docs: updated content in the overview page and faq

This commit is contained in:
Karl Cardenas 2021-06-11 07:46:14 -10:00
parent 7688e9e257
commit be72c5f851
2 changed files with 48 additions and 19 deletions

View File

@ -11,7 +11,7 @@ Consul Enterprise automatically loads Consul licenses when the server agent star
## Q: Can I get a quick summary of the Consul changes? ## Q: Can I get a quick summary of the Consul changes?
Starting with Consul Enterprise v1.10.0, the license enablement process is different. Starting with Consul Enterprise 1.10.0, the license enablement process is different.
HashiCorp Enterprise servers will no longer start without a license. Servers require licenses to be provided from either an environment variable or file. HashiCorp Enterprise servers will no longer start without a license. Servers require licenses to be provided from either an environment variable or file.
If the license is missing, invalid, or expired, the server will immediately exit. If the license is missing, invalid, or expired, the server will immediately exit.
@ -26,7 +26,7 @@ Please visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutor
## Q: What resources are available? ## Q: What resources are available?
The list below is a great starting point for learning more about the license changes introduced in Consul Enterprise v1.10.0+ent. The list below is a great starting point for learning more about the license changes introduced in Consul Enterprise 1.10.0+ent.
- [Consul Enterprise Upgrade Documentation](https://www.consul.io/docs/enterprise/upgrades) - [Consul Enterprise Upgrade Documentation](https://www.consul.io/docs/enterprise/upgrades)
@ -38,19 +38,19 @@ The list below is a great starting point for learning more about the license cha
## Q: Do these changes impact all customers/licenses? ## Q: Do these changes impact all customers/licenses?
The license changes introduced in v1.10.0 only affect Consul Enterprise. The license changes introduced in 1.10.0 only affect Consul Enterprise.
This impacts customers that have an enterprise binary (evaluation or non-evaluation licenses) downloaded from <releases.hashicorp.com>. This impacts customers that have an enterprise binary (evaluation or non-evaluation licenses) downloaded from https://releases.hashicorp.com.
The license changes do not impact customers with the baked-in licensed binaries. In a later release of Consul Enterprise, baked-in binaries will be deprecated. The license changes do not impact customers with the baked-in licensed binaries. In a later release of Consul Enterprise, baked-in binaries will be deprecated.
## Q: What is the product behavior change introduced by the licensing changes? ## Q: What is the product behavior change introduced by the licensing changes?
Starting with Consul Enterprise 1.10.0, a valid license is required on-disk (auto-loading) or as an environment variable for Consul Enterprise to successfully boot-up. Starting with Consul Enterprise 1.10.0, a valid license is required on-disk (auto-loading) or as an environment variable for Consul Enterprise to successfully boot-up.
The in-storage license feature will not be supported starting with Consul Enteprise v1.10.0+ent. All Consul Enterprise clusters using v1.10.0+ent must ensure that there is a valid license on-disk (auto-loaded) or as an environment variable. The in-storage license feature will not be supported starting with Consul Enteprise 1.10.0+ent. All Consul Enterprise clusters using 1.10.0+ent must ensure that there is a valid license on-disk (auto-loaded) or as an environment variable.
## Q: What is the impact on evaluation licenses due to this change? ## Q: What is the impact on evaluation licenses due to this change?
The 6-hour trial period for evaluation licenses will be deprecated as of Consul Enterprise 1.10.0. The 6-hour trial period for evaluation licenses will be deprecated as of Consul Enterprise 1.10.0.
This means that any clusters deployed with Consul v1.10.0+ent binaries will need to have a valid license on the disk (auto-loaded) or as an environment variable. This means that any clusters deployed with Consul 1.10.0+ent binaries will need to have a valid license on the disk (auto-loaded) or as an environment variable.
Failure to provide a valid license key will result in the Consul server agent not starting. Failure to provide a valid license key will result in the Consul server agent not starting.
## Q: Is there a grace period when licenses expire? ## Q: Is there a grace period when licenses expire?
@ -63,7 +63,7 @@ As Consul Enterprise approaches the expiration date, warnings will be issued in
For existing clusters, if the clients agents are using ACLs and have a valid token, then they will be able to retrieve the license from the server. For existing clusters, if the clients agents are using ACLs and have a valid token, then they will be able to retrieve the license from the server.
If the client agents are not using ACLs, then the client agents will be need to have the license on-disk (auto-loading) or as an environment variable. If the client agents are not using ACLs, then the client agents will be need to have the license on-disk (auto-loading) or as an environment variable.
For new Consul clusters using Consul v1.10.0+ent, customers must ensure that there is a valid license on-disk (auto-loaded) or as an environment variable. For new Consul clusters using Consul 1.10.0+ent, customers must ensure that there is a valid license on-disk (auto-loaded) or as an environment variable.
## Q: Does this affect snapshot agents? ## Q: Does this affect snapshot agents?
@ -75,10 +75,10 @@ Consul server agents will detect the absence of the license and immediately exit
Consul client agents will attempt to retrieve the license from servers if certain conditions are met: Consul client agents will attempt to retrieve the license from servers if certain conditions are met:
* ACLs are enabled. - ACLs are enabled.
* An ACL token is provided to the client agent. - An ACL token is provided to the client agent.
* The client agents configuration contains `start_join/retry_join` addresses. - The client agents configuration contains `start_join/retry_join` addresses.
* The start/retry join addresses are addresses of the Consul servers. - The start/retry join addresses are addresses of the Consul servers.
Consul snapshot agents will attempt to retrieve the license from servers if certain conditions are met: ACLs are enabled, a ACL token is provided to the client agent, the client agents configuration contains `start_join/retry_join` addresses, the start/retry join addresses are addresses of the Consul servers. Consul snapshot agents will attempt to retrieve the license from servers if certain conditions are met: ACLs are enabled, a ACL token is provided to the client agent, the client agents configuration contains `start_join/retry_join` addresses, the start/retry join addresses are addresses of the Consul servers.
