1RHSM.CONF(5) RHSM.CONF(5)
2
3
4
6 rhsm.conf - Configuration file for the subscription-manager tooling
7
9 The rhsm.conf file is the configuration file for various subscription
10 manager tooling. This includes subscription-manager,
11 subscription-manager-gui, rhsmcertd, and virt-who.
12
13 The format of this file is a simple INI-like structure, with keys and
14 values inside sections. Duplicated keys in sections are not allowed,
15 and only the last occurrence of each key is actually used. Duplicated
16 section names are not allowed.
17
19 hostname
20 The hostname of the subscription service being used. The default is
21 the Red Hat Customer Portal which is subscription.rhsm.redhat.com.
22 This default should not be retrofitted to previously installed
23 versions. It should be incorporated as the default going forward.
24
25 prefix
26 Server prefix where the subscription service is registered.
27
28 port
29 The port which the subscription service is listening on.
30
31 insecure
32 This flag enables or disables entitlement server certification
33 verification using the certificate authorities which are installed
34 in /etc/rhsm/ca.
35
36 server_timeout
37 Set this to a non-blank value to override the HTTP timeout in
38 seconds. The default is 180 seconds (3 minutes).
39
40 proxy_hostname
41 Set this to a non-blank value if subscription-manager should use a
42 reverse proxy to access the subscription service. This sets the
43 host for the reverse proxy. Overrides hostname from HTTP_PROXY and
44 HTTPS_PROXY environment variables. This value should not contain
45 the scheme to be used with the proxy (e.g. http or https). To
46 specify that use the proxy_scheme option.
47
48 proxy_scheme
49 This sets the scheme for the reverse proxy when writing out the
50 proxy to repo definitions. Set this to a non-blank value if you
51 want to specify the scheme used by your package manager for
52 subscription-manager managed repos. This defaults to "http".
53
54 proxy_port
55 Set this to a non-blank value if subscription-manager should use a
56 reverse proxy to access the subscription service. This sets the
57 port for the reverse proxy. Overrides port from HTTP_PROXY and
58 HTTPS_PROXY environment variables.
59
60 Please note that setting this to any value other than 3128
61 (depending on your SELinux configuration) will require an update to
62 that policy.
63
64 To add a local policy:
65
66 # semanage port -a -t squid_port_t -p tcp <port number>
67
68 To change the system back to look at 3128 port, just remove the
69 policy:
70
71 # semanage port -d -t squid_port_t -p tcp <port number>
72
73 proxy_username
74 Set this to a non-blank value if subscription-manager should use an
75 authenticated reverse proxy to access the subscription service.
76 This sets the username for the reverse proxy. Overrides username
77 from HTTP_PROXY and HTTPS_PROXY environment variables.
78
79 proxy_password
80 Set this to a non-blank value if subscription-manager should use an
81 authenticated reverse proxy to access the subscription service.
82 This sets the password for the reverse proxy. Overrides password
83 from HTTP_PROXY and HTTPS_PROXY environment variables.
84
85 no_proxy
86 Set this to a non-blank value if subscription-manager should not
87 use a proxy for specific hosts. Format is a comma-separated list of
88 hostname suffixes, optionally with port. '*' is a special value
89 that means do not use a proxy for any host. Overrides the NO_PROXY
90 environment variable.
91
93 baseurl
94 This setting is the prefix for all content which is managed by the
95 subscription service. This should be the hostname for the Red Hat
96 CDN, the local Satellite or Capsule depending on your deployment.
97 Prefix depends on the service type. For the Red Hat CDN, the full
98 baseurl is https://cdn.redhat.com . For Satellite 6, the baseurl
99 is https://HOSTNAME/pulp/repos , so for a hostname of
100 sat6.example.com the full baseurl would be for example:
101 https://sat6.example.com/pulp/repos .
102
103 repomd_gpg_url
104 The URL of the GPG key that was used to sign this repository's
105 metadata. The specified GPG key will be used in addition to any GPG
106 keys defined by the entitlement.
107
108 ca_cert_dir
109 The location for the certificates which are used to communicate
110 with the server and to pull down content.
111
112 repo_ca_cert
113 The certificate to use for server side authentication during
114 content downloads.
115
116 productCertDir
117 The directory where product certificates should be stored.
118
119 entitlementCertDir
120 The directory where entitlement certificates should be stored.
121
122 consumerCertDir
123 The directory where the consumers identity certificate is stored.
124
125 manage_repos
126 Set this to 1 if subscription manager should manage a yum repos
127 file. If set, it will manage the file /etc/yum.repos.d/redhat.repo.
