The RLM Web Server
The RLM server contains an embedded Web Server which can be used to perform most administration of the RLM server itself. The web server contains the functionality of all the rlmutil-based utilities except rlmhostid. The web server allows you to retrieve server and license status (similar to rlmstat), cause the servers to re-read the license files (rlmreread), switch debug (rlmswitch) or report log (rlmswitchr) files, move the current report log file to a new name (rlmnewlog), or shut down the license servers (rlmdown). Using this web-based interface, you can administer the license servers from any platform, and you do not need to install the RLM utilities - you only need a web browser.
Note
Beginning in RLM v15.1, HTTPS can now be enabled in the Web Server via startup options. See Enabling HTTPS in the RLM Web Server for more details.
In addition, the web server allows you to edit server option files (if you have access to the edit_options capability - for ISV servers, or the edit_rlm_options capability - for RLM itself.) Also, the web interface allows you to view the recent debug log information from any of the servers if you have access to the status capability. Finally, access to the status, reread, and shutdown commands is controlled by the appropriate capability as specified in The RLM Options File (or via login credentials, see: Access Control to the RLM Web Interface).
The web server is started automatically on port 5054 when RLM is started. To use the web server, simply point your browser to: http://ServerHostName:5054 and select the operation you would like to perform. You will be prompted for any required information.
If you would like to run the web server on a different port, specify the -ws NNNNN command-line argument when starting RLM, where NNNNN is the desired port.
The RLM web server is 100% self-contained in the RLM binary; no additional html files are required for operation.
Warning
In RLM v14.1, RLM v14.2 and RLM v15.0 the web server is disabled if the user running RLM is root or an admin user.
The remaining sections will describe some of the main functions of the web interface.
Enabling HTTPS in the RLM Web Server
To enable HTTPS in the web server you should use the two new startup options, -sslcert and -sslpriv to point to your SSL certificate and SSL private key. E.g.:
% ./rlm -sslcert /path/to/cert.pem -sslpriv /path/to/privkey.pem
Now you can access your web server by typing https://ServerHostName:5054 (be sure to include the https:// if you are not automatically redirecting the url via other means).
If you are running your server as root/administrator, it is possible to set your web server to run on port 443 (the default HTTPS port) by running the following:
% ./rlm -sslcert /path/to/cert.pem -sslpriv /path/to/privkey.pem -ws 443
While running on port 443 and pointing at valid SSL certificate and private key, your browser should automatically redirect to https:// without needing to type it explicitly. (i.e., typing ServerHostName should take you to https://ServerHostName:443.
Note
If you prefer to generate your own self-signed certificates, your traffic to the web server will still be encrypted, but your browser will likely display a warning before you can get to the web server. Self-signed certificates can not be generated with a password to use the web server.
Access Control to the RLM Web Interface
It is possible to require users to log in to the RLM Web Interface. The login capability is provided via the RLM password file, named rlm.pw. Beginning in RLM v15.1, if this file doesn’t exist, RLM will create it automatically at startup with a default admin:admin:all account. Reprise Software recommends that you protect access to this file so that ordinary users can’t write it. The RLM password file, as well as the directory which contains it, must be read-write to the RLM process.
The RLM password file has one line for each user, formatted as follows:
username:password:list-of-permissions
Warning
The username must not contain a ‘:’ character.
If the password field is blank, then the user can log in without supplying a password. The password field must be blank when adding new users, and you must set a password within 10 minutes or the server will automatically shut down. To change their password, login as that user and select “Change Password”. The password field is an encrypted hash of the actual password (similar to the Unix password file).
The list-of-permissions field is a comma-separated list of the various privileges which you can assign to this user. These names are the same names you would use in the RLM options file if you were controlling access without logins enabled, with the addition of the special “all” permission, which enables all operations.
Note
If you use the RLM password file to control access, you should not use the RLM options file to control access.
Beginning in RLM v14.2, if there are users in the rlm.pw file with blank passwords, rlm will log this condition and exit after 10 minutes unless started with the -z switch.
Also beginning in RLM v14.2, there is a limit of 20 simultaneously logged in users to the web interface.
Beginning in RLM v15.1, you are required to be logged in to the web server to use its functionality.
Also beginning in RLM v15.1, all users are required to have passwords to avoid automatic shutdown in 10 minutes. The -z switch has been removed.
