cmayer68
commented
6 years ago this is a good idea. the license management code is pretty sketchy, doing the right thing most of the time, but not having any meaningful checking beyond file creation time. in particular, the code does not parse the license in any way.
1) Currently HA toolkit compares license.lic.$secondary on primary server and if the creation date is newer than the license on secondary then that file is copied from secondary to primary but as the secondary servers license file. Same goes with primary as well.
2) Issue happens when customer manually copies a license file to secondary and that is newer than the existing secondary license (license.lic.$secondary) on primary and a failover never happens (and hence license is not yet validated by controller). So the if the new license file on secondary is invalid it is carried over to primary server on running replicate and if customer replaces a correct license file on secondary but with an older creation date, because the older license is valid, HA toolkit copies invalid license from primary during next replicate because the creation date is new.
3) In addition to creation date we also need to check the MAC address and see if the license belongs to the host, else reject it.