HLServer: Server Config

From Headus Docs

Jump to: navigation, search
Cover Page
About HLServer
Linux Server Setup
Windows Server Setup
OS X Server Setup
Server Config
Application Config
The Manager
Adding New Keys
Trouble Shooting
Download PDF
The hlserver.conf file is used to control access to the server and licenses. The standard installation will be fine for most people, but if you want to fine tune things like which users or machines can access which licenses, then you should read the following detailed explanation of the config file.

The simplest config file looks like this: 

PORT    11668
LOG     1
ACC     0
IDLE    0
BOOT    1
SUPER   0
DNS     1
 
GROUP   lan      192.168.0.*
GROUP   Manager  root@lan
 
PRODUCT *        lan
    PORT 
    The server will listen at this port for license requests. There is no restriction on what this number is apart from the obvious one, that it doesn't conflict with ports used by other installed software. If you have a firewall running on the server, then you will need to open up access to this TCP port.
    LOG 
    Set the level of verbosity of the log files.
    ACC 
    Set the level of access to hlmanager for normal users. See The Manager: User Mode for details.
    IDLE 
    Number of hours to wait before killing idle licenses. Idle licenses will occur if a user hibernates or suspends their PC when a license is checked out, or the workstation or network has died, and can result in "zombie" licenses being checked out but not actually used by anyone. 20 hours is probably a safe value, allowing people to legitimately suspend their PCs over night, while also cleaning out zombie licenses at least once a day. Setting this value to "0" turns off the idle license kill. Requires hlserver v2.05+.
    BOOT 
    When a user's license is booted by a manager, this is the number of minutes they are locked out. Setting it to "0" will allow then to re-acquire a license right away if they want to keep working.
    SUPER 
    Set this to "1" to use the "Supervisor" mode. See below for details.
    DNS 
    Turn on hostname resolution in the log files. If you experience delays or timeouts between the client and server, try setting this to "0" to turn off the hostname resolution. IP addresses will be shown in the logs files when turned off.
    GROUP 
    Each line of this section associates a single name with a list of hosts, prefixed with optional user names. In the above simplest case, lan is associated with the IP range for a local area network. The name lan can then be used to refer to all hosts in the LAN.
     
    The * character is a shorthand way of saying 1-255; they both mean the same thing. The * character can also be used to extend to the beginning or end, as in 45-* (equivalent to 45-255) or *-66 (equivalent to 1-66).
     
    The brace characters can be used to surround a list of alternatives, as in {*-45,47,49-*} (everything except 46 and 48).
     
    Hostnames can be used in place of IP ranges, though the list could become quite long if you are serving a large number of hosts. IP ranges are more concise, and will avoid any possible domain name resolution problems.
     
    The special group Manager defines the list of users that can be trusted to run the hlmanager application (see "The Manager" chapter for more details).
     
    Multiple members to a group should be separated by commas, or alternatively, you can define the group multiple times (over multiple lines) to add members.
     
    Image:warning.jpgUsernames are case-sensitive, so the default Windows hlserver.conf, with "GROUP Manager Administrator@lan", wont give access to a user with an "administrator" login.

     
    By the way, there's nothing stopping you from defining *.*.*.* as an IP range. The advantage of this is that all correctly setup clients can access the server without you having to worry about when net or subnet they're on, but the disadvantage is that anyone who has network access to your license server can grab one of your floating licenses.
    PRODUCT 
    In this section you should have a single line for each product that you have floating keys for, or use * to select all products. Follow the product name with a list of hostnames or group names that have access to that product. You can optionally prepend a username, in the form username@host/groupname to further restrict access. If a Windows username has spaces in it, replace those with underscore in the config file (e.g. login "Jill Smith" would need to be written as "Jill_Smith" in the config file).

The following shows a more complex example of a config file. 

PORT              11668
LOG               1
ACC               1
IDLE              6

GROUP   cg-lab    192.168.0.1-23
GROUP   office    fred,barney
GROUP   offsite   112.56.22.{12-15,21}

GROUP   Manager   julie@office,jimbo@cg-lab,root@hlserver

# The above line and these three below do the same thing

GROUP   Manager   julie@office
GROUP   Manager   jimbo@cg-lab
GROUP   Manager   root@hlserver
 
PRODUCT cyslicev3 cg-lab,{phil,jill}@offsite
PRODUCT plyedit   jimbo@cg-lab

Anyone currently logged into a cg-lab machine can request a cyslicev3 license, but only phil or jill can from the handful of offsite machines. Whenever jimbo is logged into a cg-lab machine, he can request a cyslicev3 or plyedit license as well as run the license manager.

[edit] Keys

Floating licenses, stored in the .keys or keys.txt file, look something like this: 

   Products   System         Expire          Num
 # uvlayoutv2 sysid=690ca1ab expire=101226 [000 4]
 8MFP LCDY A0GZ 553N QQ6Z BLMB A1A6 GF1G # 6200
 74QX SEPD GEC4 AK1W QJK8 3E5N 2LLF 345C JQX5 24SA # 6201

You might also have the older style license keys that look like this: 

      <- 21 hex numbers ->   Product   System   Expire Ref#   Num
 #v2# 3a d6 ........ a9 42 # cysurf    690ca1ab never  0920 [001 3]
 #v2# 5d da ........ 32 6a # cyslicev3 690ca1ab never  0921 [001 1]
 #v2# 37 db ........ 71 5b # cyslicev3 690ca1ab 110216 0922 [002 1]

The Product names go into the config products section, System is the sysid of the license server, Expire is when each floating license runs out, Ref# is a database reference number used by the issuer, and Num is the sequence id and number of floating licenses in that key.

