1RHSM.CONF(5) RHSM.CONF(5)
2
3
4
6 rhsm.conf - Configuration file for the subscription-manager tooling
7
9 The rhsm.conf file is the configuration file for various subscription
10 manager tooling. This includes subscription-manager,
11 subscription-manager-gui, rhsmcertd, and virt-who.
12
14 hostname
15 The hostname of the subscription service being used. The default is
16 the Red Hat Customer Portal which is subscription.rhsm.redhat.com.
17 This default should not be retrofitted to previously installed
18 versions. It should be incorporated as the default going forward.
19
20 prefix
21 Server prefix where the subscription service is registered.
22
23 port
24 The port which the subscription service is listening on.
25
26 insecure
27 This flag enables or disables entitlement server certification
28 verification using the certificate authorities which are installed
29 in /etc/rhsm/ca.
30
31 ssl_verify_depth
32 Sets the number of certificates which should be used to verify the
33 servers identity. This is an advanced control which can be used to
34 secure on premise installations.
35
36 server_timeout
37 Set this to a non-blank value to override the HTTP timeout in
38 seconds. The default is 180 seconds (3 minutes).
39
40 proxy_hostname
41 Set this to a non-blank value if subscription-manager should use a
42 reverse proxy to access the subscription service. This sets the
43 host for the reverse proxy. Overrides hostname from HTTP_PROXY and
44 HTTPS_PROXY environment variables. This value should not contain
45 the scheme to be used with the proxy (e.g. http or https). To
46 specify that use the proxy_scheme option.
47
48 proxy_scheme
49 This sets the scheme for the reverse proxy when writing out the
50 proxy to repo definitions. Set this to a non-blank value if you
51 want to specify the scheme used by your package manager for
52 subscription-manager managed repos. This defaults to "http".
53
54 proxy_port
55 Set this to a non-blank value if subscription-manager should use a
56 reverse proxy to access the subscription service. This sets the
57 port for the reverse proxy. Overrides port from HTTP_PROXY and
58 HTTPS_PROXY environment variables.
59
60 Please note that setting this to any value other than 3128
61 (depending on your SELinux configuration) will require an update to
62 that policy.
63
64 To add a local policy:
65
66 # semanage port -a -t squid_port_t -p tcp <port number>
67
68 To change the system back to look at 3128 port, just remove the
69 policy:
70
71 # semanage port -d -t squid_port_t -p tcp <port number>
72
73 proxy_username
74 Set this to a non-blank value if subscription-manager should use an
75 authenticated reverse proxy to access the subscription service.
76 This sets the username for the reverse proxy. Overrides username
77 from HTTP_PROXY and HTTPS_PROXY environment variables.
78
79 proxy_password
80 Set this to a non-blank value if subscription-manager should use an
81 authenticated reverse proxy to access the subscription service.
82 This sets the password for the reverse proxy. Overrides password
83 from HTTP_PROXY and HTTPS_PROXY environment variables.
84
85 no_proxy
86 Set this to a non-blank value if subscription-manager should not
87 use a proxy for specific hosts. Format is a comma-separated list of
88 hostname suffixes, optionally with port. '*' is a special value
89 that means do not use a proxy for any host. Overrides the NO_PROXY
90 environment variable.
91
93 baseurl
94 This setting is the prefix for all content which is managed by the
95 subscription service. This should be the hostname for the Red Hat
96 CDN, the local Satellite or Capsule depending on your deployment.
97 Prefix depends on the service type. For the Red Hat CDN, the full
98 baseurl is https://cdn.redhat.com . For Satellite 6, the baseurl
99 is https://HOSTNAME/pulp/repos , so for a hostname of
100 sat6.example.com the full baseurl would be for example:
101 https://sat6.example.com/pulp/repos .
102
103 repomd_gpg_url
104 The URL of the GPG key that was used to sign this repository's
105 metadata. The specified GPG key will be used in addition to any GPG
106 keys defined by the entitlement.
107
108 ca_cert_dir
109 The location for the certificates which are used to communicate
110 with the server and to pull down content.
111
112 repo_ca_cert
113 The certificate to use for server side authentication during
114 content downloads.
115
116 productCertDir
117 The directory where product certificates should be stored.
118
119 entitlementCertDir
120 The directory where entitlement certificates should be stored.
121
122 consumerCertDir
123 The directory where the consumers identity certificate is stored.
124
125 manage_repos
126 Set this to 1 if subscription manager should manage a yum repos
127 file. If set, it will manage the file /etc/yum.repos.d/redhat.repo.
