docs: Update Boundary licensing information #5999
Conversation
| When the Boundary license expires, the controller performs a graceful shutdown. | ||
| Ongoing sessions continue to run, but you will not be able to create any new sessions. | ||
|
|
||
| Prior to the expiration date, Boundary logs 5 warnings to the event stream at the following intervals: |
There was a problem hiding this comment.
Are you able to provide an example of what that log looks like? That would be helpful for users to configure alerting on this, just in case.
There was a problem hiding this comment.
Thanks for the suggestion! I added an example from the log and some additional verbiage to help with alerts.
| ## License expiration | ||
|
|
||
| When the Boundary license expires, the controller performs a graceful shutdown. | ||
| Ongoing sessions continue to run, but you cannot create any new sessions. |
There was a problem hiding this comment.
Is this true? I haven't tested this part, but I think graceful shutdown means that it will wait for ongoing HTTP requests to return, not existing Boundary sessions. It will also probably only wait 5 seconds or so before actually shutting down. I also expect that after the controller has been down for 15 seconds, the workers will start terminating sessions. I think we'll want to verify this behavior.
There was a problem hiding this comment.
Thank you for reviewing this, Johan! I got this info from Aman, but I may have misunderstood our conversation and assumed it was sessions vs HTTP requests. I don't think he tested it either tho.
| | Warning | Interval | | ||
| |---------| ---------------------------------- | | ||
| | First | 30 days before license expiration | | ||
| | Second | 7 days before license expiration | | ||
| | Third | 24 hours before license expiration | | ||
| | Fourth | 1 hour before license expiration | | ||
| | Fifth | 1 minute before license expiration | |
There was a problem hiding this comment.
Note that this depends on the length of the license issued, I think this is probably based on a yearly license?
There was a problem hiding this comment.
I can add some text to explain that.
| "time_left_seconds": 83 | ||
| } | ||
| }, | ||
| "datacontentype": "text/plain", | ||
| "time": "2025-09-08T11:13:10.216888454-07:00" | ||
| } | ||
| { | ||
| "id": "ymFHcb1H1Z", | ||
| "source": "https://hashicorp.com/boundary/nixos/controller+worker", | ||
| "specversion": "1.0", | ||
| "type": "system", | ||
| "data": { | ||
| "version": "v0.1", | ||
| "op": "licensing.StartWatching", | ||
| "data": { | ||
| "expiration_time": "2025-09-08T11:14:33-07:00", | ||
| "msg": "licensing warning", | ||
| "time_left_seconds": 30 |
There was a problem hiding this comment.
We could massage these numbers a bit to make it look a bit more realistic (e.g., adjust the timestamp, set the time_left_second to something much bigger, set it to 60 in the last warning message).
|
|
||
| </CodeBlockConfig> | ||
|
|
||
| When there is 1 minute left before license expiration, Boundary provides the following message as an error: |
There was a problem hiding this comment.
I think the message above is the 1 minute message (it says 30 seconds in my example). The message below is printed immediately upon license expiration.
| ==> Boundary dev environment self-terminating | ||
| ==> Health is enabled, waiting 0s before shutdown | ||
| ==> Boundary dev environment graceful shutdown triggered, interrupt again to enter shutdown |
There was a problem hiding this comment.
These logs mention boundary dev, I don't know what it looks like when using boundary server (for controllers or workers). Let me know if you want a log from a more realistic environment, or if you just want to remove these logs (I think either is fine).
There was a problem hiding this comment.
Ahh... good catch, thank you. If you are able to get a log from a more realistic environment, I think it would be a helpful addition. I can work on cleaning up the parts you mentioned in the comments above.
| </CodeBlockConfig> | ||
|
|
||
| To update your license key, refer to the steps in [Enable Boundary Enterprise](#enable-boundary-enterprise). | ||
| There is no downtime associated with updating an expired license key. |
There was a problem hiding this comment.
Is this true? I would think the controller would need to be restarted if an environment variable is used, or the config would need to be SIGHUPed if a new license is added to the config file.
There was a problem hiding this comment.
That makes sense. This also came from the conversation with Aman, and I may have misunderstood. Robin might have an environment where I can test this (something he's working on for HashiConf). I will check with him to see if we can verify this.
Co-authored-by: Johan Brandhorst-Satzkorn <[email protected]>
4 participants
Description
Per SPE-1197, a customer had some questions about what happens when the Boundary Enterprise license expires. These included:
These scenarios were documented in the Vault docs, and the customer expected to find the information in the Boundary docs too.
This PR updates the Boundary Enterprise licensing documentation with more information about what happens in the scenarios listed above.
View the preview deployment
PCI review checklist
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.