@ -96,34 +96,53 @@ This will not impact HCP Consul.
## Q: Does this need to happen every time a node restarts, or is this a one-time check? ## Q: Does this need to happen every time a node restarts, or is this a one-time check?
Consul Enterprise binaries starting with v1.10.0+ent, will be subject to EULA check. Release v1.10.0+ent introduces the EULA check for evaluation licenses (non-evaluation licenses already go through EULA check during contractual agreement). Consul Enterprise binaries starting with 1.10.0+ent, will be subject to EULA check. Release 1.10.0+ent introduces the EULA check for evaluation licenses (non-evaluation licenses already go through EULA check during contractual agreement).
The agreement to a EULA happens only once (when the user gets their license), Consul Enterprise **will check for the presence of a valid license every time a node restarts**. The agreement to a EULA happens only once (when the user gets their license), Consul Enterprise **will check for the presence of a valid license every time a node restarts**.
When a customer upgrades existing clusters to a v1.10.0+ent release, they need to have a valid license to successfully upgrade. This valid license must be auto-loaded. When a customer upgrades existing clusters to a 1.10.0+ent release, they need to have a valid license to successfully upgrade. This valid license must be auto-loaded.
When a customer deploys new clusters to a v1.10.0+ent release, they need to have a valid license to successfully upgrade. This valid license must be on-disk (auto-loaded). When a customer deploys new clusters to a 1.10.0+ent release, they need to have a valid license to successfully upgrade. This valid license must be on-disk (auto-loaded).
## Q: What are the scenarios that a customer must plan for because of these changes? ## Q: What are the scenarios that a customer must plan for because of these changes?
New Consul cluster deployments using v1.10.0+ent will need to have a valid license to successfully deploy. New Consul cluster deployments using 1.10.0+ent will need to have a valid license to successfully deploy.
This valid license must be on-disk (auto-loaded) or as an environment variable. This valid license must be on-disk (auto-loaded) or as an environment variable.
## Q: What is the migration path for customers who want to migrate from their existing license-as-applied-via-the-CLI flow to the license on disk flow? ## Q: What is the migration path for customers who want to migrate from their existing license-as-applied-via-the-CLI flow to the license on disk flow?
### VM
1. Run [`consul license get -signed`](/commands/license#get) to extract the license from their running cluster. Store the license in a secure location on disk. 1. Run [`consul license get -signed`](/commands/license#get) to extract the license from their running cluster. Store the license in a secure location on disk.
1. Set up the necessary configuration so that when Consul Enterprise reboots it will have access to the required license. This could be via the client agent configuration file or an environment variable. 1. Set up the necessary configuration so that when Consul Enterprise reboots it will have access to the required license. This could be via the client agent configuration file or an environment variable.
1. Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key. 1. Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key.
1. Proceed with the upgrade as normal. 1. Proceed with the upgrade as normal.
### Kubernetes
1. Run [`consul license get -signed`](/commands/license#get) to extract the license from their running cluster. Store the license in a secure location on disk.
1. Set up the necessary configuration so that when Consul Enterprise reboots it will have access to the required license. This could be via the client agent configuration file or an environment variable.
1. Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key.
1. Proceed with the `helm` [upgrade instructions](/docs/k8s/upgrade)
## Q: What is the migration path for customers who want to migrate from their existing perpetually-licensed binaries to the license on disk flow? ## Q: What is the migration path for customers who want to migrate from their existing perpetually-licensed binaries to the license on disk flow?
### VM
1. Acquire a valid Consul Enterprise license. If you are an existing HashiCorp enterprise customer you may contact your organization's customer success manager (CSM) or email support-softwaredelivery@hashicorp.com for information on how to get your organization's enterprise license. 1. Acquire a valid Consul Enterprise license. If you are an existing HashiCorp enterprise customer you may contact your organization's customer success manager (CSM) or email support-softwaredelivery@hashicorp.com for information on how to get your organization's enterprise license.
1. Store the license in a secure location on disk. 1. Store the license in a secure location on disk.
1. Set up the necessary configuration so that when Consul Enterprise reboots it will have the required license. This could be via the client agent configuration file or an environment variable. 1. Set up the necessary configuration so that when Consul Enterprise reboots it will have the required license. This could be via the client agent configuration file or an environment variable.
1. Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key. 1. Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key.
1. Proceed with the upgrade as normal. 1. Proceed with the upgrade as normal.
### Kubernetes
1. Acquire a valid Consul Enterprise license. If you are an existing HashiCorp enterprise customer you may contact your organization's customer success manager (CSM) or email support-softwaredelivery@hashicorp.com for information on how to get your organization's enterprise license.
1. Store the license in a secure location on disk.
1. Set up the necessary configuration so that when Consul Enterprise reboots it will have the required license. This could be via the client agent configuration file or an environment variable.
1. Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key.
1. Proceed with the `helm` [upgrade instructions](/docs/k8s/upgrade)
## Q: Will Consul downgrades/rollbacks work? ## Q: Will Consul downgrades/rollbacks work?
When downgrading to a version of Consul before v1.10.0+ent, customers will need to follow the previous process for applying an enterprise licenses to Consul Enterprise. When downgrading to a version of Consul before 1.10.0+ent, customers will need to follow the previous process for applying an enterprise licenses to Consul Enterprise.

