731 lines
30 KiB
Markdown
731 lines
30 KiB
Markdown
# 基于HL Seats方式授权的OS过期时没有停止服务
|
||
|
||
| ID | Creation Date | Assignee | Status |
|
||
|----|----------------|----------|--------|
|
||
| OMPUB-1041 | 2023-10-22T16:39:49.000+0800 | 卢文朋 | 完成 |
|
||
|
||
|
||
---
|
||
|
||
P19 WMS现场采用的HL Seats授权OS的到期时间为2023/10/21 04:55。授权到期后,OS仍能正确从ACC获取认证并继续提供服务。
|
||
|
||
!image-2023-10-22-16-39-38-822.png!
|
||
|
||
ACC授权界面:
|
||
|
||
!image-2023-10-22-16-40-32-378.png!**luwenpeng** commented on *2023-10-22T17:02:56.180+0800*:
|
||
|
||
现场情况:HL硬锁插在宿主机上,宿主机中安装了KVM,KVM中安装了虚拟机,ACC Service部署在虚拟机中
|
||
h2. *ACC-LOG:*
|
||
|
||
*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-52-25.png!*
|
||
|
||
ACC日志显示2023/10/21 17:59:48前更新了授权信息
|
||
h2. *OS-LOG:*
|
||
|
||
*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-50-41.png!*
|
||
|
||
OS日志显示2023/10/21 18:22 hasp_monitor Encrypting failed
|
||
* 暗示着hasp_monitor在2023/10/21 17:52是成功获取到授权信息的
|
||
* hasp_monitor成功获取到授权后会Sleep 1800s
|
||
* 2023/10/21 17:59:48 ACC更新了网络座席
|
||
* 2023/10/21 18:22 hasp_monitor wake之后继续使用之前网络座席进行Encrypting, 由于网络座席更新,发生了Encryping failed
|
||
* 2023/10/21 18:22 hasp_monitor重新获取新的网络座席
|
||
|
||
从hasp_monitor的执行流程看,2023/10/21 17:52之前网络座席还没有过期。
|
||
h2. *ACC显示的到期时间:*
|
||
|
||
*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-43-16.png!*
|
||
*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-43-49.png!*
|
||
|
||
ACC显示的到期时间是2023/10/21 04:55
|
||
h2. *ACC时钟:*
|
||
|
||
*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-28-0.png!*
|
||
*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-28-22.png!
|
||
|
||
于北京时间2023/10/22 00:45;巴基斯坦2023/10/21 21:45采集的截图
|
||
|
||
ACC 10.10.10.159 显示的时间是 2023/10/22 02:45:19 {color:#ff0000}*比当地时间快5小时*{color}
|
||
|
||
ACC 10.10.20.159 显示的时间是 2023/10/21 21:45:08 正常的
|
||
h2. *ACC虚拟机的时钟:*
|
||
|
||
*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-34-31.png!*
|
||
|
||
于北京时间2023/10/22 00:32; 巴基斯坦2023/10/21 21:32采集的截图
|
||
|
||
虚拟机10.10.10.159 显示的时间是 2023/10/21 21:32:26 正常的
|
||
|
||
虚拟机10.10.20.159 显示的时间是 2023/10/21 21:32:29 正常的
|
||
h2. *ACC虚拟机所在宿主机的时钟:*
|
||
|
||
*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-37-14.png!*
|
||
|
||
于北京时间2023/10/22 00:42; 巴基斯坦2023/10/21 21:42采集的截图
|
||
|
||
宿主机10.10.10.5显示的时间是2023/10/22 02:28:49 AM {color:#ff0000}*比当地时间快约4小时46分钟*{color}
|
||
|
||
宿主机10.10.20.169显示的时间是2023/10/21 09:24:52 PM {color:#ff0000}*比当地时间慢约18分钟*{color}
|
||
h2. *综上:*
|
||
|
||
(下面描述中的时间都是巴基斯坦当地时间)
