How to solve license autoloading fail with license_path in config

Avatar
Owen Zhang
  • Updated

Introduction

As of Vault versions 1.8+, a new mechanism for managing licenses was introduced: License Autoloading.

Previously, licenses needed to be written into Vault storage with PUT sys/license API. Today, this functionality has now been deprecated.

 

Background

Autoloading can be done using one of these methods below:

    • VAULT_LICENSE environment variable
    • VAULT_LICENSE_PATH environment variable
    • license_path in config

https://developer.hashicorp.com/vault/docs/enterprise/license/autoloading

Each methods won't be conflicted with each other, while they have their own priority level. If autoloading is used, any existing stored license will be ignored, it is recommended to remove the stored license use DELETE API.


Autoloading precedence is as follows:

VAULT_LICENSE environment variable >VAULT_LICENSE_PATH environment variable>license_path in config.

 

The use of a file license_path could be more convenient and easier to maintain with less chances for any disruptions that may be brought about as a result of a Vault license needing to be updated. Here is an analysis about advantages and disadvantage between each license methods. 

 

Procedure

  1. Verify license running: vault read sys/license

    • vault returns expiration_time, features, license_id, performance_standby_count.

  2. Verify license status by running:vault read sys/license/status

    • list autoloading_used true/false, if value is false, then license is not configured correctly.
    • vault will show a warning if autoloading_used value is false:
    "WARNING! The following warnings were returned from Vault:

not using autoloaded license, this option will be deprecated in future"

  3. Save vault license string separately in a file, for example license.hclic

  4. Open vault config file and then add license_path parameter with path to license file. For example, license_path = "./license.hclic", then save config file.

  5. Shut down then restart vault with config file, command vault server -config=vault_config.hcl

    Successfully load license:

    ==> Vault server configuration:
...
...
...
==> Vault server started! Log data will stream in below:
2021-09-21T11:54:21.571-0400 [INFO] Core: using autoloaded license: license="{"license_id":"xxxxxx-xxxx-xxxx-xxx-xxxxxxxx",...}

  6. After vault unseal and login, verify with vault read sys/license/status

    vault should return autoloading_used true

Articles in this section

See more

Related articles