/etc/rhsm/rhsm.conf是Red Hat Subscription Manager (RHSM) 的配置文件,用于管理 Red Hat 系统的订阅和软件仓库。以下是关键配置项解析:
bash
#/etc/rhsm/rhsm.conf参考
[root@localhost ~]# cat /etc/rhsm/rhsm.conf
# Red Hat Subscription Manager Configuration File:
# Unified Entitlement Platform Configuration
[server]
# Server hostname:
hostname = subscription.rhsm.redhat.com
# Server prefix:
prefix = /subscription
# Server port:
port = 443
# Set to 1 to disable certificate validation:
insecure = 0
# Set the depth of certs which should be checked
# when validating a certificate
ssl_verify_depth = 3
# an http proxy server to use
proxy_hostname =
# The scheme to use for the proxy when updating repo definitions, if needed
# e.g. http or https
proxy_scheme = http
# port for http proxy server
proxy_port =-1
# user name for authenticating to an http proxy, if needed
proxy_user =
# password for basic http proxy auth, if needed
proxy_password =
# host/domain suffix blocklist for proxy, if needed
no_proxy =
[rhsm]
# Content base URL:
baseurl = https://cdn.redhat.com
# Repository metadata GPG key URL:
repomd_gpg_url =
# Server CA certificate location:
ca_cert_dir = /etc/rhsm/ca/
# Default CA cert to use when generating yum repo configs:
repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem
# Where the certificates should be stored
productCertDir = /etc/pki/product
entitlementCertDir = /etc/pki/entitlement
consumerCertDir = /etc/pki/consumer
# Manage generation of yum repositories for subscribed content:
manage_repos = 0
# Refresh repo files with server overrides on every yum command
full_refresh_on_yum = 0
# If set to zero, the client will not report the package profile to
# the subscription management service.
report_package_profile = 1
# The directory to search for subscription manager plugins
pluginDir = /usr/share/rhsm-plugins
# The directory to search for plugin configuration files
pluginConfDir = /etc/rhsm/pluginconf.d
# Manage automatic enabling of yum/dnf plugins (product-id, subscription-manager)
auto_enable_yum_plugins = 1
# Run the package profile on each yum/dnf transaction
package_profile_on_trans = 0
# Inotify is used for monitoring changes in directories with certificates.
# Currently only the /etc/pki/consumer directory is monitored by the
# rhsm.service. When this directory is mounted using a network file system
# without inotify notification support (e.g. NFS), then disabling inotify
# is strongly recommended. When inotify is disabled, periodical directory
# polling is used instead.
inotify = 1
[rhsmcertd]
# Interval to run cert check (in minutes):
certCheckInterval = 240
# Interval to run auto-attach (in minutes):
autoAttachInterval = 1440
# If set to zero, the checks done by the rhsmcertd daemon will not be splayed (randomly offset)
splay = 1
# If set to 1, rhsmcertd will not execute.
disable = 0
# Set to 1, when rhsmcerd will try to do automatic registration.
# Setting this option make sense only on machines running on public
# clouds. Currently only AWS, Azure and GCP are supported
auto_registration = 0
# Interval to run auto-registration (in minutes):
auto_registration_interval = 60
[logging]
default_log_level = INFO
# subscription_manager = DEBUG
# subscription_manager.managercli = DEBUG
# rhsm = DEBUG
# rhsm.connection = DEBUG
# rhsm-app = DEBUG配置文件整体结构
RHSM 配置文件采用 INI 格式,分为几个主要段落(section):
[server]- 连接 Red Hat 订阅服务器[rhsm]- 本地订阅和仓库管理行为[rhsmcertd]- 后台守护进程的行为[logging]- 日志级别
核心配置说明
[server] - 连接配置
- hostname :
subscription.rhsm.redhat.com- Red Hat 官方订阅服务器 - insecure = 0 - 启用 SSL 证书验证(安全)
- proxy_* - 代理配置均为空,表示直接连接
[rhsm] - 内容管理
-
baseurl :
https://cdn.redhat.com- Red Hat 官方内容分发网络(CDN)的地址 -
ca_cert_dir :
/etc/rhsm/ca/- CA 证书存放目录 -
manage_repos = 0 - 重要:不自动管理 yum 仓库配置
-
entitlementCertDir :
/etc/pki/entitlement- 订阅证书存储位置 -
consumerCertDir :
/etc/pki/consumer- 客户端身份证书存放位置 -
productCertDir :
/etc/pki/product- 产品证书存放位置这些路径的作用:
/etc/pki/entitlement/- 存储你购买的订阅证书(证明你有权访问某些仓库)/etc/pki/consumer/- 存储系统的唯一身份证书(证明这台机器已注册)/etc/rhsm/ca/- 存储红帽的根证书(用于验证服务器身份)
[rhsmcertd] - 守护进程配置
- certCheckInterval = 240 - 每 4 小时检查证书
- autoAttachInterval = 1440 - 每 24 小时自动附加订阅
- disable = 0 - 守护进程启用中
配置文件优先级说明
/etc/rhsm/rhsm.conf (主配置,最高优先级)
↓
subscription-manager config 命令修改
↓
影响所有 RHSM 组件:
- rhsmcertd 守护进程
- yum/dnf 插件行为
- redhat.repo 生成逻辑重要 :手动编辑 /etc/rhsm/rhsm.conf 虽然也可以,但强烈建议使用 subscription-manager config 命令,因为:
- 命令会进行参数验证
- 命令会正确处理配置文件的格式和权限
- 某些参数修改后需要重启服务,命令会给出提示