HashiCorp Developer AI Private beta now available Sign up today
Consul
Consul Home

You are viewing documentation for version v1.16.x. View latest version.

Consul License

Command: consul license

Enterprise

This feature requires Consul Enterprise(opens in new tab).

The license command provides a list of all datacenters that use the Consul Enterprise license applied to the current datacenter.

Warning: Consul 1.10.0 removed the ability to set and reset the license using the CLI. See the licensing documentation for more information about Consul Enterprise license management.

If ACLs are enabled then a token with operator privileges may be required in order to use this command. Requests are forwarded internally to the leader if required, so this can be run from any Consul node in a cluster. See the ACL Guide for more information.

Usage: consul license <subcommand> [options] [args]

  This command has subcommands for managing the Consul Enterprise license
  Here are some simple examples, and more detailed examples are
  available in the subcommands or the documentation.

  Install a new license from a file:

      $ consul license put @consul.license

  Install a new license from stdin:

      $ consul license put -

  Install a new license from a string:

      $ consul license put "<license blob>"

  Retrieve the current license:

      $ consul license get

  Inspect a license:

      $ consul license inspect "<path to license file>"

  Reset the current license:

      $ consul license reset

  For more examples, ask for subcommand help or view the documentation.

Subcommands:
    get        Get the active license
    inspect    Inspect a signed license
    put        Puts a new license in the datacenter
    reset      Resets the license in the datacenter

inspect

This command inspects and validates a license. Just like a Consul agent it can load the license from a file on disk or from the CONSUL_LICENSE and CONSUL_LICENSE_PATH environment variables.

Usage: consul license inspect [<options>] [<license file>]

Inspect a license contained in a file:

$ consul license inspect consul.hclic

Inspect a license loaded from the environment:

$ consul license inspect

This will look at the CONSUL_LICENSE environment variable first and if not present then we will look for the file specified by the CONSUL_LICENSE_PATH environment variable.

The output looks like this:

Source: /consul/config/consul.hclic (path from the CONSUL_LICENSE_PATH environment variable)
Product: consul
License ID: 6089174b-a713-74cf-4c8d-856b86f1ce50
Customer ID: 7c020610-60a2-7ccb-c210-20d899e5f3b4
Installation ID: *
Issue Time: 2020-09-14 19:45:56.212195875 +0000 UTC
Start Time: 2020-09-14 00:00:00 +0000 UTC
Expiration Time: 2021-09-14 23:59:59.999 +0000 UTC
Termination Time: 2021-09-14 23:59:59.999 +0000 UTC
Modules:
        Global Visibility, Routing and Scale
        Governance and Policy
Features:
        Automated Backups
        Automated Upgrades
        Enhanced Read Scalability
        Network Segments
        Redundancy Zone
        Advanced Network Federation
        Namespaces
        SSO
        Audit Logging
        Admin Partitions

License is valid

put

Deprecated The ability to manage the cluster's license via the CLI was removed in Consul 1.10. While the CLI command still exists it will always return an error. This command will be fully removed in a future release.

Corresponding HTTP API Endpoint: [PUT] /v1/operator/license

This command sets the Consul Enterprise license.

The table below shows this command's required ACLs. Configuration of blocking queries and agent caching are not supported from commands, but may be from the corresponding HTTP endpoint.

ACL Required
operator:write

Usage: consul license put [options] LICENSE

The output looks like this:

License is valid
License ID: 2afbf681-0d1a-0649-cb6c-333ec9f0989c
Customer ID: 0259271d-8ffc-e85e-0830-c0822c1f5f2b
Expires At: 2019-05-22 03:59:59.999 +0000 UTC
Datacenter: *
Package: premium
Licensed Features:
        Automated Backups
        Automated Upgrades
        Enhanced Read Scalability
        Network Segments
        Redundancy Zone
        Advanced Network Federation

API Options

  • -ca-file=<value> - Path to a CA file to use for TLS when communicating with Consul. This can also be specified via the CONSUL_CACERT environment variable.