|
||
|
||
*ACC Service的时钟信息*
|
||
* ACC Service 显示2023/10/21 04:55授权过期,但是至少2023/10/21 17:52之前授权还有效
|
||
** 疑问:ACC Service更新授权前(2023/10/21 17:59:48),ACC Service是否显示授权已过期?
|
||
** 疑问:ACC Service 显示的过期时间是如何计算的?
|
||
|
||
* ACC Service 10.10.20.159 的时间正常
|
||
|
||
* ACC Service 10.10.10.159 的时间{*}{color:#ff0000}比当地时间快5小时{color}{*}
|
||
** 疑问:启动 ACC Service 后修改ACC虚拟机时钟了?
|
||
|
||
*ACC 虚拟机的时钟信息*
|
||
* ACC虚拟机10.10.10.159的时间正常
|
||
* ACC虚拟机10.10.20.159的时间正常
|
||
|
||
*ACC 虚拟机所在宿主机的时钟信息*
|
||
* ACC虚拟机所在宿主机PCAP-PVE001: 10.10.10.5 *{color:#ff0000}比当地时间快4小时46分钟{color}*
|
||
* {color:#172b4d}ACC虚拟机所在宿主机MSH-PVE001: 10.10.20.169 PM *比当地时间慢约18分钟*{color}
|
||
|
||
{color:#172b4d}*联系*{color}
|
||
|
||
ACC Service 10.10.10.159 的时间{*}{color:#ff0000}比当地时间快5小时{color}{*},该 ACC Service 所在宿主机PCAP-PVE001 10.10.10.5 的时间{*}{color:#ff0000}比当地时间快4小时46分钟{color}{*}
|
||
|
||
[How Sentinel LDK Protects Time-based Licenses With V-Clock|https://docs.sentinel.thalesgroup.com/ldk/LDKdocs/SPNL/LDK_SLnP_Guide/Appendixes/HowProtects_TimeBased.htm?Highlight=vclock]
|
||
|V‑Clock does not provide the same level of control as the real-time clock in Sentinel HL Time keys and Sentinel HL NetTime keys. However, V‑Clock prevents the end user from setting the system time back to an earlier date and time, and thus tampering with time-based licenses.
|
||
|
||
The expiration period or date for a time-based license is initially calculated according to the system clock of the end user's machine.|
|
||
|
||
文档中显示HL中的V-Clock只是确保系统时间不倒退,授权到期时间使用的是系统时间。
|
||
|
||
|
||
|
||
---
|
||
|
||
**luwenpeng** commented on *2023-10-23T14:31:59.685+0800*:
|
||
|
||
更新授权后10.10.10.159的授权信息
|
||
{code:java}
|
||
[root@pcap-kvm-nz001 ~]# ./hasp_rus s local
|
||
getinfo test :
|
||
info as followed:
|
||
<?xml version="1.0" encoding="UTF-8" ?>
|
||
<hasp_info>
|
||
<hasp>
|
||
<id>1468561840</id>
|
||
<type>HASP-HL</type>
|
||
<configuration>
|
||
<sentinelhl />
|
||
<driverless />
|
||
</configuration>
|
||
<clone_protected></clone_protected>
|
||
<disabled>false</disabled>
|
||
<version>4.60</version>
|
||
<hw_version>7.2</hw_version>
|
||
<updatecounter>29</updatecounter>
|
||
<production_date>1663113600</production_date>
|
||
<detachable>false</detachable>
|
||
<attached>false</attached>
|
||
<recipient>false</recipient>
|
||
<rehost>
|
||
<rehost_enduser_managed>false</rehost_enduser_managed>
|
||
</rehost>
|
||
<key_model>Max</key_model>
|
||
<key_type>Max</key_type>
|
||
<form_factor>Mini</form_factor>
|
||
<response_time>1</response_time>
|
||
<hw_platform>Sentinel</hw_platform>
|
||
<driverless>true</driverless>
|
||
<hasp_enabled>false</hasp_enabled>
|
||
<fingerprint_change></fingerprint_change>
|
||
<vclock_enabled>true</vclock_enabled>
|
||
<product>
|
||
<id>9</id>
|
||
<name>TSG-OS</name>
|
||
<feature id="100">
|
||
<license>
|
||
<license_type>expiration</license_type>
|
||
<exp_date>1698796500</exp_date>
|
||
</license>
|
||
</feature>
|
||
</product>
|
||
</hasp>
|
||
<hasp>
|
||
<id>534101534133789070</id>
|
||
<type>HASP-SL</type>
|
||
<configuration>
|
||
<haspsl-usermode />
|
||
</configuration>
|
||
<clone_protected>true</clone_protected>
|
||
<disabled>false</disabled>
|
||
<version>8.23</version>
|
||
<hw_version></hw_version>
|
||
<updatecounter>0</updatecounter>
|
||
<production_date>1688827990</production_date>
|
||
<detachable>false</detachable>
|
||
<attached>false</attached>
|
||
<recipient>false</recipient>
|
||
<rehost>
|
||
<rehost_enduser_managed>false</rehost_enduser_managed>
|
||
</rehost>
|
||
<key_model>Certificate</key_model>
|
||
<key_type>SL-UserMode</key_type>
|
||
<form_factor></form_factor>
|
||
<response_time>0</response_time>
|
||
<hw_platform></hw_platform>
|
||
<driverless>false</driverless>
|
||
<hasp_enabled>false</hasp_enabled>
|
||
<fingerprint_change>accepted</fingerprint_change>
|
||
<vclock_enabled>true</vclock_enabled>
|
||
<product>
|
||
<id>11</id>
|
||
<name>Network Zodiac (Rehost Enabled)</name>
|
||
<feature id="20001">
|
||
<license>
|
||
<license_type>expiration</license_type>
|
||
<exp_date>1704067199</exp_date>
|
||
</license>
|
||
</feature>
|
||
</product>
|
||
</hasp>
