CentOS Subscription Manager Configuration Files

The primary configuration file for CentOS Subscription Manager, both the GUI and CLI tools, is the rhsm.conf configuration file. There are other support files that either influence the CentOS Subscription Manager service or can help administrators better use the Subscription Manager.

All Files Used by CentOS Subscription Manager

All of the files related to the configuration of CentOS Subscription Manager are used by both the GUI and CLI; there's no separate configuration.

Table 14.6. CentOS Subscription Manager Files and Directories

File or Directory	Description
/etc/rhsm	The primary CentOS Subscription Manager configuration directory.
/etc/rhsm/rhsm.conf	The CentOS Subscription Manager configuration file. This is used by both the GUI and the CLI.
/etc/rhsm/facts	Any user-defined JSON files that override or add system facts to determine entitlement compatibility. Any facts files must end in `.facts`.
/var/lib/rhsm/cache/installed_products.json	A master list of installed products, which is sent by Subscription Manager to a hosted content service, such as Subscription Asset Manager.
/var/lib/rhsm/facts/facts.facts	The default system facts filed, gathered by the Subscription Manager.
/var/lib/rhsm/packages/	The package profile cache (a list of installed products) which is gathered and periodically updated by the Subscription Manager.
/var/log/rhsm	The CentOS Subscription Manager log directory.
/var/log/rhsm/rhsm.log	The log for the CentOS Subscription Manager tools.
/var/log/rhsm/rhsmcertd.log	The log for the CentOS Subscription Manager daemon, `rhsmcertd`.
/etc/pki/consumer	The directory which contains the identity certificates used by the system to identify itself to the subscription service.
/etc/pki/consumer/cert.pem	The base-64 consumer identity certificate file.
/etc/pki/consumer/key.pem	The base-64 consumer identity key file.
/etc/pki/entitlement	The directory which contains the entitlement certificates for the available subscriptions.
/etc/pki/product/`product_serial#`.pem	The product certificates for installed software products.
/var/run/subsys/rhsm	Runtime files for CentOS Subscription Manager
/etc/init.d/rhsmcertd	The subscription certificate daemon.
/etc/cron.daily/rhsm-complianced and /usr/libexec/rhsm-complianced	Files to run daily checks and notifications for subscription validity.
/etc/yum/pluginconf.d/rhsmplugin.conf	The configuration file to include the CentOS Subscription Manager plug-in in the `yum` configuration.
/usr/share/rhsm	All of the Python and script files used by both CentOS Subscription Manager tool to perform subscription tasks.
/usr/share/rhsm/gui	All of the Python script and image files used to render the CentOS Subscription Manager GUI.

About the rhsm.conf File

The main configuration file for the Subscription Manager is rhsm.conf. This file configures several important aspects of how CentOS Subscription Manager interacts with both entitlements and content services:

The subscription service connection information, including the server host and port

The content service to use, in the form of a web address
The location of all of the different certificates used by the subscription service, including CA certificates for SSL authentication, identity certificates for the system, and entitlement and product certificates

The rhsm.conf file is divided into three sections. Two major sections defined the subscription service ([server]) and content and product delivery ([rhsm]). The third section relates to the rhsmcertd daemon. Each assertion is a simple attribute= value pair. Any of the default values can be edited; all possible attributes are present and active in the default rhsm.conf file.

Example 14.9. Default rhsm.conf File

# CentOS Subscription Manager Configuration File:
# Unified Entitlement Platform Configuration
[server]
# Server hostname:
hostname = subscription.rhn.redhat.com
# Server prefix:
prefix = /subscription
# Server port:
port = 443
# Set to 1 to disable certificate validation:
insecure = 0
# Set the depth of certs which should be checked
# when validating a certificate
ssl_verify_depth = 3
# Server CA certificate location:
ca_cert_dir = /etc/rhsm/ca/
# an http proxy server to use
proxy_hostname =
# port for http proxy server
proxy_port =
# user name for authenticating to an http proxy, if needed
proxy_user =
# password for basic http proxy auth, if needed
proxy_password =
[rhsm]
# Content base URL:
baseurl= https://cdn.redhat.com
# Default CA cert to use when generating yum repo configs:
repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem
# Where the certificates should be stored
productCertDir = /etc/pki/product
entitlementCertDir = /etc/pki/entitlement
consumerCertDir = /etc/pki/consumer
[rhsmcertd]
# Frequency of certificate refresh (in minutes):
certFrequency = 240
# Frequency of autoheal check (1440 min = 1 day):
healFrequency = 1440

Table 14.7. rhsm.conf Parameters

This parameter only applies to the Subscription Manager GUI. Incompatible subscriptions can be displayed in the CLI by using the --all option with the list command.

Parameter	Description	Default Value
[server] Parameters
hostname	Gives the IP address or fully-qualified domain name of the subscription service.	subscription.rhn.redhat.com
prefix	Gives the directory, in the URL, to use to connect to the subscription service.	/subscription
port	Gives the port to use to connect to the subscription service.	443
insecure	Sets whether to use a secure (0) or insecure (1) connection for connections between the Subscription Manager clients and the subscription service.	0
ssl_verify_depth	Sets how far back in the certificate chain to verify the certificate.	3
proxy_hostname	Gives the hostname of the proxy server. This is required.
proxy_port	Gives the port of the proxy server. This is required.
proxy_user	Gives the user account to use to access the proxy server. This may not be required, depending on the proxy server configuration.
proxy_password	Gives the password credentials to access the proxy server. This may not be required, depending on the proxy server configuration.
ca_cert_dir	Gives the location for the CA certificate for the CA which issued the subscription service's certificates. This allows the client to identify and trust the subscription service for authentication for establishing an SSL connection.	/etc/rhsm/ca
[rhsm] Parameters
baseurl	Gives the full URL to access the content delivery system.	https://cdn.redhat.com
repo_ca_cert	Identifies the default CA certificate to use to set the yum repo configuration.	%(ca_cert_dir)sredhat-uep.pem
showIncompatiblePools	Sets whether to display subscription pools which are not compatible with the system's architecture but which have been purchased by an organization. By default, Subscription Manager only displays subscriptions which are compatible with, and therefore available to, the system.	0
productCertDir	Sets the root directory where the product certificates are stored and can be accessed by Subscription Manager.	/etc/pki/product
consumerCertDir	Sets the directory where the identity certificate for the system is stored and can be accessed by Subscription Manager.	/etc/pki/consumer
entitlementCertDir	Sets the directory where the entitlement certificates for the system are stored and can be accessed by Subscription Manager. Each subscription has its own entitlement certificate.	/etc/pki/entitlement
[rhsmcertd] Parameters
certFrequency	Sets the interval, in minutes, to check and update entitlement certificates used by Subscription Manager.	240
healFrequency	Sets the interval, in minutes, to check for change subscriptions and installed products and to allocate subscriptions, as necessary, to maintain subscription status for all products.	240