In the first example there are 4 uvlayoutv2 floating licenses.

In the second example above, there is 1 cyslicev3 and 3 cysurf floating licenses that will never expire, and 1 additional cyslicev3 license that runs out on the 16th of Feb, 2011. Even though there are multiple cyslicev3 keys, you would normally only have one cyslicev3 access list in the config products section.

[edit] Supervisor Mode

Requires hlserver v2.04+.

Normally HLServer runs as a single process. On the rare occasions that a bug causes this process to crash, the license server will no longer be operating, so users won't be able to get licenses to run their applications.

When in supervisor mode though, there's two processes running. The worker process is the one doing all the work, serving out all the licenses, where the supervisor process is simply watching the worker. If the worker crashes, the supervisor starts up a new worker process.

If combined with supported client software (i.e. UVLayout v2.10.01+) the end user will not know that anything has happened. Earlier client software versions will however still lose their license (from the first worker process) and users will need to re-run their software to get a new license from the new worker process.

Because its a brand new feature, this supervisor mode is turned off by default, and we'd only recommend using it currently if you were experiencing occasional hlserver crashes.

[edit] Partitioning

Requires hlserver v1.15+.

In the examples shown to this point, all licenses for a particular product are available to all the users listed on the PRODUCT line. For example, in the following config file all of the uvlayoutv2 licenses are available to everyone from cg-lab and offsite: 

GROUP   cg-lab    192.168.0.1-23
GROUP   offsite   112.56.22.{12-15,21-*}
 
PRODUCT uvlayoutv2 cg-lab,offsite

With partitioning, you can allocate a different number of licenses to the different groups. In the following example, 10 licenses in total are available (this is determined by your license keys), but 7 have been reserved for users from cg-lab, and 3 for offsite users: 

PRODUCT uvlayoutv2 cg-lab[7],offsite[3]

The number inside the square brackets defines the number of licenses allocated to that group. In the above example, if a fourth offsite user tries to grab a license, they will be denied access, even if none of the cg-lab licenses have been used.

You can also choose to restrict some groups but not others. In the following example, offsite users are restricted to 3 licenses maximum, but cg-lab users could grab all of the 10 licenses if they are free. 

PRODUCT uvlayoutv2 cg-lab,offsite[3]

Another way to define the above partitioning is via the use of negative allocations. In the following example, offsite users can have all but 7 of them, or in other words, cg-lab users are guaranteed to have at least 7 licenses: 

PRODUCT uvlayoutv2 cg-lab,offsite[-7]

[edit] License Key Groups

You can also partition according to license key groups. In the following keys file there are two groups, a pair of permanent keys with an ID of 000, and 4 temp keys with an ID of 001. You can find this information inside the square brackets: 

# hlserver,uvlayoutv2 sysid=5b83f8dd expire=perm [000 2]
R6LZ PF0Q HZ65 8H55 463T E69W 07WF 5R9C # 10395
NTRC 4H24 5R9C 1KZF RJ0Y C0CW 8H55 G1SE 76GZ F6AA # 10396
# uvlayoutv2 sysid=5b83f8dd expire=100602 [001 4]
F913 2LLB 71WC 71FG PF0Q XYPL WAYH HCTQ D7PA 6RAA # 10398

To allocated each of the key groups to different groups within the config file, create multiple PRODUCT lines and append the key group ID to the product name, separated by a period character. In the following example, users from cg-lab are allocated the 2 permanent keys, and users from offsite get the 4 temporary keys: 

PRODUCT uvlayoutv2.000 cg-lab
PRODUCT uvlayoutv2.001 offsite

You can combine all partitioning methods if you wish. In the following example, users from cg-lab are guaranteed their 2 permanent key, but can also grab up to 2 of the temporary keys if they are free. 

PRODUCT uvlayoutv2.000 cg-lab
PRODUCT uvlayoutv2.001 offsite,cg-lab[2]

[edit] Client Side Groups

Requires hlserver v1.16+.

In some environments, such as those using DHCP to assign IPs, partitioning using a static list of IP addresses is not feasible. You might then use usernames to control access, but if people are regularly being moved between projects with different access rights, keeping the config file in sync can be a hassle. In these cases you can use client side groups to control access.

In the following example, two groups are defined with the exact same IP ranges, and then access to the two license key groups is partitioned according to the two group names: 

GROUP   teamA   192.168.0.*
GROUP   teamB   192.168.0.*
 
PRODUCT uvlayoutv2.000 teamA
PRODUCT uvlayoutv2.001 teamB

Just by itself, this config would allow all users access to all licenses, so what you also need to do is allocate users to their groups on the client side via the HEADUS_HLGROUP environment variable. In the above example, setting the value of HEADUS_HLGROUP to "teamA" would then allow that user to access the "uvlayoutv2.000" licenses only.

Under Windows, 'Group Policy Objects' can be used to assign HEADUS_HLGROUP definitions to each user.

Retrieved from "http://www.headus.com/doc/HLServer:_Server_Config"