|
||
</hasp_info>
|
||
|
||
[root@pcap-kvm-nz001 ~]# {code}
|
||
更新授权后10.10.20.159的授权信息
|
||
{code:java}
|
||
[root@msh-kvm-nz001 ~]# ./hasp_rus s local
|
||
getinfo test :
|
||
info as followed:
|
||
<?xml version="1.0" encoding="UTF-8" ?>
|
||
<hasp_info>
|
||
<hasp>
|
||
<id>1897549354</id>
|
||
<type>HASP-HL</type>
|
||
<configuration>
|
||
<sentinelhl />
|
||
<driverless />
|
||
</configuration>
|
||
<clone_protected></clone_protected>
|
||
<disabled>false</disabled>
|
||
<version>4.60</version>
|
||
<hw_version>7.2</hw_version>
|
||
<updatecounter>29</updatecounter>
|
||
<production_date>1663113600</production_date>
|
||
<detachable>false</detachable>
|
||
<attached>false</attached>
|
||
<recipient>false</recipient>
|
||
<rehost>
|
||
<rehost_enduser_managed>false</rehost_enduser_managed>
|
||
</rehost>
|
||
<key_model>Max</key_model>
|
||
<key_type>Max</key_type>
|
||
<form_factor>Mini</form_factor>
|
||
<response_time>0</response_time>
|
||
<hw_platform>Sentinel</hw_platform>
|
||
<driverless>true</driverless>
|
||
<hasp_enabled>false</hasp_enabled>
|
||
<fingerprint_change></fingerprint_change>
|
||
<vclock_enabled>true</vclock_enabled>
|
||
<product>
|
||
<id>9</id>
|
||
<name>TSG-OS</name>
|
||
<feature id="100">
|
||
<license>
|
||
<license_type>expiration</license_type>
|
||
<exp_date>1698796500</exp_date>
|
||
</license>
|
||
</feature>
|
||
</product>
|
||
</hasp>
|
||
<hasp>
|
||
<id>813914921556795374</id>
|
||
<type>HASP-SL</type>
|
||
<configuration>
|
||
<haspsl-usermode />
|
||
</configuration>
|
||
<clone_protected>true</clone_protected>
|
||
<disabled>false</disabled>
|
||
<version>8.23</version>
|
||
<hw_version></hw_version>
|
||
<updatecounter>0</updatecounter>
|
||
<production_date>1688809981</production_date>
|
||
<detachable>false</detachable>
|
||
<attached>false</attached>
|
||
<recipient>false</recipient>
|
||
<rehost>
|
||
<rehost_enduser_managed>false</rehost_enduser_managed>
|
||
</rehost>
|
||
<key_model>Certificate</key_model>
|
||
<key_type>SL-UserMode</key_type>
|
||
<form_factor></form_factor>
|
||
<response_time>0</response_time>
|
||
<hw_platform></hw_platform>
|
||
<driverless>false</driverless>
|
||
<hasp_enabled>false</hasp_enabled>
|
||
<fingerprint_change>accepted</fingerprint_change>
|
||
<vclock_enabled>true</vclock_enabled>
|
||
<product>
|
||
<id>11</id>
|
||
<name>Network Zodiac (Rehost Enabled)</name>
|
||
<feature id="20001">
|
||
<license>
|
||
<license_type>expiration</license_type>
|
||
<exp_date>1704067199</exp_date>
|
||
</license>
|
||
</feature>
|
||
</product>
|
||
</hasp>
|
||
</hasp_info>
|
||
|
||
[root@msh-kvm-nz001 ~]# {code}
|
||
|
||
|
||
|
||
|
||
---
|
||
|
||
**luwenpeng** commented on *2023-10-23T14:32:20.177+0800*:
|
||
|
||
10.10.10.159的错误日志显示{color:#FF0000}“Unexpected time move to the past by 17993 seconds”{color}
|
||
{code:java}
|
||
[root@pcap-kvm-nz001 ~]# cat /var/hasplm/error.log
|
||
2023-07-10 22:27:38 [1069] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
|
||
2023-07-10 17:27:53 [1069] Unexpected time move to the past by 17993 seconds
|
||
2023-07-25 14:36:08 [1069] Failed to logout not existing session 104649063
|
||
2023-07-25 14:38:35 [1069] Failed to logout not existing session 97365897
|
||
2023-07-25 14:40:33 [1069] Failed to logout not existing session 170182860
|
||
2023-07-25 14:48:23 [1069] Failed to logout not existing session 60936620
|
||
2023-07-25 14:48:27 [1069] Failed to logout not existing session 146651492
|
||
2023-07-25 14:48:54 [1069] Failed to logout not existing session 170107269
|
||
2023-07-25 14:48:55 [1069] Failed to logout not existing session 46064631
|
||
2023-07-25 14:48:56 [1069] Failed to logout not existing session 230881559
|
||
2023-07-25 14:48:57 [1069] Failed to logout not existing session 215222965
|
||
2023-07-25 14:49:01 [1069] Failed to logout not existing session 256339667
|
||
2023-07-25 14:49:04 [1069] Failed to logout not existing session 159716494
|
||
2023-07-25 14:49:05 [1069] Failed to logout not existing session 215750551
|
||
2023-07-25 14:51:37 [1069] Failed to logout not existing session 122639995
|
||