RLM privileges assignable in the RLM password file
|
Privilege |
Meaning |
Notes |
|---|---|---|
|
all |
Special privilege name, enables all privileges. |
|
|
edit_meter |
Allows modifying count for meter counters. |
Enables “status” privilege even if not present. |
|
edit_options |
Allows editing options files for ISV servers, the “Activate” button in the ISV server status line and the “Activate License” button in the left menu. |
Enables “status” privilege even if not present. Enables diagnostics. |
|
edit_rlm_options |
Allows editing license files and options files for the rlm server. |
Enables “status” privilege even if not present. Enables diagnostics. |
|
edit_xfer |
Allows editing server-server license transfer settings for ISV servers. |
Enables “status” privilege even if not present. |
|
extend_roam |
Allows this user to extend roam duration for already-roaming licenses. |
|
|
logfiles |
Enables the functions which change log files - switch, switchr, newlog. |
Enables diagnostics. |
|
remove |
Allows the user to remove a license from a running process. |
Enables “status” privilege even if not present. |
|
reread |
Allows access to the functions which do reread commands on license servers. |
|
|
shutdown |
Allows access to the functions which shut down license servers. |
Enables “status” privilege even if not present. |
|
status |
Allows display of status and debug log information from the license servers. |
Beginning in rlm v12.4, if there is no password file present, the edit options and edit rlm options commands are disabled.
A user with no privileges assigned will have access to the “Test License Activation”, “RLM Manual…”, “About…”, “Change Password”, and “Logout” commands.
A couple of example password line entries shown here:
tom:$5ukMApW1jixwcrGqRALO91:all
harry::edit_options,edit_rlm_options,reread
-
User “tom” has a password assigned and can perform all actions with the web interface.
-
User “harry” has no password (they should set their password on first login), and has the edit options, edit rlm options, and reread privileges assigned. He will also be able to view status.
Adding New Users
Note
Beginning in RLM v15.1, a default user with the username admin and password admin is created if rlm.pw does not already exist.
To add a new user:
-
Open rlm.pw (located in the RLM binary directory)
-
Add a new user with a blank password and desired permissions:
johndoe::status
-
Log in to the web server as this new user and click Change Password to set a password for the user.
Warning
If there are any users without passwords and/or the admin password is still the default, for longer than 10 minutes the server will shut down automatically.
Intro Screen
The intro screen of the RLM web server is shown below. There are 3 sections to the rlm web interface:
-
a top banner with the Reprise logo and title
-
a command area on the lower left, and
-
a general view area in the main lower-right hand side of the screen.
The top section of the view area displays some general information about rlm command options to run the web server. On the left-hand side is a list of administration commands which will be discussed later.
Note that, beginning in RLM v10.0, every user will not see all the commands on the left-hand side of the menu, depending on the privileges assigned to that user in the password file or in the RLM options file.
Main Status screen
If you select Status from the menu on the left, the main status screen is displayed in the view area as shown below.
The top section displays the host information where the rlm server is running - host name and port #.
Below this is the status of the RLM server itself, followed by buttons to edit rlm options and display the last few lines of the rlm debug log.
Next is a table of ISV servers, one per line, with a number of buttons on the right-hand side of each line to retrieve ISV server status, license status, display the last few lines of the debug log, reread or restart the server, edit server options, or shut down the ISV server. Note that these buttons (and the corresponding columns) will only appear if the user running the web server has access to these functions, as specified in the rlm options file.
The status screen provides access to the shutdown and reread/restart commands for all the ISV servers, as well as option file editing and debug log viewing for both rlm and the ISV servers.
Server Status
If you click on an ISV button in the Server Status column in the ISV server status display, you will see the detailed status display for this ISV server (shown below) in the view area. This display shows some server statistics in a table at the top, followed by a table of all the licenses which this ISV server is serving.
There are several columns in this table which will appear or not, depending on the particulars of the licenses which this server is serving. For example, there are columns for hostid (in the case of node-locked licenses), roaming (in the case where some licenses are roamed out to disconnected systems), and named count (named user count - in the case of named user licenses). In the example shown here, there are no node-locked licenses, and no licenses are roaming, so these 2 columns do not appear.
Also, please note that the expiration date shown in this table is the expiration date of the first license to expire out of all the licenses used to create the license pool. When more than one license is used to create a single license pool (licenses are combined when all relevant parameters of 2 different licenses match), then only the earliest expiration date is shown. The other license(s) may have any expiration date that has not yet expired. To determine the expiration date of all licenses used to make up a license pool the actual license file must be consulted. Also note that licenses from different license files could be combined to make a single license pool.
At the far right-hand side of each license line, there are 2 columns. The first column has buttons which, if pressed, will generate a list of users of that product. The second column has buttons which are used to maintain the named user list for named user licenses. Note that if this server is not serving any named user licenses, the 2nd column will not appear. Also, only named user licenses will have edit buttons in this column. In the example below, only the first license is a named user license.
License Status
If you click on the usage… button in the “Show License Usage” column above, you will see the license status screen,for the selected products. Clicking on the “usage…” button on the right-hand side of the License Pool Status section will redisplay to show only license usage for the pool selected. An example license status screen is shown below.
