Licensing the Anjuna Nitro Runtime
The Anjuna Nitro Runtime requires a license file. Licenses are signed YAML files and verify that you are authorized to use the Anjuna Nitro Runtime for a certain time period.
License types and expiration
A license may have two types. The type of license is represented by the kind
field in the license
file. A trial-type license is used for proof-of-concept projects and trials, while a
licensed-type license is used for up-and-running software that serves your development, testing,
and production environments.
You cannot build or run an enclave without a license present.
For trial-type licenses, running enclaves will terminate if the license has expired. You cannot start an enclave if the license has expired.
For licensed-type licenses, running enclaves will not terminate when the license expires in order to avoid impacting your customers. New enclaves will also continue to start even if the license has expired. Use of an expired licensed-type license will produce log messages like this:
The license for CUSTOMER expired on September 13, 2022 Contact Anjuna Sales Team at sales@anjuna.io to obtain a license
AWS Nitro licenses are valid for any version of the Anjuna Nitro Runtime, but not any other runtime platform like the Anjuna Runtime for IntelĀ® SGX Enclaves.
Get your license
Visit the Anjuna Resource Center to download your license file. Your license file is associated with your Anjuna Resource Center account.
Here is an example of a license file. If the kind
type or expires
date is not as expected,
please contact sales@anjuna.io.
version: v1 license: kind: licensed products: [nitro] issued: 2022-08-12T02:48:28Z expires: 2022-08-18T23:59:59Z enforced: true anjuna-contact: name: Anjuna Sales Team email: sales@anjuna.io account: name: Anjuna Customer email: customer@example.com --- signature: | -----BEGIN SIGNATURE----- MGYCMQD4VH52JN6oaiWOWPxMsLdSSJ9WcxI68krcvoJHFV9tII6/jMxvlgq2h5TM QMRIzagCMQC063PQmGKR5UEDRoaOKuq6wFy18uxaeOrvJ2Y1u+6zA+UTEbaG2+Tp nxcHV+BZZfk= -----END SIGNATURE----- certificate: | ----BEGIN CERTIFICATE---- MIICHzCCAaSgAwIBAgIBADAKBggqhkjOPQQDAzBwMQswCQYDVQQGEwJVUzELMAkG A1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEYMBYGA1UEChMPQW5qdW5hIFNl Y3VyaXR5MRIwEAYDVQQLEwlMaWNlbnNpbmcxEjAQBgNVBAMTCWFuanVuYS5pbzAe Fw0yMjA2MzAwNjQ1MzVaFw0yMjA5MzAwNjQ1MzVaMHAxCzAJBgNVBAYTAlVTMQsw CQYDVQQIEwJDQTESMBAGA1UEBxMJUGFsbyBBbHRvMRgwFgYDVQQKEw9Bbmp1bmEg U2VjdXJpdHkxEjAQBgNVBAsTCUxpY2Vuc2luZzESMBAGA1UEAxMJYW5qdW5hLmlv MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEn7J6Lw3OdfA4Q/k0HMoLneDY7S5wjnhm 3T9aZErr9rEDZivt0UxiyRD7lMJB5Uph2cBERAW0aJKJWEaKP9nCdreTxcJDNCee /atDkOChBuik1pCLWZKN00qh4cKb5W1XoxIwEDAOBgNVHQ8BAf8EBAMCB4AwCgYI KoZIzj0EAwMDaQAwZgIxAMocm1SQt42d4JkDy0Q1/wXZGpP5gLzr3PBod/bZXamx ZYj5zv3xmVMzebZDg8CRtwIxAIFDf22vVsqYID13e58bdJ8uUqD6zWvoMvUEO4wv ZHATPLY3Mnwn6TDKUkyXYATZkA== ----END CERTIFICATE----
Use your license
A license is activated by placing the file onto the AWS Nitro EC2 instance at the
default path /opt/anjuna/license.yaml
. You can use the environment variable
ANJUNA_LICENSE_PATH to
configure a different location for the license.
For EKS, you will need to create a Kubernetes secret for the license file. The Anjuna Nitro Webhook will mount the license file automatically to your Pod. See Licensing the Anjuna Nitro Runtime for an Anjuna Nitro Pod for details.
Upon successful activation, you will see a line similar to the following in the enclave logs:
Licensed to Anjuna customer until July 13, 2023
Renew your license
After signing a new contract or extending an existing one, you can visit the Anjuna Resource Center to download a new license file.
The new license can be used to start new enclaves. See Use your license for details on how to do this.
You can also renew the license of a running enclave by putting the new license at the same path that you used when starting the enclave, or by updating the Kubernetes secret, which is volume mounted to the enclave Pod. The Anjuna Runtime will automatically detect the new license and extend the term.
If the new license is invalid, then the Anjuna Nitro Runtime may terminate the running enclave. To prevent unexpected downtime, try using the new license to start an enclave on a different host before replacing the old license file for a running enclave. |