Skip to content

offline-licensing.md

Latest commit

 

History

History
319 lines (200 loc) · 11.8 KB

offline-licensing.md

File metadata and controls

319 lines (200 loc) · 11.8 KB

Offline Licensing for FactoryTalk® Optix™ (Containers)

Use this guide to activate and rehost licenses in an offline container. We recommend binding persistent volumes so entitlements survive container restarts/crashes.

Important

Once a license is activated in a container, it is tied to that specific container instance. To move the license to another container or host, you must rehost (deactivate) it from the original container first. You cannot directly transfer licenses between different container instances without rehosting.

Prerequisites

  • Docker container running (see container-setup.md)
  • Valid FactoryTalk® Optix™ entitlement key
  • Access to an online machine with FactoryTalk® Optix™ Entitlement CLI installed
  • Persistent volumes configured (recommended)

Understanding Request Files

What is an Activation Request?

An activation request is a file containing specific information needed to activate a license. It must be generated by the offline container's Entitlement Cli. It must be processed by an online platform's Entitlement Cli.

What is a Rehost Request?

A rehost request is a file containing specific information needed to rehost (deactivate, free) a license. It must be generated by the offline container's Entitlement Cli. It must be processed by an online platform's Entitlement Cli.

Activation procedure overview

There are two ways to transfer request and entitlement files between the host and the container:

  1. Recommended: Using mounted persistent volumes to share request and entitlement files between the host and the container
  2. Alternative: Using manual copy procedure to copy request and entitlement files between the host and the container

Mounted Persistent Volumes

This is the recommended way to manage offline licensing in Docker containers, as it allows entitlements and request files to persist across container restarts and be easily accessible from the host machine, simplifying the offline activation and rehosting workflows.

Container Setup with Persistent Volumes

Persistent volumes allow entitlements and request files to survive container restarts and be accessible from the host machine.

Create Host Directories

Before running the container, create the host directories:

sudo mkdir -p /opt/Rockwell_Automation/docker_entitlement
sudo mkdir -p /opt/Rockwell_Automation/docker_request
sudo chmod 755 /opt/Rockwell_Automation/docker_*

Run Container with Mounted Volumes

docker run -itd   -p 49100:49100 -p 50080:80 -e ADMIN_PASSWORD=YourSecurePassword -v /opt/Rockwell_Automation/docker_entitlement:/opt/Rockwell_Automation/entitlement -v /opt/Rockwell_Automation/docker_request:/opt/Rockwell_Automation/request --name optix-runtime-container   optix-runtime-image

Enter the container:

docker exec -it optix-runtime-container /bin/bash

Volume Path Reference

Location Host Path Container Path
Entitlements /opt/Rockwell_Automation/docker_entitlement/ /opt/Rockwell_Automation/entitlement/
Requests /opt/Rockwell_Automation/docker_request/ /opt/Rockwell_Automation/request/

Note

Under Ubuntu and Debian, entitlements are read from /opt/Rockwell_Automation/entitlement/ inside the container. Files written to the container path are automatically accessible on the host via the mounted volume.

Offline Activation Workflow

Use this workflow to activate a license in an offline container.

Step 1: In the Container - Generate Activation Request

Inside the container, generate a request file for your entitlement key:

FTOptixEntitlementCli --offlineActivate --entitlementKey AAAAA-BBBBB-CCCCC-DDDDD-EEEEE --outputActivationRequestFile /opt/Rockwell_Automation/request/

You should see a message like:

Exported the Activation Request file for entitlement AAAAA-BBBBB-CCCCC-DDDDD-EEEEE to /opt/Rockwell_Automation/request/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req

This generates /opt/Rockwell_Automation/request/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req.

This request is visible on the host under /opt/Rockwell_Automation/docker_request/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req

Note

If you get any message like /dev/eei_dir/eeprom: No such file or directory, OPEN ERROR 2, TAG_Open(TA) 0 ERROR: -1110 -1110, or Kubernetes service account token file not found, you can safely ignore it. These messages are expected if the current device does not support those bindings and do not affect the licensing process, a different technique will be used by the licensing tool and the procedure will continue as normal.

Step 2: On an Online Machine - Process Activation Request

Use the FactoryTalk® Optix™ Entitlement CLI on the online host to process the request and obtain the entitlement.

Run the following command on the online machine:

sudo FTOptixEntitlementCli --onlineActivate --activationRequestFile /opt/Rockwell_Automation/docker_request/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req   --outputEntitlementFile /opt/Rockwell_Automation/docker_entitlement

You should see a message like:

Entitlement activated successfully
Entitlement successfully saved

If successful this generates entitlement file which is visible on host under /opt/Rockwell_Automation/docker_entitlement/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.ent.

In the container it should be visible under /opt/Rockwell_Automation/entitlement/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.ent.

