1RHSM.CONF(5) RHSM.CONF(5)
2
6 rhsm.conf - Configuration file for the subscription-manager tooling
7
9 The rhsm.conf file is the configuration file for various subscription
10 manager tooling. This includes subscription-manager,
11 subscription-manager-gui, rhsmcertd, and virt-who.
12 The format of this file is a simple INI-like structure, with keys and
14 values inside sections. Duplicated keys in sections are not allowed,
15 and only the last occurrence of each key is actually used. Duplicated
16 section names are not allowed.
17
19 hostname
20 The hostname of the subscription service being used. The default is
21 the Red Hat Customer Portal which is subscription.rhsm.redhat.com.
22 This default should not be retrofitted to previously installed
23 versions. It should be incorporated as the default going forward.
24 prefix
26 Server prefix where the subscription service is registered.
27 port
29 The port which the subscription service is listening on.
30 insecure
32 This flag enables or disables entitlement server certification
33 verification using the certificate authorities which are installed
34 in /etc/rhsm/ca.
35 server_timeout
37 Set this to a non-blank value to override the HTTP timeout in
38 seconds. The default is 180 seconds (3 minutes).
39 proxy_hostname
41 Set this to a non-blank value if subscription-manager should use a
42 reverse proxy to access the subscription service. This sets the
43 host for the reverse proxy. Overrides hostname from HTTP_PROXY and
44 HTTPS_PROXY environment variables. This value should not contain
45 the scheme to be used with the proxy (e.g. http or https). To
46 specify that use the proxy_scheme option.
47 proxy_scheme
49 This only sets the scheme for the reverse proxy when writing out
50 the proxy to repo definitions. Set this to a non-blank value if you
51 want to specify the scheme used by your package manager for
52 subscription-manager managed repos. This defaults to "http".
53 Note: subscription-manager tooling does not use this option for
55 connecting reverse proxy and HTTPS is always used.
56 proxy_port
58 Set this to a non-blank value if subscription-manager should use a
59 reverse proxy to access the subscription service. This sets the
60 port for the reverse proxy. Overrides port from HTTP_PROXY and
61 HTTPS_PROXY environment variables.
62 Please note that setting this to any value other than 3128
64 (depending on your SELinux configuration) will require an update to
65 that policy.
66 To add a local policy:
68 # semanage port -a -t squid_port_t -p tcp <port number>
70 To change the system back to look at 3128 port, just remove the
72 policy:
73 # semanage port -d -t squid_port_t -p tcp <port number>
75 proxy_username
77 Set this to a non-blank value if subscription-manager should use an
78 authenticated reverse proxy to access the subscription service.
79 This sets the username for the reverse proxy. Overrides username
80 from HTTP_PROXY and HTTPS_PROXY environment variables.
81 proxy_password
83 Set this to a non-blank value if subscription-manager should use an
84 authenticated reverse proxy to access the subscription service.
85 This sets the password for the reverse proxy. Overrides password
86 from HTTP_PROXY and HTTPS_PROXY environment variables.
87 no_proxy
89 Set this to a non-blank value if subscription-manager should not
90 use a proxy for specific hosts. Format is a comma-separated list of
91 hostname suffixes, optionally with port. '*' is a special value
92 that means do not use a proxy for any host. Overrides the NO_PROXY
93 environment variable.
94
96 baseurl
97 This setting is the prefix for all content which is managed by the
98 subscription service. This should be the hostname for the Red Hat
99 CDN, the local Satellite or Capsule depending on your deployment.
100 Prefix depends on the service type. For the Red Hat CDN, the full
101 baseurl is https://cdn.redhat.com . For Satellite 6, the baseurl
102 is https://HOSTNAME/pulp/repos , so for a hostname of
103 sat6.example.com the full baseurl would be for example:
104 https://sat6.example.com/pulp/repos .
105 repomd_gpg_url
107 The URL of the GPG key that was used to sign this repository's
108 metadata. The specified GPG key will be used in addition to any GPG
109 keys defined by the entitlement.
110 ca_cert_dir
112 The location for the certificates which are used to communicate
113 with the server and to pull down content.
114 repo_ca_cert
116 The certificate to use for server side authentication during
117 content downloads.
118 productCertDir
120 The directory where product certificates should be stored.
121 entitlementCertDir
123 The directory where entitlement certificates should be stored.
124 consumerCertDir
126 The directory where the consumers identity certificate is stored.
127 manage_repos
129 Set this to 1 if subscription manager should manage a yum repos
130 file. If set, it will manage the file /etc/yum.repos.d/redhat.repo.
