Advanced steps for getting a license
This section describes steps for getting a license in corner cases when the default way of getting one is not available.
If Kubernetes API server certificate is updated
On-Premise license is linked to the Kubernetes API server certificate. When the certificate is updated, you must get a new license.
Note
To avoid service downtime, you can get a new license for a new Kubernetes API server certificate in advance. The License service will identify the new license automatically when the certificate is updated.
If the service is operating
- Get a new Kubernetes API server certificate from your infrastructure administrator.
- In the S3 storage, open the license-dir directory.
- Open the subdirectory with the highest number.
- Replace
k8s-ca.crt
with the new certificate file without changing the file name. - Get a new license.
If the service downtime has started
-
In the S3 storage, open the license-dir directory.
-
Open the subdirectory with the highest number.
-
If the directory contains the
license.txt
file:-
Contact the On-Premise support service to partially revoke your license on the Urbi side. Wait for the confirmation that the license is partially revoked.
Important
Do not go to the next step and do not delete any files before you receive the confirmation from the On-Premise support service.
-
Remove the
license.txt
file and go to the next step.
If the
license.txt
file is missing, go to the next step. -
-
For versions 1.29.0 or higher:
- Remove the old
k8s-ca.crt
certificate file. - Relaunch all license service pods.
- Get a new license.
- Relaunch all license service pods.
- Remove the old
-
For versions lower than 1.29.0:
-
Get a new Kubernetes API server certificate:
To get a certificate, contact your infrastructure administrator or find a pod with the
automountServiceAccountToken: true
parameter set in the specification (for example, this parameter is present in all maps API pods if this service is installed in your On-Premise environment) and run the following command:cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-
In the S3 storage, open the license-dir directory.
-
Open the subdirectory with the highest number.
-
Replace
k8s-ca.crt
with the new certificate file without changing the file name. -
Relaunch all license service pods.
-
If data for storing License service states is lost
Each license is specific for the environment where On-Premise is installed. If data of the storage of the License service states (see persistence
settings in the configuration file for installing the license service) is lost, you cannot use the current license or get a new one following the default steps.
Do the following instead:
-
Contact the On-Premise support service to revoke your license on the Urbi side. Wait for the confirmation that the license is revoked.
Important
Do not go to the next step and do not delete any files before you receive the confirmation from the On-Premise support service.
-
Remove the license service from the environment where On-Premise is installed.
-
In the S3 storage, remove all contents of the license-dir directory except the
type
file (stored in the directory root).If the
type
file is accidentally removed, you can recover it using thedgctl pull
command with the--only-license
argument. If the environment does not have a host with internet access, use an additional host to copy files. -
Install the license service and get a new license following the default steps.
If a node with the running license service is lost
Only for the licensing type 2 (
license.type: 2
in the configuration file for installing the license service).
For the licensing type 2, a license is specific for physical nodes where the license service is running. If one of the nodes is lost, follow the steps below to get a new license:
-
Contact the On-Premise support service to revoke your license on the Urbi side. Wait for the confirmation that the license is revoked.
Important
Do not go to the next step and do not delete any files before you receive the confirmation from the On-Premise support service.
-
In the S3 storage, remove the license-dir/1 directory.
-
Add a new physical node for running the license service and update the setup so that the license service appears on the new node.
-
Copy the missing
csr-N.csr
andcsr-N.signature
files from the license-dir subdirectory with the highest number to license-dir/1.N
in file names is 0 or 1 depending on which node is lost. -
In the S3 storage, remove all directories except license-dir/1.
-
Relaunch all license service pods.
If a key or licensing type is changed
The state of the license service depends on the key and the licensing type. If the key or the type is changed, the old state becomes invalid and interrupts further service operation. Do the following steps:
-
Remove the license service from the environment where On-Premise is installed.
-
(If the key is not changed) Contact the On-Premise support service to revoke your license on the Urbi side. Wait for the confirmation that the license is revoked.
-
In the S3 storage, remove all contents of the license-dir directory except the
type
file (stored in the directory root).If the
type
file is accidentally removed, you can recover it using thedgctl pull
command with the--only-license
argument. If the environment does not have a host with internet access, use an additional host to copy files. -
Remove the directory with data for storing License service states.
-
Install the license service and get a new license following the default steps.