2023-07-25 14:51:37 [1069] Failed to logout not existing session 251624379
|
||
2023-07-25 14:52:19 [1069] Failed to logout not existing session 240463490
|
||
2023-07-25 14:58:34 [1069] Failed to logout not existing session 3874594
|
||
2023-07-25 14:58:58 [1069] Failed to logout not existing session 23068935
|
||
2023-07-25 15:03:56 [1069] Failed to logout not existing session 147103624
|
||
2023-08-16 15:59:49 [1069] Failed to logout not existing session 9413842
|
||
2023-08-16 16:21:05 [1069] Failed to logout not existing session 123816039
|
||
2023-08-16 16:21:14 [1069] Failed to logout not existing session 175484872
|
||
2023-08-16 16:21:15 [1069] Failed to logout not existing session 144181234
|
||
2023-08-16 16:21:18 [1069] Failed to logout not existing session 82158414
|
||
2023-08-16 16:21:21 [1069] Failed to logout not existing session 125417785
|
||
2023-08-16 16:21:21 [1069] Failed to logout not existing session 153795180
|
||
2023-09-21 16:00:21 [1069] Failed to logout not existing session 170550098
|
||
2023-09-21 16:02:28 [1069] Failed to logout not existing session 149914386
|
||
2023-09-21 16:02:28 [1069] Failed to logout not existing session 123072468
|
||
2023-09-21 16:02:28 [1069] Failed to logout not existing session 152813400
|
||
2023-09-21 16:06:06 [1069] Failed to logout not existing session 236621699
|
||
2023-09-21 16:06:52 [1069] Failed to logout not existing session 36329370
|
||
2023-09-21 16:07:00 [1069] Failed to logout not existing session 134586752
|
||
2023-09-21 16:07:00 [1069] Failed to logout not existing session 245208374
|
||
2023-09-21 16:07:00 [1069] Failed to logout not existing session 252208405
|
||
2023-09-21 16:07:02 [1069] Failed to logout not existing session 40608153
|
||
2023-09-21 16:07:02 [1069] Failed to logout not existing session 210514153
|
||
2023-09-21 16:13:50 [1069] Failed to logout not existing session 73804376
|
||
2023-09-21 16:13:58 [1069] Failed to logout not existing session 191294591
|
||
2023-09-21 16:14:05 [1069] Failed to logout not existing session 171892951
|
||
2023-09-21 16:21:37 [1069] Failed to logout not existing session 263395403
|
||
2023-09-21 16:21:50 [1069] Failed to logout not existing session 43447029
|
||
2023-09-21 16:21:53 [1069] Failed to logout not existing session 242579109
|
||
2023-09-21 16:21:53 [1069] Failed to logout not existing session 167630486
|
||
2023-10-10 17:52:09 [1069] Failed to logout not existing session 72907780
|
||
2023-10-10 17:52:11 [1069] Failed to logout not existing session 91877893
|
||
2023-10-10 17:55:29 [1069] Failed to logout not existing session 14426740
|
||
2023-10-10 17:59:40 [1069] Failed to logout not existing session 261872345
|
||
2023-10-10 18:00:40 [1069] Failed to logout not existing session 91166461
|
||
2023-10-21 18:02:34 [1069] Failed to logout not existing session 215870962
|
||
2023-10-21 18:02:37 [1069] Failed to logout not existing session 267647807
|
||
2023-10-21 18:02:57 [1069] Failed to logout not existing session 208318992
|
||
2023-10-21 18:02:57 [1069] Failed to logout not existing session 188685595
|
||
2023-10-21 18:02:57 [1069] Failed to logout not existing session 134996703
|
||
2023-10-21 18:02:57 [1069] Failed to logout not existing session 265950763
|
||
2023-10-21 18:02:57 [1069] Failed to logout not existing session 127810735
|
||
2023-10-21 18:06:43 [1069] Failed to logout not existing session 159947985
|
||
2023-10-21 18:06:51 [1069] Failed to logout not existing session 229517899
|
||
2023-10-21 18:06:56 [1069] Failed to logout not existing session 247692719
|
||
2023-10-21 18:07:48 [1069] Failed to logout not existing session 118313814
|
||
2023-10-21 18:14:10 [1069] Failed to logout not existing session 29193593
|
||
2023-10-21 18:14:16 [1069] Failed to logout not existing session 76860867
|
||
2023-10-21 18:14:22 [1069] Failed to logout not existing session 207354560
|
||
2023-10-21 18:22:06 [1069] Failed to logout not existing session 129045899
|
||
2023-10-21 18:22:20 [1069] Failed to logout not existing session 183848723
|
||
2023-10-21 18:22:21 [1069] Failed to logout not existing session 202211014
|
||