  • -ca-path=<value> - Path to a directory of CA certificates to use for TLS when communicating with Consul. This can also be specified via the CONSUL_CAPATH environment variable.

  • -client-cert=<value> - Path to a client cert file to use for TLS when verify_incoming is enabled. This can also be specified via the CONSUL_CLIENT_CERT environment variable.

  • -client-key=<value> - Path to a client key file to use for TLS when verify_incoming is enabled. This can also be specified via the CONSUL_CLIENT_KEY environment variable.

  • -http-addr=<addr> - Address of the Consul agent with the port. This can be an IP address or DNS address, but it must include the port. This can also be specified via the CONSUL_HTTP_ADDR environment variable. In Consul 0.8 and later, the default value is http://127.0.0.1:8500, and https can optionally be used instead. The scheme can also be set to HTTPS by setting the environment variable CONSUL_HTTP_SSL=true. This may be a unix domain socket using unix:///path/to/socket if the agent is configured to listen that way.

  • -tls-server-name=<value> - The server name to use as the SNI host when connecting via TLS. This can also be specified via the CONSUL_TLS_SERVER_NAME environment variable.

  • -token=<value> - ACL token to use in the request. This can also be specified via the CONSUL_HTTP_TOKEN environment variable. If unspecified, the query will default to the token of the Consul agent at the HTTP address.

  • -token-file=<value> - File containing the ACL token to use in the request instead of one specified via the -token argument or CONSUL_HTTP_TOKEN environment variable. This can also be specified via the CONSUL_HTTP_TOKEN_FILE environment variable.

  • -datacenter=<name> - Name of the datacenter to query. If unspecified, the query will default to the datacenter of the Consul agent at the HTTP address.

  • -stale - Permit any Consul server (non-leader) to respond to this request. This allows for lower latency and higher throughput, but can result in stale data. This option has no effect on non-read operations. The default value is false.

get

Corresponding HTTP API Endpoint: [GET] /v1/operator/license

This command gets the Consul Enterprise license. If the leader hasn't been updated with the newer license, the followers will display the outdated license in their GET output.

The table below shows this command's required ACLs. Configuration of blocking queries and agent caching are not supported from commands, but may be from the corresponding HTTP endpoint.

ACL Required
none

Usage: consul license get [options]

The output looks like this:

License is valid
License ID: 2afbf681-0d1a-0649-cb6c-333ec9f0989c
Customer ID: 0259271d-8ffc-e85e-0830-c0822c1f5f2b
Expires At: 2019-05-22 03:59:59.999 +0000 UTC
Datacenter: *
Package: premium
Licensed Features:
        Automated Backups
        Automated Upgrades
        Enhanced Read Scalability
        Network Segments
        Redundancy Zone
        Advanced Network Federation

API Options

  • -ca-file=<value> - Path to a CA file to use for TLS when communicating with Consul. This can also be specified via the CONSUL_CACERT environment variable.

  • -ca-path=<value> - Path to a directory of CA certificates to use for TLS when communicating with Consul. This can also be specified via the CONSUL_CAPATH environment variable.

  • -client-cert=<value> - Path to a client cert file to use for TLS when verify_incoming is enabled. This can also be specified via the CONSUL_CLIENT_CERT environment variable.

  • -client-key=<value> - Path to a client key file to use for TLS when verify_incoming is enabled. This can also be specified via the CONSUL_CLIENT_KEY environment variable.

  • -http-addr=<addr> - Address of the Consul agent with the port. This can be an IP address or DNS address, but it must include the port. This can also be specified via the CONSUL_HTTP_ADDR environment variable. In Consul 0.8 and later, the default value is http://127.0.0.1:8500, and https can optionally be used instead. The scheme can also be set to HTTPS by setting the environment variable CONSUL_HTTP_SSL=true. This may be a unix domain socket using unix:///path/to/socket if the agent is configured to listen that way.

