1RHSM.CONF(5) RHSM.CONF(5)
2
6 rhsm.conf - Configuration file for the subscription-manager tooling
7
9 The rhsm.conf file is the configuration file for various subscription
10 manager tooling. This includes subscription-manager,
11 subscription-manager-gui, rhsmcertd, and virt-who.
12 The format of this file is a simple INI-like structure, with keys and
14 values inside sections. Duplicated keys in sections are not allowed,
15 and only the last occurrence of each key is actually used. Duplicated
16 section names are not allowed.
17
19 hostname
20 The hostname of the subscription service being used. The default is
21 the Red Hat Customer Portal which is subscription.rhsm.redhat.com.
22 This default should not be retrofitted to previously installed
23 versions. It should be incorporated as the default going forward.
24 prefix
26 Server prefix where the subscription service is registered.
27 port
29 The port which the subscription service is listening on.
30 insecure
32 This flag enables or disables entitlement server certification
33 verification using the certificate authorities which are installed
34 in /etc/rhsm/ca.
35 ssl_verify_depth
37 Sets the number of certificates which should be used to verify the
38 servers identity. This is an advanced control which can be used to
39 secure on premise installations.
40 server_timeout
42 Set this to a non-blank value to override the HTTP timeout in
43 seconds. The default is 180 seconds (3 minutes).
44 proxy_hostname
46 Set this to a non-blank value if subscription-manager should use a
47 reverse proxy to access the subscription service. This sets the
48 host for the reverse proxy. Overrides hostname from HTTP_PROXY and
49 HTTPS_PROXY environment variables. This value should not contain
50 the scheme to be used with the proxy (e.g. http or https). To
51 specify that use the proxy_scheme option.
52 proxy_scheme
54 This sets the scheme for the reverse proxy when writing out the
55 proxy to repo definitions. Set this to a non-blank value if you
56 want to specify the scheme used by your package manager for
57 subscription-manager managed repos. This defaults to "http".
58 proxy_port
60 Set this to a non-blank value if subscription-manager should use a
61 reverse proxy to access the subscription service. This sets the
62 port for the reverse proxy. Overrides port from HTTP_PROXY and
63 HTTPS_PROXY environment variables.
64 Please note that setting this to any value other than 3128
66 (depending on your SELinux configuration) will require an update to
67 that policy.
68 To add a local policy:
70 # semanage port -a -t squid_port_t -p tcp <port number>
72 To change the system back to look at 3128 port, just remove the
74 policy:
75 # semanage port -d -t squid_port_t -p tcp <port number>
77 proxy_username
79 Set this to a non-blank value if subscription-manager should use an
80 authenticated reverse proxy to access the subscription service.
81 This sets the username for the reverse proxy. Overrides username
82 from HTTP_PROXY and HTTPS_PROXY environment variables.
83 proxy_password
85 Set this to a non-blank value if subscription-manager should use an
86 authenticated reverse proxy to access the subscription service.
87 This sets the password for the reverse proxy. Overrides password
88 from HTTP_PROXY and HTTPS_PROXY environment variables.
89 no_proxy
91 Set this to a non-blank value if subscription-manager should not
92 use a proxy for specific hosts. Format is a comma-separated list of
93 hostname suffixes, optionally with port. '*' is a special value
94 that means do not use a proxy for any host. Overrides the NO_PROXY
95 environment variable.
96
98 baseurl
99 This setting is the prefix for all content which is managed by the
100 subscription service. This should be the hostname for the Red Hat
101 CDN, the local Satellite or Capsule depending on your deployment.
102 Prefix depends on the service type. For the Red Hat CDN, the full
103 baseurl is https://cdn.redhat.com . For Satellite 6, the baseurl
104 is https://HOSTNAME/pulp/repos , so for a hostname of
105 sat6.example.com the full baseurl would be for example:
106 https://sat6.example.com/pulp/repos .
107 repomd_gpg_url
109 The URL of the GPG key that was used to sign this repository's
110 metadata. The specified GPG key will be used in addition to any GPG
111 keys defined by the entitlement.
112 ca_cert_dir
114 The location for the certificates which are used to communicate
115 with the server and to pull down content.
116 repo_ca_cert
118 The certificate to use for server side authentication during
119 content downloads.