2023-10-21 18:22:21 [1069] Failed to logout not existing session 59924530
|
||
2023-10-21 18:32:21 [1069] Failed to logout not existing session 106994471
|
||
2023-10-21 18:32:30 [1069] Failed to logout not existing session 266102557
|
||
2023-10-21 19:00:31 [1069] Failed ACC authentication attempt from 10.10.50.61
|
||
[root@pcap-kvm-nz001 ~]# {code}
|
||
10.10.20.159的错误日志显示{color:#FF0000}“Unexpected time move to the past by 2591965 seconds“{color}
|
||
{code:java}
|
||
[root@msh-kvm-nz001 ~]# cat /var/hasplm/error.log
|
||
2023-07-09 12:00:37 [16787] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
|
||
2023-07-10 11:36:29 [1068] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
|
||
2023-06-10 11:44:36 [1068] Unexpected time move to the past by 2591965 seconds
|
||
2023-06-10 12:07:03 [3296] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
|
||
2023-06-10 12:07:14 [3376] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
|
||
2023-07-10 12:19:31 [1066] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
|
||
2023-06-10 12:20:14 [1066] Unexpected time move to the past by 2591965 seconds
|
||
2023-07-10 12:30:03 [1077] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
|
||
2023-07-12 18:26:23 [1077] Authorization failed for unknown session 'd58459c6af41ea92c6e5b9d58e430985'(previous message repeated 91 times)
|
||
2023-07-18 10:24:27 [1077] Failed to logout not existing session 17984098
|
||
2023-07-18 11:09:54 [1077] Failed to logout not existing session 242382455
|
||
2023-07-18 13:02:02 [1077] Failed to logout not existing session 159377111
|
||
2023-07-18 13:32:04 [1077] Failed to logout not existing session 108095744
|
||
2023-07-18 14:35:38 [1077] Failed to logout not existing session 215240589
|
||
2023-07-18 15:17:51 [1077] Failed to logout not existing session 165500527
|
||
2023-07-18 16:18:11 [1077] Failed to logout not existing session 101709924
|
||
2023-07-18 16:48:12 [1077] Failed to logout not existing session 46445734
|
||
2023-07-18 17:18:56 [1077] Failed to logout not existing session 177377743
|
||
2023-07-18 17:48:58 [1077] Failed to logout not existing session 47503139
|
||
2023-07-25 14:36:41 [1077] Failed to logout not existing session 147600726
|
||
2023-07-25 14:41:27 [1077] Failed to logout not existing session 86405912
|
||
2023-07-25 14:43:30 [1077] Failed to logout not existing session 188989340
|
||
2023-07-25 14:46:15 [1077] Failed to logout not existing session 85189072
|
||
2023-07-25 14:46:24 [1077] Failed to logout not existing session 191872388
|
||
2023-07-25 14:46:38 [1077] Failed to logout not existing session 6995764
|
||
2023-07-25 14:48:37 [1077] Failed to logout not existing session 211352138
|
||
2023-07-25 14:52:43 [1077] Failed to logout not existing session 126610938
|
||
2023-07-25 14:54:16 [1077] Failed to logout not existing session 136614155
|
||
2023-07-25 14:54:16 [1077] Failed to logout not existing session 14136481
|
||
2023-07-25 14:57:53 [1077] Failed to logout not existing session 101652931
|
||
2023-07-25 14:57:58 [1077] Failed to logout not existing session 176381377
|
||
2023-07-25 14:58:09 [1077] Failed to logout not existing session 77974538
|
||
2023-07-25 15:03:44 [1077] Failed to logout not existing session 3205907
|
||
2023-07-25 15:03:44 [1077] Failed to logout not existing session 163898373
|
||
2023-07-25 15:03:44 [1077] Failed to logout not existing session 266588020
|
||
2023-07-25 15:03:45 [1077] Failed to logout not existing session 111507703
|
||
2023-07-25 15:04:59 [1077] Failed to logout not existing session 775132
|
||
2023-08-16 16:13:26 [1077] Failed to logout not existing session 219026001
|
||
2023-08-16 16:13:36 [1077] Failed to logout not existing session 197789042
|
||
2023-08-16 16:13:43 [1077] Failed to logout not existing session 235628080
|
||
2023-09-21 15:51:06 [1077] Failed to logout not existing session 218752495
|
||
2023-09-21 15:51:18 [1077] Failed to logout not existing session 174909371
|
||
2023-09-21 15:51:20 [1077] Failed to logout not existing session 145800791
|
||
2023-09-21 15:51:27 [1077] Failed to logout not existing session 52931749
|
||
