1rhsmcertd(8) Subscription Management rhsmcertd(8)
2
3
4
6 rhsmcertd - Periodically scans and updates the entitlement certificates
7 on a registered system.
8
9
11 rhsmcertd [--cert-check-interval=MINUTES] [--auto-attach-interval=MIN‐
12 UTES] [--auto-registration-interval] [--no-splay] [--now] [--auto-reg‐
13 istration] [--debug] [--help]
14
15
16 Deprecated usage
17
18 rhsmcertd [certInterval autoattachInterval]
19
20
22 Red Hat provides content updates and support by issuing subscriptions
23 for its products. These subscriptions are applied to systems (ma‐
24 chines). Red Hat Subscription Manager is a tool which allows adminis‐
25 trators to manage those subscriptions by registering systems and peo‐
26 ple, applying subscriptions, and viewing subscriptions.
27
28
29 When subscriptions are applied to a system or when new subscriptions
30 are available, the subscription management system issues that machine
31 an X.509 certificate which contains all of the details of that sub‐
32 scription. The rhsmcertd process runs periodically to check for changes
33 in the subscriptions available to a machine by updating the entitlement
34 certificates installed on the machine and by installing new entitlement
35 certificates as they're available.
36
37
38 At a defined interval, the process checks with the subscription manage‐
39 ment service to see if any new subscriptions are available to the sys‐
40 tem. If there are, it pulls in the associated subscription certifi‐
41 cates. If any subscriptions have expired and new subscriptions are
42 available, then the rhsmcertd process will automatically request those
43 subscriptions. By default, the initial auto-attach is delayed by a ran‐
44 dom amount of seconds from zero to the autoAttachInterval. The initial
45 cert check is delayed by a random amount of seconds from zero to
46 certCheckInterval.
47
48
49 This rhsmcertd process can also perform automatic registration, when VM
50 is running in the public cloud. Three public cloud providers are sup‐
51 ported: AWS, Azure and GCP. When it is desired to perform automatic
52 registration by rhsmcertd, then it is also necessary to configure map‐
53 ping of "Cloud ID" to "RHSM organization ID" on https://cloud.red‐
54 hat.com.
55
56
57 This rhsmcertd process invokes the rhsmcertd-worker.py script to per‐
58 form the certificate add and update operations.
59
60
61 Both the certificate interval and the auto-attach interval are config‐
62 urable and can be reset through the rhsmcertd daemon itself or by edit‐
63 ing the Subscription Manager /etc/rhsm/rhsm.conf file.
64
65
66 rhsmcertd is started with the machine, by default, and is always run‐
67 ning in the background.
68
69
71 -h, --help
72 Prints the specific help information for the given command.
73
74
75 -d, --debug
76 Records more verbose output to the /var/log/rhsm/rhsmcertd.log
77 log file.
78
79
80 -n, --now
81 Runs the rhsmcertd scan immediately, rather than waiting for the
82 next scheduled interval.
83
84
85 -c, --cert-check-interval=MINUTES
86 Resets the interval for checking for new subscription certifi‐
87 cates. This value is in minutes. The default is 240, or four
88 hours. This interval is in effect until the daemon restarts, and
89 then the values in the /etc/rhsm/rhsm.conf file are used (unless
90 the argument is passed again).
91
92
93 -i, --auto-attach-interval=MINUTES
94 Resets the interval for checking for and replacing expired sub‐
95 scriptions. This value is in minutes. The default is 1440, or 24
96 hours. This interval is in effect until the daemon restarts, and
97 then the values in the /etc/rhsm/rhsm.conf file are used (unless
98 the argument is passed again).
99
100
101 -r, --auto-registration-interval=MINUTES
102 Resets the interval for automatic registration. This value is in
103 minutes. The default is 60, or 1 hour. This interval is in ef‐
104 fect until the daemon restarts, and then the values in the
105 /etc/rhsm/rhsm.conf file are used (unless the argument is passed
106 again).
107
108
109 -s, --no-splay
110 If present this option disables the splay feature entirely. When
111 not present the value of "splay" from the /etc/rhsm/rhsm.conf
112 file is used to determine whether the splay feature is on ("1")
113 or off ("0").
114
115
116 -a, --auto-registration
117 If present this option enable automatic registration. When not
118 present the value of "auto_registration" from the
119 /etc/rhsm/rhsm.conf file is used to determine whether the auto‐
120 matic registration feature is on ("1") or off ("0").
121
122
124 NOTE Be sure to stop the running rhsmcertd daemon before making any
125 configuration changes, or the new configuration is not applied.
126
127
128 RESETTING THE CERTIFICATE SCAN INTERVAL
129 service rhsmcertd stop
130 rhsmcertd --cert-check-interval=240
131
132
133 RUNNING CERTIFICATE AND HEALING SCANS IMMEDIATELY
134 Normally, the certificate and auto-attach scans are run periodically,
135 on a schedule defined in the rhsmcertd configuration. The scans can be
136 run immediately -- which is useful if an administrator knows that there
137 are new subscriptions available -- and then the scans resume their
138 schedules.
139 service rhsmcertd stop
140 rhsmcertd -n
141
142
143 DEPRECATED USAGE
144 rhsmcertd used to allow the certificate and auto-attach intervals to be
145 reset simply by passing two integers as arguments.
146
147 rhsmcertd certInterval autoAttachInterval
148
149 For example:
150 service rhsmcertd stop
151 rhsmcertd 180 480
152
153 This usage is still allowed, but it is deprecated and not recommended.
154
155
157 * /usr/share/rhsm/certmgr.py
158
159 * /etc/rhsm/rhsm.conf
160
161 * /var/log/rhsm/rhsmcertd.log
162
163
165 This daemon is part of Red Hat Subscription Manager. To file bugs
166 against this daemon, go to https://bugzilla.redhat.com, and select Red
167 Hat > Red Hat Enterprise Linux > subscription-manager.
168
169
170
172 Deon Lackey, <dlackey@redhat.com> and Jeff Ortel, <jortel@redhat.com>.
173 rhsmcertd was written by Jeff Ortel.
174
175
177 Copyright (c) 2010-2012 Red Hat, Inc. This is licensed under the GNU
178 General Public License, version 2 (GPLv2). A copy of this license is
179 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
180
181
182
183 rhsmcertd(8)