CLI/API to generate OpsCenter Install link and License


#1

Is there a way we can generate OpsCenter based Install link and License key using custom scripts to automate the flow without any user intervention.


#2

Hi @maaz!

There is a gravity license new command that generates a license, however you will need to provide it with the Ops Center’s certificate authority which can be exported from the Ops Center cluster like this:

$ sudo gravity enter
$ gravity package unpack gravitational.io/ops-cert-authority:0.0.1 --ops-url=https://gravity-site.kube-system.svc.cluster.local:3009 --insecure /tmp/ca

As for the install link - could you explain in a bit more detail what sort of automation you’re looking to implement? Perhaps a better approach would be to install a standalone cluster and then connect it to the Ops Center using Trusted Cluster resource.

Let me know if that helps,
Roman


#3

@r0mant,
I am looking for more like an API way be make it from my script, seems we use some custom Authentication, can you share how I can authenticate using my user.

like for install link is get via following API

POST https://opscenter.server:3009/portalapi/v1/tokens/install
Body {“app”:“gravitational.io/myApp:version”}

For License I see following API

POST https://opscenter.server:3009/portalapi/v1/license
Body {“max_nodes”:3,“expiration”:“2019-04-30T07:00:00.000Z”,“stop_app”:true}


#4

Can you take a look at this ruby example and let me know if it’s helpful?


#5

@sasha thanks it worked for API portalapi/v1/tokens/install, can we add expires time in this API as well?

for other API portalapi/v1/license, I am getting method not found even though I added "account": "00000000-0000-0000-0000-000000000001", "type": "agent" in body, does it need something more?


#6

@maaz I believe the URL for this API is /portal/v1/license/new. Also, the tokens API does not accept expiration time at the moment.


#7

@r0mant @sasha I saw the API via browser networking calls, I tried this new API but did not work, I got expiration date can't be in the past error, so a step forward but still not able to do that, do you know what should be the send in the body? here is the full API that I have tried

POST /portal/v1/license/new HTTP/1.1
Host: opscenter.server:3009
Authorization: Basic XYZXXXXXX==
content-type: application/json; charset=UTF-8

{“max_nodes”:3,“expiration”:“2019-08-30T13:22:53.108Z”,“stop_app”:true, “account”: “00000000-0000-0000-0000-000000000001”, “type”: “agent”}


#8

Looking at this internal API call, the expiration field is called valid_for and accepts the certificate validity period in Go duration format (1h, 24h, etc.). Also, you do not need “account” and “type” fields for this API.

Thanks,
Roman