2023-09-21 15:51:41 [1077] Failed to logout not existing session 203442571
|
||
2023-09-21 15:51:41 [1077] Failed to logout not existing session 42284294
|
||
2023-09-21 15:55:09 [1077] Failed to logout not existing session 158861790
|
||
2023-09-21 15:59:23 [1077] Failed to logout not existing session 127089501
|
||
2023-09-21 16:02:01 [1077] Failed to logout not existing session 211173538
|
||
2023-09-21 16:02:11 [1077] Failed to logout not existing session 250019030
|
||
2023-09-21 16:02:15 [1077] Failed to logout not existing session 32721663
|
||
2023-09-21 16:02:18 [1077] Failed to logout not existing session 241932556
|
||
2023-09-21 16:02:29 [1077] Failed to logout not existing session 141907594
|
||
2023-09-21 16:02:29 [1077] Failed to logout not existing session 141249032
|
||
2023-09-21 16:06:21 [1077] Failed to logout not existing session 1878453
|
||
2023-09-21 16:06:26 [1077] Failed to logout not existing session 143203327
|
||
2023-09-21 16:06:31 [1077] Failed to logout not existing session 208587720
|
||
2023-09-21 16:13:19 [1077] Failed to logout not existing session 53491167
|
||
2023-10-10 18:02:48 [1077] Failed to logout not existing session 50642496
|
||
2023-10-10 18:02:48 [1077] Failed to logout not existing session 254305863
|
||
2023-10-10 18:02:48 [1077] Failed to logout not existing session 228338295
|
||
2023-10-10 18:02:48 [1077] Failed to logout not existing session 254877968
|
||
2023-10-10 18:02:48 [1077] Failed to logout not existing session 267350814
|
||
2023-10-21 17:59:48 [1077] Failed to logout not existing session 53139327
|
||
2023-10-21 18:00:48 [1077] Failed to logout not existing session 144821944
|
||
2023-10-21 18:07:20 [1077] Failed to logout not existing session 170056255
|
||
2023-10-21 18:07:29 [1077] Failed to logout not existing session 1004799
|
||
2023-10-21 18:07:29 [1077] Failed to logout not existing session 241794193
|
||
2023-10-21 18:07:29 [1077] Failed to logout not existing session 29880603
|
||
2023-10-21 18:07:29 [1077] Failed to logout not existing session 232483800
|
||
2023-10-21 18:07:29 [1077] Failed to logout not existing session 167582215
|
||
2023-10-21 18:14:22 [1077] Failed to logout not existing session 173226639
|
||
2023-10-21 18:21:27 [1077] Failed to logout not existing session 52797931
|
||
2023-10-21 18:21:37 [1077] Failed to logout not existing session 116201127
|
||
2023-10-21 18:21:40 [1077] Failed to logout not existing session 254472269
|
||
2023-10-21 18:21:45 [1077] Failed to logout not existing session 153354551
|
||
2023-10-21 18:22:04 [1077] Failed to logout not existing session 30706447
|
||
2023-10-21 18:22:04 [1077] Failed to logout not existing session 42129790
|
||
2023-10-21 18:25:40 [1077] Failed to logout not existing session 143046705
|
||
[root@msh-kvm-nz001 ~]# {code}
|
||
|
||
|
||
|
||
---
|
||
|
||
**luwenpeng** commented on *2023-10-23T14:40:23.993+0800*:
|
||
|
||
10.10.10.159 ACC的配置
|
||
{code:java}
|
||
[root@pcap-kvm-nz001 ~]# cat /etc/hasplm/hasplm.ini
|
||
;*************************************************************************
|
||
;*
|
||
;* Sentinel License Manager configuration file
|
||
;*
|
||
;*************************************************************************
|
||
[SERVER]
|
||
adminusername = admin
|
||
adminpassword = WYdBWQdWRJOr278f4lNPsA==:fA10BqULFHclRiz6qnryXw==:100000
|
||
certificate =
|
||
privatekey =
|
||
identity_storage_encrypt = no
|
||
pagerefresh = 3
|
||
linesperpage = 12
|
||
accremote = 1
|
||
adminremote = 1
|
||
enablehaspc2v = 0
|
||
old_files_delete_days = 90
|
||
enabledetach = 0
|
||
enableautodetach = 0
|
||
autodetachhours = 2
|
||
reservedseats = 0
|
||
reservedpercent = 0
|
||
detachmaxdays = 14
|
||
commuter_delete_days = 7
|
||
disable_um = 0
|
||
idle_session_timeout_mins = 720
|
||
requestlog = 0
|
||
loglocal = 0
|
||
logremote = 0
|
||
logadmin = 0
|
||
errorlog = 1
|
||
rotatelogs = 0
|
||
access_log_maxsize = 0
|
||
error_log_maxsize = 0
|
||
zip_logs_days = 0
|
||
delete_logs_days = 0
|
||
pidfile = 0
|
||
passacc = 0
|
||
accessfromremote = anyone
|
||
accesstoremote = 1
|
||
bind_local_only = 0
|
||
id_public_addr =
|
||
proxy = 0