131 If set to 0 then the subscription is only used for tracking
132 purposes, not content. The /etc/yum.repos.d/redhat.repo file will
133 either be purged or deleted.
134 full_refresh_on_yum
136 Set to 1 if the /etc/yum.repos.d/redhat.repo should be updated with
137 every server command. This will make yum less efficient, but can
138 ensure that the most recent data is brought down from the
139 subscription service.
140 report_package_profile
142 Set to 1 if rhsmcertd should report the system's current package
143 profile to the subscription service. This report helps the
144 subscription service provide better errata notifications. If
145 supported by the entitlement server, enabled repos, enabled
146 modules, and packages present will be reported. This configuration
147 also governs package profile reporting when the "dnf uploadprofile"
148 command is executed.
149 package_profile_on_trans
151 Set to 1 if the dnf/yum subscription-manager plugin should report
152 the system's current package profile to the subscription service on
153 execution of dnf/yum transactions (for example on package install).
154 This report helps the subscription service provide better errata
155 notifications. If supported by the entitlement server, enabled
156 repos, enabled modules, and packages present will be reported. The
157 report_package_profile option needs to also be set to 1 for this
158 option to have any effect.
159 pluginDir
161 The directory to search for subscription manager plug-ins
162 pluginConfDir
164 The directory to search for plug-in configuration files
165 auto_enable_yum_plugins
167 When this option is enabled, then yum/dnf plugins subscription-
168 manager and product-id are enabled every-time subscription-manager
169 or subscription-manager-gui is executed.
170 inotify
172 Inotify is used for monitoring changes in directories with
173 certificates. Currently only the /etc/pki/consumer directory is
174 monitored by the rhsm.service. When this directory is mounted using
175 a network file system without inotify notification support (e.g.
176 NFS), then disabling inotify is strongly recommended. When inotify
177 is disabled, periodical directory polling is used instead.
178 progress_messages
180 Set to 0 to disable progress reporting. When subscription-manager
181 waits while fetching certificates or updating user information, it
182 writes temporary informational messages to the standard output.
183 This feature may not be desired in some situations, changing this
184 option prevents those messages from being displayed.
185
187 certCheckInterval
188 The number of minutes between runs of the rhsmcertd daemon
189 autoAttachInterval
191 The number of minutes between attempts to run auto-attach on this
192 consumer.
193 splay
195 1 to enable splay. 0 to disable splay. If enabled, this feature
196 delays the initial auto attach and cert check by an amount between
197 0 seconds and the interval given for the action being delayed. For
198 example if the certCheckInterval were set to 3 minutes, the initial
199 cert check would begin somewhere between 2 minutes after start up
200 (minimum delay) and 5 minutes after start up. This is useful to
201 reduce peak load on the Satellite or entitlement service used by a
202 large number of machines.
203 disable
205 Set to 1 to disable rhsmcertd operation entirely.
206 auto_registration
208 Set to 1 to enable automatic registration. Automatic registration
209 can only work on virtual machines running in the public cloud.
210 Currently three public cloud providers are supported: AWS, Azure
211 and GCP. In order for rhsmcertd to perform automatic registration,
212 please link your "Cloud ID" from your cloud provider to your "RHSM
213 Organization ID" using https://cloud.redhat.com.
214 auto_registration_interval
216 The number of minutes between attempts to run auto-registration on
217 this system
218
220 default_log_level
221 The default log level for all loggers in subscription-manager,
222 python-rhsm, and rhsmcertd. Note: Other keys in this section will
223 override this value for the specified logger.
224 MODULE_NAME[.SUBMODULE ...] = [log_level]
226 Logging can be configured on a module-level basis via entries of
227 the format above where:
228 module_name is subscription_manager, rhsm, or rhsm-app.
229 submodule can be optionally specified to further override the
231 logging level down to a specific file.
232 log_level is the log level to set the specified logger (one of:
234 DEBUG, INFO, WARNING, ERROR, or CRITICAL).
235
237 Bryan Kearney <bkearney@redhat.com>
238
240 subscription-manager(8), subscription-manager-gui(8), rhsmcertd(8)
241
243 Main web site: http://www.candlepinproject.org/
244
246 Copyright (c) 2010-2012 Red Hat, Inc. This is licensed under the GNU
247 General Public License, version 2 (GPLv2). A copy of this license is
248 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
249rhsm.conf - RHSM.CONF(5)