License service | On-Premise | 2GIS Documentation

Advanced steps for getting a license

This section describes steps for getting a license in corner cases when the default way of getting one is not available.

On-Premise license is linked to the Kubernetes API server certificate. When updating the certificate, you must get a new license:

  1. Get a new Kubernetes API server certificate:

    To get a certificate, contact your infrastructure administrator or find a pod with the automountServiceAccountToken: true parameter set in the specification (for example, this parameter is present in all maps API pods if this service is installed in your On-Premise environment) and run the following command:

    cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
    
  2. In the S3 storage, open the license-dir directory.

  3. Open the subdirectory with the highest number.

  4. Replace k8s-ca.crt with the new certificate file without changing the file name.

  5. Get a new license.

  6. Relaunch all license service pods.

Note

To avoid service downtime, you can get a new license for a new Kubernetes API server certificate in advance. The License service will identify the new license automatically when the certificate is updated.

If after updating the Kubernetes API server certificate you got a new license for an old certificate, the steps above are invalid in your case. To get a new license for the new certificate, do the following:

  1. Contact the On-Premise support service to partially revoke your license on the Urbi side. Wait for the confirmation that the license is partially revoked.
  2. In the S3 storage, open the license-dir directory.
  3. Open the subdirectory with the highest number and remove the license.txt file.
  4. In the same subdirectory, replace k8s-ca.crt with the new certificate file without changing the file name.
  5. Get a new license.
  6. Relaunch all license service pods.

If the On-Premise environment contains two hosts with different access options (S3 and internet), you can do all steps on the host with internet access. Generating files for requesting a license is not required.

Each license is specific for the environment where On-Premise is installed. If data of the storage of the License service states (see persistence settings in the configuration file for installing the license service) is lost, you cannot use the current license or get a new one following the default steps.

Do the following instead:

  1. Contact the On-Premise support service to revoke your license on the Urbi side. Wait for the confirmation that the license is revoked.

  2. Remove the license service from the environment where On-Premise is installed.

  3. In the S3 storage, remove all contents of the license-dir directory except the type file (stored in the directory root).

    If the type file is accidentally removed, you can recover it using the dgctl pull command with the --only-license argument. If the environment does not have a host with internet access, use an additional host to copy files.

  4. Install the license service and get a new license following the default steps.

Only for the licensing type 2 (license.type: 2 in the configuration file for installing the license service).

For the licensing type 2, a license is specific for physical nodes where the license service is running. If one of the nodes is lost, follow the steps below to get a new license:

  1. Contact the On-Premise support service to revoke your license on the Urbi side. Wait for the confirmation that the license is revoked.

  2. In the S3 storage, remove the license-dir/1 directory.

  3. Add a new physical node for running the license service and update the setup so that the license service appears on the new node.

  4. Copy the missing csr-N.csr and csr-N.signature files from the license-dir subdirectory with the highest number to license-dir/1.

    N in file names is 0 or 1 depending on which node is lost.

  5. In the S3 storage, remove all directories except license-dir/1.

  6. Get a new license.

  7. Relaunch all license service pods.

The state of the license service depends on the key and the licensing type. If the key or the type is changed, the old state becomes invalid and interrupts further service operation. Do the following steps:

  1. Remove the license service from the environment where On-Premise is installed.

  2. (If the key is not changed) Contact the On-Premise support service to revoke your license on the Urbi side. Wait for the confirmation that the license is revoked.

  3. In the S3 storage, remove all contents of the license-dir directory except the type file (stored in the directory root).

    If the type file is accidentally removed, you can recover it using the dgctl pull command with the --only-license argument. If the environment does not have a host with internet access, use an additional host to copy files.

  4. Remove the directory with data for storing License service states.

  5. Install the license service and get a new license following the default steps.