|
||
proxy_host =
|
||
proxy_port = 8080
|
||
proxy_username =
|
||
proxy_password =
|
||
[REMOTE]
|
||
broadcastsearch = 1
|
||
serversearchinterval = 30
|
||
[ACCESS]
|
||
[USERS]
|
||
[VENDORS]
|
||
[EMS]
|
||
[TRUST]
|
||
[LOGPARAMETERS]
|
||
text = {timestamp} {clientaddr}:{clientport} {clientid} {method} {url} {function}({functionparams}) result
|
||
({statuscode}) {newline}
|
||
[root@pcap-kvm-nz001 ~]#
|
||
{code}
|
||
10.10.20.159 ACC的配置
|
||
{code:java}
|
||
[root@msh-kvm-nz001 ~]# cat /etc/hasplm/hasplm.ini
|
||
;*************************************************************************
|
||
;;*
|
||
;;* Sentinel License Manager configuration file
|
||
;;*
|
||
;;*************************************************************************
|
||
[SERVER]
|
||
adminusername = admin
|
||
adminpassword = WYdBWQdWRJOr278f4lNPsA==:fA10BqULFHclRiz6qnryXw==:100000
|
||
certificate =
|
||
privatekey =
|
||
identity_storage_encrypt = no
|
||
pagerefresh = 3
|
||
linesperpage = 12
|
||
accremote = 1
|
||
adminremote = 1
|
||
enablehaspc2v = 0
|
||
old_files_delete_days = 90
|
||
enabledetach = 0
|
||
enableautodetach = 0
|
||
autodetachhours = 2
|
||
reservedseats = 0
|
||
reservedpercent = 0
|
||
detachmaxdays = 14
|
||
commuter_delete_days = 7
|
||
disable_um = 0
|
||
idle_session_timeout_mins = 720
|
||
requestlog = 0
|
||
loglocal = 0
|
||
logremote = 0
|
||
logadmin = 0
|
||
errorlog = 1
|
||
rotatelogs = 0
|
||
access_log_maxsize = 0
|
||
error_log_maxsize = 0
|
||
zip_logs_days = 0
|
||
delete_logs_days = 0
|
||
pidfile = 0
|
||
passacc = 0
|
||
accessfromremote = anyone
|
||
accesstoremote = 1
|
||
bind_local_only = 0
|
||
id_public_addr =
|
||
proxy = 0
|
||
proxy_host =
|
||
proxy_port = 8080
|
||
proxy_username =
|
||
proxy_password =
|
||
[REMOTE]
|
||
broadcastsearch = 1
|
||
serversearchinterval = 30
|
||
[ACCESS]
|
||
[USERS]
|
||
[VENDORS]
|
||
[EMS]
|
||
[TRUST]
|
||
[LOGPARAMETERS]
|
||
text = {timestamp} {clientaddr}:{clientport} {clientid} {method} {url} {function}({functionparams}) result
|
||
({statuscode}) {newline}
|
||
[root@msh-kvm-nz001 ~]#
|
||
{code}
|
||
|
||
|
||
|
||
---
|
||
|
||
**luwenpeng** commented on *2023-10-24T17:29:53.316+0800*:
|
||
|
||
*工作原理*
|
||
|
||
TSG-OS用于检测授权的hasp_monitor的工作原理如下
|
||
# 调用LDK的API执行login获取授权信息
|
||
# 调用LDK的API执行{{{}encrypt和{}}}{{{}decrypt操作,如果返回异常则执行logout然后执行第1步{}}}
|
||
# {{执行sleep 30分钟}}
|
||
# {{循环执行第2步和第3步}}
|
||
|
||
*直接原因*
|
||
|
||
现场部署环境的配置与研发测试环境的配置不同导致。
|
||
* 研发测试环境的[idle_session_timeout_mins为10分钟|https://docs.geedge.net/pages/viewpage.action?pageId=104765516], ACC版本为aksusbd-8.31-1.x86_64.rpm
|
||
* 现场部署环境的idle_session_timeout_mins为720分钟,ACC版本为aksusbd-9.13-1.x86_64.rpm
|
||
|
||
当idle_session_timeout_mins为10分钟时
|
||
* 当hasp_monitor执行sleep 30分钟时就会触发ACC的idle timeout造成hasp_monitor的session被淘汰。
|
||
* hasp_monitor再次执行{{{}encrypt/{}}}{{{}decrypt{}}}操作时会返回异常,然后重新login获取新的授权信息。
|
||
|
||
当idle_session_timeout_mins为720分钟时
|
||
* 当hasp_monitor执行sleep 30分钟时不就会触发ACC的session timeout
|
||
* 即使授权过期了hasp_monitor获取的session仍然有效,仍然可以正常执行{{{}encrypt/{}}}{{{}decrypt操作{}}}
|
||
|
||
*根本原因*
|
||
|
||
对于授权过期后仍然可以正常执行{{{}encrypt/{}}}{{{}decrypt操作这种现象,厂商给出的建议如下:{}}}
|
||
* 建议一:定期执行login/logout重新获取新的授权信息(当idle_session_timeout_mins为10时执行的流程)
|
||
* 建议二:更新login的API使用hasp_login_scope指定die_at_expiration=1参数,当授权过期后执行{{{}encrypt和{}}}{{{}decrypt操作时返回异常{}}}
|
||
|
||
|
||
|
||
{*}临时解决方案:{*}使用厂商的建议一
|
||
* 将现场ACC的idle_session_timeout_mins从720分钟调整到10分钟
|
||
* 重启ACC或者disconnect现有的session以使配置生效
|
||
|
||
{*}最终解决方案:{*}使用厂商的建议一和建议二
|
||
* 将现场ACC的idle_session_timeout_mins从720分钟调整到30分钟
|
||
* 更新hasp_monitor使用支持die_at_expiration=1参数的API
|
||
* 将hasp_monitor的探测间隔设置从30分钟调整为15分钟,当共享内存中的授权信息超过为15*2分钟未更新Firewall就退出
|
||
|
||
|
||
|
||
*更新时钟*
|
||
|
||
对于系统时钟不对的问题,建议按照以下流程执行更新:
|
||
# 更新宿主机的时钟
|
||
# 更新虚拟机的时钟
|
||
# 重启ACC: systemctl restart hasplmd
|
||
# 更新V2C授权
|
||
|
||
Under certain circumstances, you may want to re-enable a blocked application by changing the V‑Clock time. This can be accomplished by receiving a C2V file for the protection key from the customer and then returning a V2C file that provides an update to the V‑Clock time.
