In this section:

Introduction

Two distributions of License Server are available:

  • A self-deployed distribution packaged with its own Apache Tomcat server
  • A web archive (.war) distribution for deploying to your own servlet container

Both distributions include the User Administration module (pstsec), which enables you to manage user access to Parasoft applications and license tokens.

Host Requirements

The License Server host machine should meet the following minimum hardware requirements:

  • RAM: 2GB
  • Disk space: 1GB
  • Operating System: 64-bit operating systems are supported, including:
    • Windows Server 2016
    • Windows Server 2019
    • Windows Server 2022
    • Windows 10
    • Windows 11
    • Linux distributions that support 64-bit Java Runtime Environments (for example, Ubuntu 14.04, 14.10, or RHEL Server 6.x)

The are no additional requirements for the self-deployed distribution.

A distribution with Linux kernel 3.10 or above is required to use the v2 license (beta). 

Web Archive Deployment Requirements

Your environment should meet the following requirements to deploy the .war distribution:

  • The host machine should meet the Host Requirements
  • Linux or Windows (64-bit only)
  • Tomcat 9.0.x configured for SSL over port 8443. Refer to the Apache Tomcat documentation for details on configuring Tomcat: Apache Tomcat SSL/TLS Configuration HOW-TO topic
  • Java 8 - License Server has been tested with the following distributions:
    • Oracle JDK
    • Zulu OpenJDK

IP Address Formats

IPv4 and IPv6 addresses are supported.

License Server Structure

The License Server distribution contains an app directory and a data directory. This structure facilitates greater reliability when deploying License Server to containerized systems, such as Docker.  

  • The app directory contains the Tomcat server, startup and shutdown scripts, and other files responsible for running License Server.
  • The data directory contains log files, configuration files, and other files responsible for ensuring that License Server runs as intended.  

Installing the Self-deployed License Server Distribution

  1. Extract the contents of the installation package to any location. The <LS_INSTALL>/app directory includes the JRE, Tomcat, and scripts for starting and stopping the server.
  2. Run the startLS script as an administrator to launch License Server. The application will run on the Tomcat server shipped in the installation package.
  3. Open a browser and go to one of the following URLs to access the License Server interface:
    • http://<HOST>:8080/licenseserver 
    • https://<HOST>:8443/licenseserver 
  4. Log into License Server using the default  user name and password (admin/admin). We recommend changing the default once you log in.

Run the stopLS script located in the 'license-server' directory to stop License Server.

Installing a License Server Windows Service

In addition to installing the self-deployed License Server distribution as described above, you can also install a Windows Service for the License Server.

  1. Navigate to the <LS_INSTALL>/app directory created when you installed the self-deployed License Server distribution above.
  2. Run the installLSService script as an administrator.

When run, the script will create an executable (ParasoftLicenseServerService.exe) in the <LS_INSTALL>/app directory for the Windows Services Manager to use, then configure a new Windows Service called ParasoftLicenseServerService with the Services display name of "Parasoft License Server Service" and a Startup Type of "Automatic," then start the service.

To remove the service, run the uninstallLSService script in the <LS_INSTALL>/app directory as an administrator.

Deploying License Server to a Custom Tomcat Server

Extract the contents of the distribution archive and copy the licenseserver.war and pstsec.war files into your <TOMCAT>/webapps directory. The applications will be deployed when Tomcat starts.

Log into License Server at https://<host>:8443/licenseserver using the default username and password (admin/admin). We recommend changing the default after logging in.

Log into User Administration at https://<host>:8443/pstsec using the default username and password (admin/admin). We recommend changing the default after logging in.

In some cases, the default value for the maxHttpHeaderSize attribute for the Tomcat connector is insufficient. It is recommended that maxHttpHeaderSize be set to at least 16384 (16 KB).

Deploying Licenser Server In Docker

You can download a ready-to-use License Server container image from Docker Hub: https://hub.docker.com/r/parasoft/lss.

To deploy License Server in Docker, follow the process outlined below.

First, you need to create a docker volume called "parasoft-volume" as shown below.

docker volume create parasoft-volume

Then start License Server.  Please note the following:

  • Certain conditions must be met for the machineId to remain the same when new containers are started. Those conditions are:
    • The container must be created and started with the root user.
    • The docker socket must be mounted.
    • The docker volume "parasoft-volume" created previously must be mounted.
  • LSS_DATA_DIR:/var/opt/parasoft/data
    • Mount persistent volume at LSS_DATA_DIR.

An example of starting License Server with these considerations is shown below.

docker run -d --name lss --user root:root -p 8080:8080 -p 8444:8443 -v /var/run/docker.sock:/var/run/docker.sock -v parasoft-volume:/mnt/parasoft -v LSS_DATA_DIR:/usr/local/parasoft/license-server/data LSS_DOCKER_IMAGE

Deploying License Server in Kubernetes

To deploy License Server in Kubernetes, follow the directions described below.

Deploying multiple License Servers in Kubernetes is not supported with this version. Support is limited to a single instance of License Server running in a Kubernetes cluster.