Step 3: In the Container - Verify Entitlement

As the entitlement volume for docker is mounted, the entitlement should be automatically visible in the container. Verify the installed entitlements with:

FTOptixEntitlementCli --showInstalledEntitlement

You should see your entitlement in the list:

AAAAA-BBBBB-CCCCC-DDDDD-EEEEE

Check the details of your specific entitlement:

FTOptixEntitlementCli --showDetails --entitlementKey AAAAA-BBBBB-CCCCC-DDDDD-EEEEE

You should see details about the entitlement similar to:

Entitlement Key: AAAAA-BBBBB-CCCCC-DDDDD-EEEEE
Status: Valid
Entitlement Type: optix-runtime-s
Host Type: Container
Tenant ID: 12345678901234567890123456789012
CPU Architecture: x86
Operating system: Linux

Offline Rehost Workflow

Use this workflow to free an activated license for usage on other instance.

Step 1: In the Container - Create Rehost Request

Inside the container, generate a rehost request file for your entitlement key:

FTOptixEntitlementCli --rehost   --entitlementKey AAAAA-BBBBB-CCCCC-DDDDD-EEEEE   --outputRehostRequestFile /opt/Rockwell_Automation/request/

You should see a message like:

Exported the Rehost Request file for entitlement AAAAA-BBBBB-CCCCC-DDDDD-EEEEE to /opt/Rockwell_Automation/request/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req

This request is visible on the host under /opt/Rockwell_Automation/docker_request/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req

Step 2: On an Online Machine - Process Rehost Request

Run the following command on the online machine:

sudo FTOptixEntitlementCli --rehost   --rehostRequestFile /opt/Rockwell_Automation/docker_request/AAAA-BBBBB-CCCCC-DDDDD-EEEEE.req

You should see a message like:

Entitlement rehosted successfully

Step 3: In the Container - Confirm Rehost

Check the details of your specific entitlement to confirm the rehost was successful:

FTOptixEntitlementCli --showDetails --entitlementKey AAAAA-BBBBB-CCCCC-DDDDD-EEEEE

You should see that the entitlement is not found:

Entitlement not found

Manual licensing files transfer

This is an alternative way to manage offline licensing in Docker containers, using docker cp to manually copy request and entitlement files between the host and the container. It is less convenient than using mounted persistent volumes, but can be used if volume mounting is not possible.

Container setup without Persistent Volumes

In this setup, we need no special configuration when running the container.

Run Container

docker run -itd   -p 49100:49100   -p 50080:80   -e ADMIN_PASSWORD=YourSecurePassword --name optix-runtime-container   optix-runtime-image

Enter the container:

docker exec -it optix-runtime-container /bin/bash

Offline Activation Workflow

Use this workflow to activate a license in an offline container.

Step 1: In the Container - Generate Activation Request

Inside the container, generate a request file for your entitlement key:

FTOptixEntitlementCli --offlineActivate   --entitlementKey AAAAA-BBBBB-CCCCC-DDDDD-EEEEE   --outputActivationRequestFile /docker/example/activation/request/path

You should see a message like:

Exported the Activation Request file for entitlement AAAAA-BBBBB-CCCCC-DDDDD-EEEEE to /docker/example/activation/request/path/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req

This generates /example/docker/activation/request/path/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req inside container filesystem.

We have to copy this file to the host machine.

Step 2: Copy Activation Request to Host

On the host machine run

docker cp optix-runtime-container:/docker/example/activation/request/path/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req /host/example/activation/request/path/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req

Step 3: On an Online Machine - Process Activation Request

Use the FactoryTalk® Optix™ Entitlement CLI on the online host to process the request and obtain the entitlement.

Run the following command on the online machine:

sudo FTOptixEntitlementCli --onlineActivate   --activationRequestFile /host/example/activation/request/path/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req   --outputEntitlementFile /host/example/activation/entitlement/path

You should see a message like:

Entitlement activated successfully
Entitlement successfully saved

If successful this generates entitlement file which is visible on host under /host/example/activation/entitlement/path/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.ent.

Step 4: Copy License From Host to Docker Container

On the host machine run

docker cp /host/example/activation/entitlement/path/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.ent optix-runtime-container:/docker/example/activation/entitlement/path/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.ent

Remember that entitlement files must be located in /opt/Rockwell_Automation/entitlement/ inside the container for it to be visible to the licensing system.

Offline Rehost Workflow

Use this workflow to free an activated license for usage on other instance.

Step 1: In the Container - Create Rehost Request

Inside the container, generate a rehost request file for your entitlement key:

FTOptixEntitlementCli --rehost   --entitlementKey AAAAA-BBBBB-CCCCC-DDDDD-EEEEE   --outputRehostRequestFile /docker/example/rehost/request/path

You should see a message like:

Exported the Rehost Request file for entitlement AAAAA-BBBBB-CCCCC-DDDDD-EEEEE to /docker/example/rehost/request/path/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req

This generates /docker/example/rehost/request/path/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req inside container filesystem.

We have to copy this file to the host machine.

Step 2: Copy Rehost Request to Host

On the host machine run

docker cp optix-runtime-container:/docker/example/rehost/request/path/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req /host/example/rehost/request/path/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req

Step 3: On an Online Machine - Process Rehost Request

Run the following command on the online machine:

sudo FTOptixEntitlementCli --rehost   --rehostRequestFile /host/example/rehost/request/path/AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.req

You should see a message like:

Entitlement rehosted successfully