  • -tls-server-name=<value> - The server name to use as the SNI host when connecting via TLS. This can also be specified via the CONSUL_TLS_SERVER_NAME environment variable.

  • -token=<value> - ACL token to use in the request. This can also be specified via the CONSUL_HTTP_TOKEN environment variable. If unspecified, the query will default to the token of the Consul agent at the HTTP address.

  • -token-file=<value> - File containing the ACL token to use in the request instead of one specified via the -token argument or CONSUL_HTTP_TOKEN environment variable. This can also be specified via the CONSUL_HTTP_TOKEN_FILE environment variable.

  • -datacenter=<name> - Name of the datacenter to query. If unspecified, the query will default to the datacenter of the Consul agent at the HTTP address.

  • -stale - Permit any Consul server (non-leader) to respond to this request. This allows for lower latency and higher throughput, but can result in stale data. This option has no effect on non-read operations. The default value is false.

reset

Deprecated The ability to manage the cluster's license via the CLI was removed in Consul 1.10. While the CLI command still exists it will always return an error. This command will be fully removed in a future release.

Corresponding HTTP API Endpoint: [DELETE] /v1/operator/license

Resets license for the datacenter to the one builtin in Consul binary, if it is still valid. If the builtin license is invalid, the current one stays active.

The table below shows this command's required ACLs. Configuration of blocking queries and agent caching are not supported from commands, but may be from the corresponding HTTP endpoint.

ACL Required
operator:write

Usage: consul license reset [options]

The output looks like this:

License is valid
License ID: 2afbf681-0d1a-0649-cb6c-333ec9f0989c
Customer ID: 0259271d-8ffc-e85e-0830-c0822c1f5f2b
Expires At: 2019-05-22 03:59:59.999 +0000 UTC
Datacenter: *
Package: premium
Licensed Features:
        Automated Backups
        Automated Upgrades
        Enhanced Read Scalability
        Network Segments
        Redundancy Zone
        Advanced Network Federation

API Options

  • -ca-file=<value> - Path to a CA file to use for TLS when communicating with Consul. This can also be specified via the CONSUL_CACERT environment variable.

  • -ca-path=<value> - Path to a directory of CA certificates to use for TLS when communicating with Consul. This can also be specified via the CONSUL_CAPATH environment variable.

  • -client-cert=<value> - Path to a client cert file to use for TLS when verify_incoming is enabled. This can also be specified via the CONSUL_CLIENT_CERT environment variable.

  • -client-key=<value> - Path to a client key file to use for TLS when verify_incoming is enabled. This can also be specified via the CONSUL_CLIENT_KEY environment variable.

  • -http-addr=<addr> - Address of the Consul agent with the port. This can be an IP address or DNS address, but it must include the port. This can also be specified via the CONSUL_HTTP_ADDR environment variable. In Consul 0.8 and later, the default value is http://127.0.0.1:8500, and https can optionally be used instead. The scheme can also be set to HTTPS by setting the environment variable CONSUL_HTTP_SSL=true. This may be a unix domain socket using unix:///path/to/socket if the agent is configured to listen that way.

  • -tls-server-name=<value> - The server name to use as the SNI host when connecting via TLS. This can also be specified via the CONSUL_TLS_SERVER_NAME environment variable.

  • -token=<value> - ACL token to use in the request. This can also be specified via the CONSUL_HTTP_TOKEN environment variable. If unspecified, the query will default to the token of the Consul agent at the HTTP address.

  • -token-file=<value> - File containing the ACL token to use in the request instead of one specified via the -token argument or CONSUL_HTTP_TOKEN environment variable. This can also be specified via the CONSUL_HTTP_TOKEN_FILE environment variable.

  • -datacenter=<name> - Name of the datacenter to query. If unspecified, the query will default to the datacenter of the Consul agent at the HTTP address.

  • -stale - Permit any Consul server (non-leader) to respond to this request. This allows for lower latency and higher throughput, but can result in stale data. This option has no effect on non-read operations. The default value is false.