|
||
|
||
*NOTE* Before applying a V2C file to reset the V-Clock using the system clock, the user should ensure that the system clock is set to the current date and time.
|
||
|
||
|
||
厂商文档显示:在系统时间设置正确的前提下,只有在再次更新V2C授权时才会更新硬锁的V-Clock
|
||
|
||
|
||
|
||
*更新授权注意事项*
|
||
|
||
建议更新授权{color:#FF0000}前/后{color}分别采集以下信息
|
||
# ACC->Features->Restrictions的值是否显示Expire
|
||
# ACC->Sessions页面中各Session信息
|
||
# hasp_monitor的日志
|
||
|
||
特别注意:更新授权后查看ACC->Sessions页面中各Session的Login Time确保所有OS的hasp_monitor重新login成功(通过需要30分钟)
|
||
|
||
|
||
|
||
---
|
||
|
||
**luwenpeng** commented on *2023-10-25T15:09:33.677+0800*:
|
||
|
||
推荐的ACC配置文件[^hasplm.ini]
|
||
# 关闭ACC的broadcastsearch,ACC上只显示当前设备上硬锁的信息,不显示局域网内其他硬锁的信息
|
||
# 调整日志的格式
|
||
# *将idle_session_timeout_mins从720分钟调整为10分钟*
|
||
# 调整日志配置项目
|
||
** 将日志文件保存时间从90天改为30天
|
||
** 开启requestlog/loglocal/logremote记录OS获取授权的状态
|
||
** 开启rotatelogs/zip_logs_days,并将access_log_maxsize/error_log_maxsize调整到64000bytes
|
||
** 开启访问日志后,评估产生的日志量
|
||
*** 授权有效时:OS至多每15分钟/30分钟访问一次
|
||
*** 授权过期时:OS每秒请求一次授权信息,每条授权信息在日志中占有173字节,假设授权到期后30天内都没有授权,则36台OS请求产生的日志量为16G
|
||
{panel:title=在不考虑日志压缩的情况下,需要部署 ACC 的机器有 16G 的磁盘空间可以记录日志}
|
||
173 * 36 * 3600 * 24 * 30 / 1000 / 1000 / 1000 = 16G
|
||
{panel}
|
||
|
||
!image-2023-10-25-14-48-28-797.png!
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2023-10-28T21:29:21.349+0800*:
|
||
|
||
[卢文朋|https://git.mesalab.cn/luwenpeng] mentioned this issue in [a commit|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/commit/1e7f7a967c608f8531e424afa972a4a439b79478] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-hasp-tools|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-hasp-tools]:{quote}bugfix: OMPUB-1041 基于HL Seats方式授权的OS过期时没有停止服务{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2023-10-28T21:32:01.294+0800*:
|
||
|
||
[卢文朋|https://git.mesalab.cn/luwenpeng] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/1871] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-hasp-tools|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-hasp-tools]:{quote}bugfix: OMPUB-1041 基于HL Seats方式授权的OS过期时没有停止服务{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**luwenpeng** commented on *2023-10-30T18:44:38.123+0800*:
|
||
|
||
更新到现场的配置文件[^P19-hasplm.ini]
|
||
|
||
|
||
|
||
---
|
||
|
||
|
||
|
||
## Attachments
|
||
|
||
**46332/hasplm.ini**
|
||
|
||
---
|
||
|
||
**46246/image-2023-10-22-16-39-38-822.png**
|
||
|
||
---
|
||
|
||
**46247/image-2023-10-22-16-40-32-378.png**
|
||
|
||
---
|
||
|
||
**46331/image-2023-10-25-14-48-28-797.png**
|
||
|
||
---
|
||
|
||
**46547/P19-hasplm.ini**
|
||
|
||
---
|
||
|