View File

@ -12,13 +12,15 @@ All Consul Enterprise agents must be licensed when they are started. Where that
on which binary is in use, whether the agent is a server, client or snapshot agent and whether ACLs have been on which binary is in use, whether the agent is a server, client or snapshot agent and whether ACLs have been
enabled for the cluster. enabled for the cluster.
-> ** Consul Enterprise v1.10.0 removed temporary licensing.** In previous versions Consul Enterprise -> ** Consul Enterprise 1.10.0 removed temporary licensing.** In previous versions Consul Enterprise
agents could start without a license and then have a license applied to them later on via the CLI agents could start without a license and then have a license applied to them later on via the CLI
or API. That functionality has been removed and replaced with the ability to load licenses from the or API. That functionality has been removed and replaced with the ability to load licenses from the
agent's configuration or environment. Also prior to v1.10.0 server agents would automatically propagate agent's configuration or environment. Also prior to 1.10.0 server agents would automatically propagate
the license between themselves. This no longer occurs and the license must be present on each server the license between themselves. This no longer occurs and the license must be present on each server
when they are started. when they are started.
-> Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?in=consul/enterprise) for detailed steps on how to install the license key.
### Binaries with Built In Licenses ### Binaries with Built In Licenses
If you are downloading Consul from Amazon S3, then the license is included If you are downloading Consul from Amazon S3, then the license is included
@ -33,7 +35,7 @@ When using these binaries no further action is necessary to configure the licens
### Binaries Without Built In Licenses ### Binaries Without Built In Licenses
For binaries that do not include built in licenses a license must be available at the time the agent starts. For Consul Enterprise 1.10.0 or greater, binaries that do not include built in licenses a license must be available at the time the agent starts.
For server agents this means that they must either have the [`license_path`](/docs/agent/options#license_path) For server agents this means that they must either have the [`license_path`](/docs/agent/options#license_path)
configuration set or have a license configured in the servers environment with the `CONSUL_LICENSE` or configuration set or have a license configured in the servers environment with the `CONSUL_LICENSE` or
`CONSUL_LICENSE_PATH` environment variables. Both the configuration item and the `CONSUL_LICENSE_PATH` `CONSUL_LICENSE_PATH` environment variables. Both the configuration item and the `CONSUL_LICENSE_PATH`
@ -56,10 +58,18 @@ request but the token doesn't need any particular permissions. As the license is
actually joins the cluster, where to make those RPC requests to is inferred from the [`start_join`](/docs/agent/opts#start_join) actually joins the cluster, where to make those RPC requests to is inferred from the [`start_join`](/docs/agent/opts#start_join)
or [`retry_join`](/docs/agent/opts#retry_join) configurations. If those are both unset or no or [`retry_join`](/docs/agent/opts#retry_join) configurations. If those are both unset or no
[`agent` token](/docs/agent/opts#acl_tokens_agent) is set then the client agent will immediately shut itself down. [`agent` token](/docs/agent/opts#acl_tokens_agent) is set then the client agent will immediately shut itself down.
If all preliminary checks pass the client agent will attempt to reach out to any server on its RPC port to If all preliminary checks pass the client agent will attempt to reach out to any server on its RPC port to
request the license. These requests will be retried for up to 5 minutes and if it is unable to retrieve a request the license. These requests will be retried for up to 5 minutes and if it is unable to retrieve a
license within that time frame it will shut itself down. license within that time frame it will shut itself down.
If ACLs are disabled then the license must be provided to the client agent through one of the three methods listed below.
Failure in providing the client agent with a licence will prevent the client agent from joining the cluster.
1. `CONSUL_LICENSE` environment variable
2. `CONSUL_LICENSE_PATH` environment variable
3. `license_path` configuration item.
#### Snapshot Agent License Retrieval #### Snapshot Agent License Retrieval
The snapshot agent has similar functionality to the client agent for automatically retrieving the license. However, The snapshot agent has similar functionality to the client agent for automatically retrieving the license. However,