128 If set to 0 then the subscription is only used for tracking
129 purposes, not content. The /etc/yum.repos.d/redhat.repo file will
130 either be purged or deleted.
131
132 full_refresh_on_yum
133 Set to 1 if the /etc/yum.repos.d/redhat.repo should be updated with
134 every server command. This will make yum less efficient, but can
135 ensure that the most recent data is brought down from the
136 subscription service.
137
138 report_package_profile
139 Set to 1 if rhsmcertd should report the system's current package
140 profile to the subscription service. This report helps the
141 subscription service provide better errata notifications. If
142 supported by the entitlement server, enabled repos, enabled
143 modules, and packages present will be reported. This configuration
144 also governs package profile reporting when the "dnf uploadprofile"
145 command is executed.
146
147 package_profile_on_trans
148 Set to 1 if the dnf/yum subscription-manager plugin should report
149 the system's current package profile to the subscription service on
150 execution of dnf/yum transactions (for example on package install).
151 This report helps the subscription service provide better errata
152 notifications. If supported by the entitlement server, enabled
153 repos, enabled modules, and packages present will be reported. The
154 report_package_profile option needs to also be set to 1 for this
155 option to have any effect.
156
157 pluginDir
158 The directory to search for subscription manager plug-ins
159
160 pluginConfDir
161 The directory to search for plug-in configuration files
162
163 auto_enable_yum_plugins
164 When this option is enabled, then yum/dnf plugins subscription-
165 manager and product-id are enabled every-time subscription-manager
166 or subscription-manager-gui is executed.
167
168 inotify
169 Inotify is used for monitoring changes in directories with
170 certificates. Currently only the /etc/pki/consumer directory is
171 monitored by the rhsm.service. When this directory is mounted using
172 a network file system without inotify notification support (e.g.
173 NFS), then disabling inotify is strongly recommended. When inotify
174 is disabled, periodical directory polling is used instead.
175
176 no_insights
177 When this option is enabled (set to 1), insights-client will not
178 automatically register the system to Red Hat Insights after
179 successful registration using "subscription-manager register"
180 regardless of the usage of the "--no-insights" command-line option.
181 When this option is disabled (set to 0), insights-client, if
182 installed, will automatically register the system to Red Hat
183 Insights after a successful registration using "subscription-
184 manager register" so long as the "--no-insights" option is not
185 provided.
186
188 certCheckInterval
189 The number of minutes between runs of the rhsmcertd daemon
190
191 autoAttachInterval
192 The number of minutes between attempts to run auto-attach on this
193 consumer.
194
195 splay
196 1 to enable splay. 0 to disable splay. If enabled, this feature
197 delays the initial auto attach and cert check by an amount between
198 0 seconds and the interval given for the action being delayed. For
199 example if the certCheckInterval were set to 3 minutes, the initial
200 cert check would begin somewhere between 2 minutes after start up
201 (minimum delay) and 5 minutes after start up. This is useful to
202 reduce peak load on the Satellite or entitlement service used by a
203 large number of machines.
204
205 disable
206 set to 1 to disable rhsmcertd operation entirely.
207
209 default_log_level
210 The default log level for all loggers in subscription-manager,
211 python-rhsm, and rhsmcertd. Note: Other keys in this section will
212 override this value for the specified logger.
213
214 MODULE_NAME[.SUBMODULE ...] = [log_level]
215 Logging can be configured on a module-level basis via entries of
216 the format above where:
217 module_name is subscription_manager, rhsm, or rhsm-app.
218
219 submodule can be optionally specified to further override the
220 logging level down to a specific file.
221
222 log_level is the log level to set the specified logger (one of:
223 DEBUG, INFO, WARNING, ERROR, or CRITICAL).
224
226 Bryan Kearney <bkearney@redhat.com>
227
229 subscription-manager(8), subscription-manager-gui(8), rhsmcertd(8)
230
232 Main web site: http://www.candlepinproject.org/
233
235 Copyright (c) 2010-2012 Red Hat, Inc. This is licensed under the GNU
236 General Public License, version 2 (GPLv2). A copy of this license is
237 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
238
239
240
241rhsm.conf - RHSM.CONF(5)