128 If set to 0 then the subscription is only used for tracking
129 purposes, not content. The /etc/yum.repos.d/redhat.repo file will
130 either be purged or deleted.
131
132 full_refresh_on_yum
133 Set to 1 if the /etc/yum.repos.d/redhat.repo should be updated with
134 every server command. This will make yum less efficient, but can
135 ensure that the most recent data is brought down from the
136 subscription service.
137
138 report_package_profile
139 Set to 1 if rhsmcertd should report the system's current package
140 profile to the subscription service. This report helps the
141 subscription service provide better errata notifications. If
142 supported by the entitlement server, enabled repos, enabled
143 modules, and packages present will be reported. This configuration
144 also governs package profile reporting when the "dnf uploadprofile"
145 command is executed.
146
147 package_profile_on_trans
148 Set to 1 if the dnf/yum subscription-manager plugin should report
149 the system's current package profile to the subscription service on
150 execution of dnf/yum transactions (for example on package install).
151 This report helps the subscription service provide better errata
152 notifications. If supported by the entitlement server, enabled
153 repos, enabled modules, and packages present will be reported. The
154 report_package_profile option needs to also be set to 1 for this
155 option to have any effect.
156
157 pluginDir
158 The directory to search for subscription manager plug-ins
159
160 pluginConfDir
161 The directory to search for plug-in configuration files
162
163 auto_enable_yum_plugins
164 When this option is enabled, then yum/dnf plugins subscription-
165 manager and product-id are enabled every-time subscription-manager
166 or subscription-manager-gui is executed.
167
168 inotify
169 Inotify is used for monitoring changes in directories with
170 certificates. Currently only the /etc/pki/consumer directory is
171 monitored by the rhsm.service. When this directory is mounted using
172 a network file system without inotify notification support (e.g.
173 NFS), then disabling inotify is strongly recommended. When inotify
174 is disabled, periodical directory polling is used instead.
175
176 progress_messages
177 Set to 0 to disable progress reporting. When subscription-manager
178 waits while fetching certificates or updating user information, it
179 writes temporary informational messages to the standard output.
180 This feature may not be desired in some situations, changing this
181 option prevents those messages from being displayed.
182
184 certCheckInterval
185 The number of minutes between runs of the rhsmcertd daemon
186
187 autoAttachInterval
188 The number of minutes between attempts to run auto-attach on this
189 consumer.
190
191 splay
192 1 to enable splay. 0 to disable splay. If enabled, this feature
193 delays the initial auto attach and cert check by an amount between
194 0 seconds and the interval given for the action being delayed. For
195 example if the certCheckInterval were set to 3 minutes, the initial
196 cert check would begin somewhere between 2 minutes after start up
197 (minimum delay) and 5 minutes after start up. This is useful to
198 reduce peak load on the Satellite or entitlement service used by a
199 large number of machines.
200
201 disable
202 Set to 1 to disable rhsmcertd operation entirely.
203
204 auto_registration
205 Set to 1 to enable automatic registration. Automatic registration
206 can only work on virtual machines running in the public cloud.
207 Currently three public cloud providers are supported: AWS, Azure
208 and GCP. In order for rhsmcertd to perform automatic registration,
209 please link your "Cloud ID" from your cloud provider to your "RHSM
210 Organization ID" using https://cloud.redhat.com.
211
212 auto_registration_interval
213 The number of minutes between attempts to run auto-registration on
214 this system
215
217 default_log_level
218 The default log level for all loggers in subscription-manager,
219 python-rhsm, and rhsmcertd. Note: Other keys in this section will
220 override this value for the specified logger.
221
222 MODULE_NAME[.SUBMODULE ...] = [log_level]
223 Logging can be configured on a module-level basis via entries of
224 the format above where:
225 module_name is subscription_manager, rhsm, or rhsm-app.
226
227 submodule can be optionally specified to further override the
228 logging level down to a specific file.
229
230 log_level is the log level to set the specified logger (one of:
231 DEBUG, INFO, WARNING, ERROR, or CRITICAL).
232
234 Bryan Kearney <bkearney@redhat.com>
235
237 subscription-manager(8), subscription-manager-gui(8), rhsmcertd(8)
238
240 Main web site: http://www.candlepinproject.org/
241
243 Copyright (c) 2010-2012 Red Hat, Inc. This is licensed under the GNU
244 General Public License, version 2 (GPLv2). A copy of this license is
245 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
246
247
248
249rhsm.conf - RHSM.CONF(5)