»Consul License
Command: consul license
This feature requires Consul Enterprise.
The license command provides a datacenter-level view of the Consul Enterprise license. This was added
in Consul 1.1.0 but Consul 1.10.0 removed the ability to set and reset the license using the CLI.
See the licensing documentation for more information about
Consul Enterprise license management.
If ACLs are enabled then a token with operator privileges may be required in order to use this command. Requests are forwarded internally to the leader if required, so this can be run from any Consul node in a cluster. See the ACL Guide for more information.
»inspect
This command inspects and validates a license. Just like a Consul agent it
can load the license from a file on disk or from the CONSUL_LICENSE and
CONSUL_LICENSE_PATH environment variables.
Usage: consul license inspect [<options>] [<license file>]
Inspect a license contained in a file:
Inspect a license loaded from the environment:
This will look at the CONSUL_LICENSE environment variable first and if not present then we will look for the file specified by the CONSUL_LICENSE_PATH environment variable.
The output looks like this:
»put
Deprecated The ability to manage the cluster's license via the CLI was removed in Consul 1.10. While the CLI command still exists it will always return an error. This command will be fully removed in a future release.
This command sets the Consul Enterprise license.
Usage: consul license put [options] LICENSE
»API Options
-
-ca-file=<value>- Path to a CA file to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CACERTenvironment variable. -
-ca-path=<value>- Path to a directory of CA certificates to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CAPATHenvironment variable. -
-client-cert=<value>- Path to a client cert file to use for TLS whenverify_incomingis enabled. This can also be specified via theCONSUL_CLIENT_CERTenvironment variable. -
-client-key=<value>- Path to a client key file to use for TLS whenverify_incomingis enabled. This can also be specified via theCONSUL_CLIENT_KEYenvironment variable. -
-http-addr=<addr>- Address of the Consul agent with the port. This can be an IP address or DNS address, but it must include the port. This can also be specified via theCONSUL_HTTP_ADDRenvironment variable. In Consul 0.8 and later, the default value is http://127.0.0.1:8500, and https can optionally be used instead. The scheme can also be set to HTTPS by setting the environment variableCONSUL_HTTP_SSL=true. This may be a unix domain socket usingunix:///path/to/socketif the agent is configured to listen that way. -
-tls-server-name=<value>- The server name to use as the SNI host when connecting via TLS. This can also be specified via theCONSUL_TLS_SERVER_NAMEenvironment variable. -
-token=<value>- ACL token to use in the request. This can also be specified via theCONSUL_HTTP_TOKENenvironment variable. If unspecified, the query will default to the token of the Consul agent at the HTTP address. -
-token-file=<value>- File containing the ACL token to use in the request instead of one specified via the-tokenargument orCONSUL_HTTP_TOKENenvironment variable. This can also be specified via theCONSUL_HTTP_TOKEN_FILEenvironment variable.
-
-datacenter=<name>- Name of the datacenter to query. If unspecified, the query will default to the datacenter of the Consul agent at the HTTP address. -
-stale- Permit any Consul server (non-leader) to respond to this request. This allows for lower latency and higher throughput, but can result in stale data. This option has no effect on non-read operations. The default value is false.
The output looks like this:
»get
This command gets the Consul Enterprise license.
Usage: consul license get [options]
»API Options
-
-ca-file=<value>- Path to a CA file to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CACERTenvironment variable. -
-ca-path=<value>- Path to a directory of CA certificates to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CAPATHenvironment variable. -
-client-cert=<value>- Path to a client cert file to use for TLS whenverify_incomingis enabled. This can also be specified via theCONSUL_CLIENT_CERTenvironment variable. -
-client-key=<value>- Path to a client key file to use for TLS whenverify_incomingis enabled. This can also be specified via theCONSUL_CLIENT_KEYenvironment variable. -
-http-addr=<addr>- Address of the Consul agent with the port. This can be an IP address or DNS address, but it must include the port. This can also be specified via theCONSUL_HTTP_ADDRenvironment variable. In Consul 0.8 and later, the default value is http://127.0.0.1:8500, and https can optionally be used instead. The scheme can also be set to HTTPS by setting the environment variableCONSUL_HTTP_SSL=true. This may be a unix domain socket usingunix:///path/to/socketif the agent is configured to listen that way. -
-tls-server-name=<value>- The server name to use as the SNI host when connecting via TLS. This can also be specified via theCONSUL_TLS_SERVER_NAMEenvironment variable. -
-token=<value>- ACL token to use in the request. This can also be specified via theCONSUL_HTTP_TOKENenvironment variable. If unspecified, the query will default to the token of the Consul agent at the HTTP address. -
-token-file=<value>- File containing the ACL token to use in the request instead of one specified via the-tokenargument orCONSUL_HTTP_TOKENenvironment variable. This can also be specified via theCONSUL_HTTP_TOKEN_FILEenvironment variable.
-
-datacenter=<name>- Name of the datacenter to query. If unspecified, the query will default to the datacenter of the Consul agent at the HTTP address. -
-stale- Permit any Consul server (non-leader) to respond to this request. This allows for lower latency and higher throughput, but can result in stale data. This option has no effect on non-read operations. The default value is false.
The output looks like this:
»reset
Deprecated The ability to manage the cluster's license via the CLI was removed in Consul 1.10. While the CLI command still exists it will always return an error. This command will be fully removed in a future release.
Resets license for the datacenter to the one builtin in Consul binary, if it is still valid. If the builtin license is invalid, the current one stays active.
Usage: consul license reset [options]
»API Options
-
-ca-file=<value>- Path to a CA file to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CACERTenvironment variable. -
-ca-path=<value>- Path to a directory of CA certificates to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CAPATHenvironment variable. -
-client-cert=<value>- Path to a client cert file to use for TLS whenverify_incomingis enabled. This can also be specified via theCONSUL_CLIENT_CERTenvironment variable. -
-client-key=<value>- Path to a client key file to use for TLS whenverify_incomingis enabled. This can also be specified via theCONSUL_CLIENT_KEYenvironment variable. -
-http-addr=<addr>- Address of the Consul agent with the port. This can be an IP address or DNS address, but it must include the port. This can also be specified via theCONSUL_HTTP_ADDRenvironment variable. In Consul 0.8 and later, the default value is http://127.0.0.1:8500, and https can optionally be used instead. The scheme can also be set to HTTPS by setting the environment variableCONSUL_HTTP_SSL=true. This may be a unix domain socket usingunix:///path/to/socketif the agent is configured to listen that way. -
-tls-server-name=<value>- The server name to use as the SNI host when connecting via TLS. This can also be specified via theCONSUL_TLS_SERVER_NAMEenvironment variable. -
-token=<value>- ACL token to use in the request. This can also be specified via theCONSUL_HTTP_TOKENenvironment variable. If unspecified, the query will default to the token of the Consul agent at the HTTP address. -
-token-file=<value>- File containing the ACL token to use in the request instead of one specified via the-tokenargument orCONSUL_HTTP_TOKENenvironment variable. This can also be specified via theCONSUL_HTTP_TOKEN_FILEenvironment variable.
-
-datacenter=<name>- Name of the datacenter to query. If unspecified, the query will default to the datacenter of the Consul agent at the HTTP address. -
-stale- Permit any Consul server (non-leader) to respond to this request. This allows for lower latency and higher throughput, but can result in stale data. This option has no effect on non-read operations. The default value is false.
The output looks like this: