manager should use an authenticated reverse proxy to access the subscription service. This sets the username for the reverse proxy. Overrides username from HTTP_PROXY and HTTPS_PROXY environment variables.

proxy_password

Set this to a non-blank value if subscription-manager should use an authenticated reverse proxy to access the subscription service. This sets the password for the reverse proxy. Overrides password from HTTP_PROXY and HTTPS_PROXY environment variables.

no_proxy

Set this to a non-blank value if subscription-manager should not use a proxy for specific hosts. Format is a comma-separated list of hostname suffixes, optionally with port. '*' is a special value that means do not use a proxy for any host. Overrides the NO_PROXY environment variable.

[RHSM] OPTIONS

baseurl

This setting is the prefix for all content which is managed by the subscription service. This should be the hostname for the Red Hat CDN, the local Satellite or Capsule depending on your deployment. Prefix depends on the service type. For the Red Hat CDN, the full baseurl is https://cdn.redhat.com . For Satellite 6, the baseurl is https://HOSTNAME/pulp/repos , so for a hostname of sat6.example.com the full baseurl would be for example: https://sat6.example.com/pulp/repos .

repomd_gpg_url

The URL of the GPG key that was used to sign this repository's metadata. The specified GPG key will be used in addition to any GPG keys defined by the entitlement.

ca_cert_dir

The location for the certificates which are used to communicate with the server and to pull down content.

repo_ca_cert

The certificate to use for server side authentication during content downloads.

productCertDir

The directory where product certificates should be stored.

entitlementCertDir

The directory where entitlement certificates should be stored.

consumerCertDir

The directory where the consumers identity certificate is stored.

manage_repos

Set this to 1 if subscription manager should manage a yum repos file. If set, it will manage the file /etc/yum.repos.d/redhat.repo. If set to 0 then the subscription is only used for tracking purposes, not content. The /etc/yum.repos.d/redhat.repo file will either be purged or deleted.

full_refresh_on_yum

Set to 1 if the /etc/yum.repos.d/redhat.repo should be updated with every server command. This will make yum less efficient, but can ensure that the most recent data is brought down from the subscription service.

report_package_profile

Set to 1 if rhsmcertd should report the system's current package profile to the subscription service. This report helps the subscription service provide better errata notifications. If supported by the entitlement server, enabled repos, enabled modules, and packages present will be reported. This configuration also governs package profile reporting when the "dnf uploadprofile" command is executed.

package_profile_on_trans

Set to 1 if the dnf/yum subscription-manager plugin should report the system's current package profile to the subscription service on execution of dnf/yum transactions (for example on package install). This report helps the subscription service provide better errata notifications. If supported by the entitlement server, enabled repos, enabled modules, and packages present will be reported. The report_package_profile option needs to also be set to 1 for this option to have any effect.

pluginDir

The directory to search for subscription manager plug-ins

pluginConfDir

The directory to search for plug-in configuration files

auto_enable_yum_plugins

When this option is enabled, then yum/dnf plugins subscription-manager and product-id are enabled every-time subscription-manager or subscription-manager-gui is executed.

inotify

Inotify is used for monitoring changes in directories with certificates. Currently only the /etc/pki/consumer directory is monitored by the rhsm.service. When this directory is mounted using a network file system without inotify notification support (e.g. NFS), then disabling inotify is strongly recommended. When inotify is disabled, periodical directory polling is used instead.

[RHSMCERTD] OPTIONS

certCheckInterval

The number of minutes between runs of the rhsmcertd daemon

autoAttachInterval

The number of minutes between attempts to run auto-attach on this consumer.

splay

1 to enable splay. 0 to disable splay. If enabled, this feature delays the initial auto attach and cert check by an amount between 0 seconds and the interval given for the action being delayed. For example if the certCheckInterval were set to 3 minutes, the initial cert check would begin somewhere between 2 minutes after start up (minimum delay) and 5 minutes after start up. This is useful to reduce peak load on the Satellite or entitlement service used by a large number of machines.

disable

Set to 1 to disable rhsmcertd operation entirely.

auto_registration

Set to 1 to enabled automatic registration. Automatic registration can only work on virtual machines running in the public cloud. Currently three public cloud providers are supported: AWS, Azure and GCP. In order for rhsmcertd to perform automatic registration, please link your "Cloud ID" from your cloud provider to your "RHSM Organization ID" using https://cloud.redhat.com.

auto_registration_interval

The number of minutes between attempts to run auto-registration on this system

[LOGGING] OPTIONS

default_log_level

The default log level for all loggers in subscription-manager, python-rhsm, and rhsmcertd. Note: Other keys in this section will override this value for the specified logger.

MODULE_NAME[.SUBMODULE ...] = [log_level]

Logging can be configured on a module-level basis via entries of the format above where:
module_name is subscription_manager, rhsm, or rhsm-app.

submodule can be optionally specified to further override the logging level down to a specific file.

log_level is the log level to set the specified logger (one of: DEBUG, INFO, WARNING, ERROR, or CRITICAL).

AUTHOR

Bryan Kearney <bkearney@redhat.com>

SEE ALSO

subscription-manager(8), subscription-manager-gui(8), rhsmcertd(8)

RESOURCES

Main web site: http://www.candlepinproject.org/

COPYING

Copyright (c) 2010-2012 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.

- rhsm.conf