Prerequisites

First, you will need a Kubernetes cluster. After starting the cluster, create the accounts and namespaces for the License Server pod and related resources. An example of a yaml file that might be used to for this purpose is shown below.

parasoft-permissions.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: parasoft-namespace
---
# Stable access for clients to license server
kind: Service
apiVersion: v1
metadata:
  name: parasoft-service
  namespace: parasoft-namespace
spec:
  selector:
    tag: parasoft-service
  ports:
    - name: https
      port: 443
      protocol: TCP
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: parasoft-account
  namespace: parasoft-namespace
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: parasoft-namespace-role
  namespace: parasoft-namespace
rules:
- apiGroups:
  - "*"
  resources:
  - "*"
  verbs:
  - "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: parasoft-read-role
rules:
- apiGroups:
  - ""
  resources:
  - nodes
  - namespaces
  verbs:
  - get
  - read
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: parasoft-read-bind
  namespace: parasoft-namespace
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: parasoft-read-role
subjects:
- kind: ServiceAccount
  name: parasoft-account
  namespace: parasoft-namespace
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: parasoft-namespace-bind
  namespace: parasoft-namespace
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: parasoft-namespace-role
subjects:
- kind: ServiceAccount
  name: parasoft-account
  namespace: parasoft-namespace

Use your yaml file to create those accounts and namespaces before creating the License Server environment:

kubectl create -f parasoft-permissions.yaml

You should see something similar to the output below in your console:

namespace/parasoft-namespace created
service/parasoft-service created
serviceaccount/parasoft-account created
role.rbac.authorization.k8s.io/parasoft-namespace-role created
clusterrole.rbac.authorization.k8s.io/parasoft-read-role created
clusterrolebinding.rbac.authorization.k8s.io/parasoft-read-bind created
rolebinding.rbac.authorization.k8s.io/parasoft-namespace-bind created

The "parasoft-namespace" namespace defined in the provided configuration is required and we recommend using the "parasoft-permissions.yaml" as it is documented. The service account used by the License Server Pod requires access to the "parasoft-namespace" namespace, therefore if you choose to create a custom permissions configuration that has different names for the resources defined in the provided permissions configuration, then a namespace with the name "parasoft-namespace" must also be created. If this namespace requirement is not met, License Server will treat any license installed as invalid.

Create the License Server environment

To create the License Server environment, you will first need a yaml file that defines a secret (optional), a volume, a pod, and a service (optional). The secret is used to pull the License Server image from the repository. The pod is set up to run a License Server container configured with a volume to persist data and a liveness probe for the container health. The service makes License Server accessible via external clients by allocating ports in the node and mapping them to ports in the pod. An example yaml file called "parasoft-lss.yaml" is shown below. This example uses an NFS volume, but that is not required; use the volume type that fits your needs best.

parasoft-lss.yaml
apiVersion: v1
kind: Pod
metadata:
  name: lss
  namespace: parasoft-namespace
  labels:
    app: LSS
spec:
  volumes:
    - name: lss-data
      nfs:
        server: NFS_SERVER_HOST
        path: /lss/
  containers:
    - name: lss-server
      image: LSS_DOCKER_IMAGE
      imagePullPolicy: Always
      ports:
        - containerPort: 8080
          name: "http-server"
        - containerPort: 8443
          name: "https-server"
      volumeMounts:
        - mountPath: "/usr/local/parasoft/license-server/data"
          name: lss-data
      livenessProbe:
        exec:
          command:
          - healthcheck.sh
        initialDelaySeconds: 120
        periodSeconds: 30
        failureThreshold: 5
        timeoutSeconds: 5
  restartPolicy: Always
  serviceAccountName: parasoft-account
  imagePullSecrets:
    - name: YOUR_SECRET
---
apiVersion: v1
kind: Service
metadata:
  name: lss
  namespace: parasoft-namespace
spec:
  type: NodePort
  selector:
    app: LSS
  ports:
    - port: 8080
      name: PORT_NAME_1
      nodePort: XXXXX
    - port: 8443
      name: PORT_NAME_2
      nodePort: XXXXX
 
# SERVICE CONFIG NOTES:
# 'name' can be whatever you want
# 'nodePort' must be between 30000-32768
# 'spec.selector' must match 'metadata.labels' in pod config

Use the yaml file to create the LSS environment:

kubectl create -f parasoft-lss.yaml

To access the UI on a web browser, use the node ports allocated in the service definition as the address (for example, NODE_HOST:NODE_PORT).

HASP Key Support

You can install Parasoft software on different machines and use a USB HASP Key to provide a machine ID when connecting to License Server. The USB dongle provides a stable machine ID for License Server so that the rest of the hardware can be changed without needing to request new licenses from Parasoft. Contact your Parasoft representative for additional information. 

Enabling HASP Key on Windows

  1. Run the stopLS.bat script located in the <LS_INSTALL>/app directory to stop Tomcat Server.

  2. Open stopLS.bat file in an editor and add the -DuseExternalLock=true argument to the JAVA_OPTS configuration:

    set JAVA_OPTS=%JAVA_OPTS% -DuseExternalLock=true 
  3. Run the startLS.bat script located in the <LS_INSTALL>/app directory to start Tomcat Server.

When the USB HASP key is removed, the machine ID will revert to the original ID. As a result, License Server will no longer provide licenses.

Enabling HASP Key on Linux

  1. Run the stopLS.sh script located in the <LS_INSTALL>/app directory to stop Tomcat Server.

  2. Open stopLS.sh file in an editor and add the -DuseExternalLock=true argument to the JAVA_OPTS configuration:

    export JAVA_OPTS=%JAVA_OPTS% -DuseExternalLock=true 
  3. By default, USB devices are configured with 66* permissions, but USB HASP keys require 666. Locate the udev.rules file responsible for USB devices on your Linux distribution and modify the usb_device entry to use MODE="0666". On Ubuntu 18.04, for example, the configuration would be set in the 50-udev-default.rules file located in the /lib/udev/rules.d/ directory. 

  4. Execute the following command:

    udevadm control --reload-rules 

  5. Plug the USB HASP key into your machine. If the USB HASP key is already plugged in, run the following command as the root user to programmatically insert key:

    udevadm trigger 
  6. Run the startLS.sh script located in the <LS_INSTALL>/app directory to start Tomcat Server. 

When the USB HASP key is removed, the machine ID will revert to the original ID. As a result, License Server will no longer provide licenses.

  • No labels

Need assistance? Visit our support page