License service | On‑Premise | 2GIS Documentation
On‑Premise

Advanced steps for getting a license

This section describes steps for getting a license in corner cases when the default way of getting one is not available.

On-Premise license is linked to the Kubernetes API server certificate. When the certificate is updated, you must get a new license.

Note

To avoid service downtime, you can get a new license for a new Kubernetes API server certificate in advance. The License service will identify the new license automatically when the certificate is updated.

  1. Get a new Kubernetes API server certificate:

    To get a certificate, contact your infrastructure administrator or find a pod with the automountServiceAccountToken: true parameter set in the specification (for example, this parameter is present in all maps API pods if this service is installed in your On-Premise environment) and run the following command:

    cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
    
  2. In the S3 storage, open the license-dir directory.

  3. Open the subdirectory with the highest number.

  4. Replace k8s-ca.crt with the new certificate file without changing the file name.

  5. Get a new license.

  1. In the S3 storage, open the license-dir directory.

  2. Open the subdirectory with the highest number.

  3. If the directory contains the license.txt file:

    1. Contact the On-Premise support service to partially revoke your license on the Urbi side. Wait for the confirmation that the license is partially revoked.
    2. Remove the license.txt file and go to the next step.

    If the license.txt file is missing, go to the next step.

  4. For versions 1.29.0 or higher:

    1. Relaunch all license service pods.
    2. Get a new license.
  5. For versions lower than 1.29.0:

    1. Get a new Kubernetes API server certificate:

      To get a certificate, contact your infrastructure administrator or find a pod with the automountServiceAccountToken: true parameter set in the specification (for example, this parameter is present in all maps API pods if this service is installed in your On-Premise environment) and run the following command:

      cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
      
    2. In the S3 storage, open the license-dir directory.

    3. Open the subdirectory with the highest number.

    4. Replace k8s-ca.crt with the new certificate file without changing the file name.

    5. Get a new license.

    6. Relaunch all license service pods.

Each license is specific for the environment where On-Premise is installed. If data of the storage of the License service states (see persistence settings in the configuration file for installing the license service) is lost, you cannot use the current license or get a new one following the default steps.

Do the following instead:

  1. Contact the On-Premise support service to revoke your license on the Urbi side. Wait for the confirmation that the license is revoked.

  2. Remove the license service from the environment where On-Premise is installed.

  3. In the S3 storage, remove all contents of the license-dir directory except the type file (stored in the directory root).

    If the type file is accidentally removed, you can recover it using the dgctl pull command with the --only-license argument. If the environment does not have a host with internet access, use an additional host to copy files.

  4. Install the license service and get a new license following the default steps.

Only for the licensing type 2 (license.type: 2 in the configuration file for installing the license service).

For the licensing type 2, a license is specific for physical nodes where the license service is running. If one of the nodes is lost, follow the steps below to get a new license:

  1. Contact the On-Premise support service to revoke your license on the Urbi side. Wait for the confirmation that the license is revoked.

  2. In the S3 storage, remove the license-dir/1 directory.

  3. Add a new physical node for running the license service and update the setup so that the license service appears on the new node.

  4. Copy the missing csr-N.csr and csr-N.signature files from the license-dir subdirectory with the highest number to license-dir/1.

    N in file names is 0 or 1 depending on which node is lost.

  5. In the S3 storage, remove all directories except license-dir/1.

  6. Get a new license.

  7. Relaunch all license service pods.

The state of the license service depends on the key and the licensing type. If the key or the type is changed, the old state becomes invalid and interrupts further service operation. Do the following steps:

  1. Remove the license service from the environment where On-Premise is installed.

  2. (If the key is not changed) Contact the On-Premise support service to revoke your license on the Urbi side. Wait for the confirmation that the license is revoked.

  3. In the S3 storage, remove all contents of the license-dir directory except the type file (stored in the directory root).

    If the type file is accidentally removed, you can recover it using the dgctl pull command with the --only-license argument. If the environment does not have a host with internet access, use an additional host to copy files.

  4. Remove the directory with data for storing License service states.

  5. Install the license service and get a new license following the default steps.