120 productCertDir
122 The directory where product certificates should be stored.
123 entitlementCertDir
125 The directory where entitlement certificates should be stored.
126 consumerCertDir
128 The directory where the consumers identity certificate is stored.
129 manage_repos
131 Set this to 1 if subscription manager should manage a yum repos
132 file. If set, it will manage the file /etc/yum.repos.d/redhat.repo.
133 If set to 0 then the subscription is only used for tracking
134 purposes, not content. The /etc/yum.repos.d/redhat.repo file will
135 either be purged or deleted.
136 full_refresh_on_yum
138 Set to 1 if the /etc/yum.repos.d/redhat.repo should be updated with
139 every server command. This will make yum less efficient, but can
140 ensure that the most recent data is brought down from the
141 subscription service.
142 report_package_profile
144 Set to 1 if rhsmcertd should report the system's current package
145 profile to the subscription service. This report helps the
146 subscription service provide better errata notifications. If
147 supported by the entitlement server, enabled repos, enabled
148 modules, and packages present will be reported. This configuration
149 also governs package profile reporting when the "dnf uploadprofile"
150 command is executed.
151 package_profile_on_trans
153 Set to 1 if the dnf/yum subscription-manager plugin should report
154 the system's current package profile to the subscription service on
155 execution of dnf/yum transactions (for example on package install).
156 This report helps the subscription service provide better errata
157 notifications. If supported by the entitlement server, enabled
158 repos, enabled modules, and packages present will be reported. The
159 report_package_profile option needs to also be set to 1 for this
160 option to have any effect.
161 pluginDir
163 The directory to search for subscription manager plug-ins
164 pluginConfDir
166 The directory to search for plug-in configuration files
167 auto_enable_yum_plugins
169 When this option is enabled, then yum/dnf plugins subscription-
170 manager and product-id are enabled every-time subscription-manager
171 or subscription-manager-gui is executed.
172 inotify
174 Inotify is used for monitoring changes in directories with
175 certificates. Currently only the /etc/pki/consumer directory is
176 monitored by the rhsm.service. When this directory is mounted using
177 a network file system without inotify notification support (e.g.
178 NFS), then disabling inotify is strongly recommended. When inotify
179 is disabled, periodical directory polling is used instead.
180
182 certCheckInterval
183 The number of minutes between runs of the rhsmcertd daemon
184 autoAttachInterval
186 The number of minutes between attempts to run auto-attach on this
187 consumer.
188 splay
190 1 to enable splay. 0 to disable splay. If enabled, this feature
191 delays the initial auto attach and cert check by an amount between
192 0 seconds and the interval given for the action being delayed. For
193 example if the certCheckInterval were set to 3 minutes, the initial
194 cert check would begin somewhere between 2 minutes after start up
195 (minimum delay) and 5 minutes after start up. This is useful to
196 reduce peak load on the Satellite or entitlement service used by a
197 large number of machines.
198 disable
200 Set to 1 to disable rhsmcertd operation entirely.
201 auto_registration
203 Set to 1 to enabled automatic registration. Automatic registration
204 can only work on virtual machines running in the public cloud.
205 Currently three public cloud providers are supported: AWS, Azure
206 and GCP. In order for rhsmcertd to perform automatic registration,
207 please link your "Cloud ID" from your cloud provider to your "RHSM
208 Organization ID" using https://cloud.redhat.com.
209 auto_registration_interval
211 The number of minutes between attempts to run auto-registration on
212 this system
213
215 default_log_level
216 The default log level for all loggers in subscription-manager,
217 python-rhsm, and rhsmcertd. Note: Other keys in this section will
218 override this value for the specified logger.
219 MODULE_NAME[.SUBMODULE ...] = [log_level]
221 Logging can be configured on a module-level basis via entries of
222 the format above where:
223 module_name is subscription_manager, rhsm, or rhsm-app.
224 submodule can be optionally specified to further override the
226 logging level down to a specific file.
227 log_level is the log level to set the specified logger (one of:
229 DEBUG, INFO, WARNING, ERROR, or CRITICAL).
230
232 Bryan Kearney <bkearney@redhat.com>
233
235 subscription-manager(8), subscription-manager-gui(8), rhsmcertd(8)
236
238 Main web site: http://www.candlepinproject.org/
239
241 Copyright (c) 2010-2012 Red Hat, Inc. This is licensed under the GNU
242 General Public License, version 2 (GPLv2). A copy of this license is
243 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
244rhsm.conf - RHSM.CONF(5)