About the rhsm.conf File
The main configuration file for the Subscription Manager is rhsm.conf. This file configures several important aspects of how CentOS Subscription Manager interacts with both entitlements and content services:
- The subscription service connection information, including the server host and port
- The content service to use, in the form of a web address
- The location of all of the different certificates used by the subscription service, including CA certificates for SSL authentication, identity certificates for the system, and entitlement and product certificates
The rhsm.conf file is divided into three sections. Two major sections defined the subscription service ([server]) and content and product delivery ([rhsm]). The third section relates to the rhsmcertd daemon. Each assertion is a simple attribute= value pair. Any of the default values can be edited; all possible attributes are present and active in the default rhsm.conf file.
Example 14.9. Default rhsm.conf File
# CentOS Subscription Manager Configuration File: # Unified Entitlement Platform Configuration [server] # Server hostname: hostname = subscription.rhn.redhat.com # Server prefix: prefix = /subscription # Server port: port = 443 # Set to 1 to disable certificate validation: insecure = 0 # Set the depth of certs which should be checked # when validating a certificate ssl_verify_depth = 3 # Server CA certificate location: ca_cert_dir = /etc/rhsm/ca/ # an http proxy server to use proxy_hostname = # port for http proxy server proxy_port = # user name for authenticating to an http proxy, if needed proxy_user = # password for basic http proxy auth, if needed proxy_password = [rhsm] # Content base URL: baseurl= https://cdn.redhat.com # Default CA cert to use when generating yum repo configs: repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem # Where the certificates should be stored productCertDir = /etc/pki/product entitlementCertDir = /etc/pki/entitlement consumerCertDir = /etc/pki/consumer [rhsmcertd] # Frequency of certificate refresh (in minutes): certFrequency = 240 # Frequency of autoheal check (1440 min = 1 day): healFrequency = 1440
Table 14.7. rhsm.conf Parameters
This parameter only applies to the Subscription Manager GUI. Incompatible subscriptions can be displayed in the CLI by using the --all option with the list command.
| Parameter | Description | Default Value |
|---|---|---|
| [server] Parameters | ||
| hostname | Gives the IP address or fully-qualified domain name of the subscription service. | subscription.rhn.redhat.com |
| prefix | Gives the directory, in the URL, to use to connect to the subscription service. | /subscription |
| port | Gives the port to use to connect to the subscription service. | 443 |
| insecure | Sets whether to use a secure (0) or insecure (1) connection for connections between the Subscription Manager clients and the subscription service. | 0 |
| ssl_verify_depth | Sets how far back in the certificate chain to verify the certificate. | 3 |
| proxy_hostname | Gives the hostname of the proxy server. This is required. | |
| proxy_port | Gives the port of the proxy server. This is required. | |
| proxy_user | Gives the user account to use to access the proxy server. This may not be required, depending on the proxy server configuration. | |
| proxy_password | Gives the password credentials to access the proxy server. This may not be required, depending on the proxy server configuration. | |
| ca_cert_dir | Gives the location for the CA certificate for the CA which issued the subscription service's certificates. This allows the client to identify and trust the subscription service for authentication for establishing an SSL connection. | /etc/rhsm/ca |
| [rhsm] Parameters | ||
| baseurl | Gives the full URL to access the content delivery system. | https://cdn.redhat.com |
| repo_ca_cert | Identifies the default CA certificate to use to set the yum repo configuration. | %(ca_cert_dir)sredhat-uep.pem |
| showIncompatiblePools |
Sets whether to display subscription pools which are not compatible with the system's architecture but which have been purchased by an organization. By default, Subscription Manager only displays subscriptions which are compatible with, and therefore available to, the system. | 0 |
| productCertDir | Sets the root directory where the product certificates are stored and can be accessed by Subscription Manager. | /etc/pki/product |
| consumerCertDir | Sets the directory where the identity certificate for the system is stored and can be accessed by Subscription Manager. | /etc/pki/consumer |
| entitlementCertDir | Sets the directory where the entitlement certificates for the system are stored and can be accessed by Subscription Manager. Each subscription has its own entitlement certificate. | /etc/pki/entitlement |
| [rhsmcertd] Parameters | ||
| certFrequency | Sets the interval, in minutes, to check and update entitlement certificates used by Subscription Manager. | 240 |
| healFrequency | Sets the interval, in minutes, to check for change subscriptions and installed products and to allocate subscriptions, as necessary, to maintain subscription status for all products. | 240 |