Maintaining Named User Licenses
If you click on the edit… button in the “Edit Named User List” column above, you will see the “Edit Named User Definitions” screen, as shown below. This form contains a table of all the named users for this license, as well as a list of recently deleted named users. You can delete any named user from the list by pressing the Delete button to the right-hand side of their name. Pressing this button will present a confirmation screen, which then allows you to remove that user from the list. Note that the user cannot be removed from the list if he/she currently has any licenses checked out at the server (including roaming licenses).
Once deleted, a user must remain off the list for a minimum amount of time as specified in the license.
At the bottom of this screen are 2 buttons for adding named users to the list. The first button Add Group… brings up a form which has a choice list of all GROUP definitions from this ISV server’s options file. If you select a group to add, group members will be added to the named user list until the list is full, or the group is exhausted.
Below the Add Group… button is an Add New User… button, which is used to add an individual user to the named user list.
Press the Back button if you do not wish to make any changes to the named user list.
Server Shutdown
If you select Shutdown from the menu on the left (or from the Shutdown column in the ISV server status display), you will see the Shutdown License Server screen below in the view area. If you enter an ISV name that particular ISV server will be shut down. If you leave the ISV name blank or enter “all”, all ISV servers will be shut down. Note that you cannot shut down rlm from the shutdown screen. The shutdown will happen when you click the SHUT DOWN SERVER button. If you do not wish to shut down any servers, use the browser back button, or select a different command from the list on the left.
Server Reread/Restart
If you select //Reread/Restart from the menu on the left (or from the REREAD/RESTART// column in the ISV server status display), you will see the Reread/Restart Servers screen below in the view area. If you enter an ISV name that particular ISV server will be restarted if it is not running, or it will be sent a reread command if it is running. If you leave the ISV name blank or enter “all”, all ISV servers will be restarted or reread their license files, as appropriate. If you select rlm, the rlm server itself will reread its license and option files. The reread/restart will happen when you click the REREAD LICENSES button. If you do not wish to send the reread command to any servers, use the browser back button, or select a different command from the list on the left.
Switch ISV server Reportlog
If you select Switch Reportlog from the menu on the left, you will see the Switch Reportlog for License Server screen below in the view area. Enter an ISV name and a new filename for the reportlog, then that particular ISV server will begin writing its reportlog to the filename specified. The switch command will be sent when you click the SWITCH REPORT LOG button. If you do not wish to switch the report log, use the browser back button, or select a different command from the list on the left.
New ISV server Reportlog
If you select New Reportlog from the menu on the left, you will see the New Reportlog for License Server screen below in the view area. Enter an ISV name and a new filename for the reportlog, then that particular ISV server will rename the current reportlog to the filename specified and continue logging to the original reportlog filename. The command will be sent when you click the MOVE DATA TO NEW LOGFILE button. If you do not wish to rename the report log, use the browser back button, or select a different command from the list on the left.
Switch Debug Log for ISV Server or rlm
If you select Switch Debuglog from the menu on the left, you will see the Switch Debug Log For License Server screen below in the view area. Enter an ISV name (or rlm) and a new filename for the debug log, then that particular ISV server (or rlm) will begin writing its debug log to the filename specified. The switch command will be sent when you click the SWITCH DEBUG LOG button. If you do not wish to switch the debug log, use the browser back button, or select a different command from the list on the left. Note that on Unix systems, all servers (rlm plus all ISV servers) initially write their debug log to the same file (stdout of the rlm process). Once you switch any server to a different file, it is not possible to combine the debug log output again.
RLM System Info
If you select System Info from the menu on the left, you will see the RLM system information screen below in the view area. This information contains the platform type and hostid information for the system where the rlm process is running (NOTE: not where your browser is running). In addition, starting in RLM v9.3BL2, this screen will display a list of all rlm processes running on this computer (including processes which are not currently running but which have run in the prior 24 hours).
Activate License
If you select Activate License from the menu on the left, you will be prompted for the information necessary to activate a license from an ISV server’s internet site. The information is collected in several steps. The initial screen is shown below. Click on BEGIN License Activation to step through the screens which will collect the data required to activate a license.
You can control the appearance and defaults of the “Activate License” command with the rlm “-activate” options in the RLM options file. See: ACTIVATE.
Test License Activation
This command allows you to test the activation server specified by the ACTIVATE_TEST line in the rlm options file. When a test is successful, you will see a screen similar to the following screen:
See the ACTIVATE_TEST line description of the rlm options file in The RLM Options File on page 64 for information on specifying the activation test parameters. RLM Manual/About…
These last two commands display RLM information.
The RLM Manual button displays the latest version of this manual from the Reprise Software, Inc. website at http://www.reprisesoftware.com/RLM_License_Administration.html
The About… command displays the intro screen seen at the beginning of this section.