Starting with VE license server version 1.1.13, the previous information-only web interface has been changed to a management interface. It provides the following functions:
Prerequisites:
- The TCP port used by remote systems to web-based management interface must be permitted on the license server, and by any intermediate firewall.
Default: TCP/8084; an alternative port can be configured in /opt/license_server/config.ini. - TCP port 80 must be available to the license server to redirect HTTP requests to HTTPS. For remote connections, the port must also be permitted through intermediate firewalls. At the time of writing, the redirection only worked when the default port 8084 was used.
- Important: at the time of writing, the web-server component of the license server applications will not start if one of the two ports is already used by another application. This will also prevent the licensing component from starting.
Accessing the Management GUI and Logging in
The web-based management GUI is provided by the license server on TCP port 8084 by default (the port can be changed in /opt/license-server/config.ini; see also Additional Configuration Options - the config.ini File).
Use the following URL in any web browser to access the management GUI:https://<host>:<port>/
where
- host is the name or address of the VE license server, and
- port is the TCP port (8084 by default).
Use localhost as the hostname for accessing the GUI of a license server running on the local system. Example: https://localhost:8084
. Using just http://<license-server-ip>
will redirect to https on the default port.
Please note: any intermediate firewall must allow the TCP port used for the management GUI.
Upon connecting to the URL, a login screen will be displayed.
Default credentials:
- Username: charon
- Password: stromasys
After logging in, you will be presented with a list of menu options on the left pane of the screen and the content of the selected option on the right hand. Please change the default password immediately.
Certificate Warning when Connecting to the Management GUI
When connecting to the VE license server web-based management GUI for the first time, the web browser will issue a warning and inform the user that the connection is not private. This is due to the fact that Stromasys, when creating the installation kit, cannot foresee the actual customer environment. Thus, the SSL certificate included with the license server kit includes a dummy hostname that does not match the real hostname of the customer license server system, and it also contains Stromasys as the certificate authority which is unknown to web-browsers by default.
It is possible to override the warning and connect to the page. Otherwise, users must
- either obtain a certificate for the host from one of the commercial certification authorities, or
- they must create their own self-signed certificate and add it to the web browser.
The new certificates replace the server.pem certificate in /opt/license-server/certs (move the old certificate to a save place).
Steps to create a self-signed certificate:
- Log in as the root user.
- Stop the license server (
# systemctl stop licensed
) - Go to /opt/license-server/certs.
- Move the existing content of the directory to a backup directory.
- Create a root certificate (each command must be entered on one command-line - irrespective of necessary line breaks in this document):
# openssl genrsa -out ca.key.pem 2048
# openssl req -new -key ca.key.pem -out ca.csr -subj "/C=CN/ST=GD/O=STROMASYS/OU=LICENSE/CN=STROMASYS.COM"
# openssl x509 -req -days 7300 -sha256 -extensions v3_ca -signkey ca.key.pem -in ca.csr -out ca.cer
- Create a server certificate:
# openssl genrsa -out servercert.key.pem 2048
# openssl req -new -key servercert.key.pem -out servercert.csr \
-subj "/C=CN/ST=GD/O=STROMASYS/OU=LICENSE/CN=hostname.domain"# openssl x509 -req -extfile <(printf "subjectAltName=DNS:hostname.domain,DNS:hostname.domain") \
-days 7300 -sha256 -CA ca.cer -CAkey ca.key.pem -CAserial ca.srl -CAcreateserial \
-in servercert.csr -out servercert.cer
Replace hostname.domain with the real name of the VE license server system.
- Create the combined server certificate for the license server:
# cp servercert.cer server.pem
# cat servercert.key.pem >> server.pem
- Restart the license server (
# systemctl start licensed
) Import the root CA (ca.cer) into your browser’s Trusted Root Certification Authorities Certificate Store.
Please note: at the time of writing, the custom certificate was overwritten by upgrading or downgrading the license server software. Therefore, make sure to back up you certificate and to restore it after an upgrade or downgrade of the license server.
Displaying the License Information
The first screen after login is the license information screen similar to the one shown below:
It can be selected via the menu on the left (License Information).
Displaying the List of Connected Clients
The client list can be displayed by selecting the Client List option on the left pane. A sample with one connected client is displayed below:
Please note: Charon-PAR license clients cannot inform the license server about the configured number of CPUs and amount of memory. Hence, for these clients, the corresponding fileds in the display will be empty.
Displaying the List of Registered Clients (AutoVE mode)
This option shows clients registered with the AutoVE license servers independent of whether the instance is active.
Updating a License
The license management section can be opened by selecting Update License on the left pane. This will open the license management screen as shown below:
The license management section includes two options:
- Exporting a C2V file (the fingerprint of the license server system)
- Importing a V2C file (the license file created by Stromasys after receiving the C2V file)
The result panes show the result of the operation including any errors that may have occurred.
Exporting a C2V File
As an alternative to the command-line program for C2V export, you can create your C2V file via the management GUI. The section for C2V export has two input fields described below:
Field | Description |
---|---|
License Type | Options:
General VE license mode and AutoVE mode are mutually exclusive. |
Platform | Drop-down menu to select platform on which the license server runs. This list is different depending on the mode in which the VE license server runs: Platforms supported by general VE license mode:
The platform selected must match the platform on which the license server host system runs. |
Platforms supported by AutoVE mode:
The platform selected must match the platform on which the license server host system runs. |
Steps to export a C2V file:
- Enter the correct License Type.
- Select the correct Platform.
- If the chosen platform is VMware ESXi, there will be an additional menu indicated by three dots. Click on this option to open the esxi_bind configuration window.
Enter the IP address and the login information of the ESXi host or vCenter Server to which the license server should bind.
Then press Submit.
Important notes regarding the user on the ESXi host or the vCenter Server:- The username on the vCenter Server can take different forms:
- Simple username
example for web-GUI:myusername
example for esxi_bind command:-u
myusername
- Username includes a domain name in one of the following two formats:
- <domain>\<username>
example for web-GUI:mydomain\myusername
example for esxi_bind command:-u '
mydomain\myusername
' - <username>@<domain>
example for web-GUI:myusername@mydomain
example for esxi_bind command:-u
myusername@mydomain
- <domain>\<username>
- Simple username
The user must have at least the following global permissions (i.e. the permissions cannot be limited to a specific VM):
- Datastore > Allocate Space
- VirtualMachine > Config > AddNewDisk
- VirtualMachine > Config > RemoveDisk
Please note: if username and/or password contain Unix shell meta-characters, these characters must be escaped (enclose the string in single quotes, or add a backslash character in front of the meta-character).
- The username on the vCenter Server can take different forms:
- If the chosen platform is VMware ESXi, there will be an additional menu indicated by three dots. Click on this option to open the esxi_bind configuration window.
- Click on Export to create the C2V file.
- After a successful export, a download option will be displayed that allows you to download the created file to your local system (see below).
Send the C2V file to Stromasys for them to create a license.
Importing a V2C File
In response to the C2V file sent, you will receive two files from Stromasys. One text file containing the license content in human-readable form, and the V2C license file.
You can import the V2C license file using the v2c command-line utility, or you can use the web GUI. In the section Import V2C File perform the following steps:
- Click on Browse to open a file browser.
- Select the V2C file to be imported as shown below.
- Click on Import to import the new/updated license. You will receive a message about the license import being complete. The license server will restart and you have to re-login to the GUI.
- Check the new license via the License Information tab.
Managing Web-GUI Users
The access to the web GUI requires a username and a password. The Users section enable the management of such users. They are separate from the Linux system users.
Default credentials:
- Username: charon
- Password: stromasys
Each user can have one of two roles: Admin or Guest. The role cannot be changed after a user has been created.
Admin users have access to all options. Guest users can only display information and change their password.
The following image shows the initial user overview:
Available options on the Users screen:
- Add User: add a new web GUI user
- Modify: change the password of a user
- Remove: available for additionally created users. Not available for the default user.
Clicking on Add User opens a pop-up-window similar to the following:
You can set the following parameters:
- Username
- Password
- Role (to change the role of a user later, the user must be deleted and recreated)
Click on Submit to create the user.
The following shows a list with two additional users for which the Remove option is also available.
Clicking on Modify will open a window similar to the Add User window - with the difference that only the password change option is enabled.
Resetting a lost Admin Password
If the password of the admin user charon is lost it can be reset via the command-line.
As the root user, use the following command:
# /opt/license-server/license_server -p
You will be prompted for the new password twice.