CN113761481A

Movatterモバイル変換

Info

Publication number: CN113761481A
Application number: CN202110481566.0A
Authority: CN
Inventors: 姬晓光; 冯凯; 余智华; 丁宇乐; 卢志尧; 汪震
Original assignee: Golaxy Data Technology Co ltd
Current assignee: Golaxy Data Technology Co ltd
Priority date: 2021-04-30
Filing date: 2021-04-30
Publication date: 2021-12-07

Abstract

The invention discloses a software authorization authentication method based on a container cloud, which comprises the following steps: s1, storing the authorization rule information of the software in a structure body, and serializing the authorization rule information into a binary file; s2, encrypting the binary file generated in the step S1 into a license file by using a key; s3, loading the license file to the container cloud platform in a configuration mapping mode S4, and matching the license certificate file with the related network card mac address. Has the advantages that: in a container cloud cluster environment, license is loaded through a configmap, server information is collected and license is distributed through an operator, and the operations of acquiring the mac address of a physical server and distributing the license one by one are reduced, so that the efficiency is improved.

Description

Software authorization authentication method based on container cloud

Technical Field

The invention relates to the field of cloud computing and container cloud, in particular to a software authorization authentication method based on the container cloud.

Background

Currently, the license authorization authentication mode of a common software product is generally as follows:

extracting physical characteristics (usually information such as a network card mac address, a hard disk serial number and the like) of the server → adding authorization information (such as the number of permitted cpus, the number of permitted memories, the service life of software and the like) to form authorization information → using an asymmetric encryption mode, encrypting the authorization information through a public key to generate a license electronic certificate file → distributing the license electronic certificate file to a user side, and storing the license file on the server by the user for reading of a software product.

However, the license authorization method is not suitable for the container cloud scenario for the following reasons:

1. the cloud computing scene is generally a server cluster environment, and dozens of servers and dozens of application docker containers exist. The license certificate file is inconvenient to copy and verify in a traditional mode.

2. In a container cloud scenario, the program runs inside a docker container. For a docker container, physical fingerprint information such as a mac address cannot be extracted (in fact, physical information can be obtained by adding a privilege authority to the docker container, but this may cause the docker container to have an authority to directly operate a device of a host, and a certain potential safety hazard may exist).

3. On the container cloud platform, the docker where the application software is located is likely to be dispatched to any physical server, and the difficulty of producing the license is increased.

An effective solution to the problems in the related art has not been proposed yet.

Disclosure of Invention

The invention aims to provide a software authorization authentication method based on a container cloud, which is used for authenticating servers in a cluster under a distributed cluster environment, and efficiently and conveniently distributing and authenticating license so as to solve the problems in the background technology.

In order to achieve the purpose, the invention provides the following technical scheme:

a software authorization authentication method based on a container cloud comprises the following steps:

s1, storing the authorization rule information of the software in a structure body, and serializing the authorization rule information into a binary file;

s2, encrypting the binary file generated in the step S1 into a license file by using a key;

s3, loading license files to the container cloud platform in a configuration mapping mode

And S4, matching the license certificate file with the corresponding network card mac address.

Further, the authorization rule of the software in step S1 includes: license validation date, the number of authorized nodes, the number of cpus, the number of memories and a mac address list.

Further, the step S4 of matching the license certificate file with the mac address of the associated network card specifically includes the following steps:

s41, loading a license certificate file in a configuration mapping mode;

s42, distributing the certificate to each pod after the certificate is acquired by the operator;

and S43, each pod acquires the pci information of the host machine through system call and matches the pci information with the mac address of the network card.

Compared with the prior art, the invention has the following beneficial effects:

(1) in the container cloud cluster environment, license is loaded through the configmap, server information is collected through the operator, the license is distributed, and the operations of acquiring the mac address of the physical server and distributing the license one by one are reduced, so that the efficiency is improved.

(2) The license verification method capable of verifying the mac address of the external host machine in the docker is provided, so that potential safety hazards are reduced.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.

Fig. 1 is a flowchart of a container cloud-based software authorization authentication method according to an embodiment of the present invention.

Detailed Description

The invention is further described with reference to the following drawings and detailed description:

referring to fig. 1, a software authorization authentication method based on a container cloud according to an embodiment of the present invention includes the following steps:

step S1, storing the license effective date, the number of authorized nodes, the number of cpus, the number of memories, the mac address list and other information in a structural body, and serializing the information into a binary file;

step S2, encrypting the binary file generated in the last step into a license file by using a key;

step S3, loading the license file to the container cloud platform in a configuration mapping (configmap) mode;

and step S4, loading license certificate files in a configuration mapping mode, distributing the license files to each pod after the operator obtains the licenses, and obtaining the pci information of the host machine by each pod through system call to match with the network card mac address of the host machine.

In addition, in one embodiment, for the container cloud platform, a set of multi-node deployed kubernets container cloud platform is realized, specifically:

kubernets, K8s for short, is an abbreviation for 8 instead of 8 characters "ubernet". The Kubernetes is an open source and used for managing containerized applications on a plurality of hosts in a cloud platform, aims to make the application of the containerization simple and efficient to deploy (powerfull), and provides a mechanism for deploying, planning, updating and maintaining the applications.

In addition, in one embodiment, for the mac address of the container cloud platform, the mac address of the container cloud platform is collected by the operator, specifically:

in order to realize the monitoring function of the container cloud platform, the invention uses the operator to collect the mac address, the ip address, the cpu and the memory information of all host servers in all container cloud clusters.

In addition, in an embodiment, for the license, the license is generated through a private key, and a license file is generated by using the private key prepared in advance according to the acquired various information of the host machine and in combination with an authorization rule (license effective date, the number of authorized nodes, the number of cpus, the number of memories, a mac address list and the like) of software.

The electronic certificate file of the license is distributed by a configuration map (configmap). A configmap mechanism based on a Kubernetes platform can be used for automatically acquiring a license electronic certificate file, so that the complicated operation of manually copying the license certificate is omitted.

In addition, the operator program used by the invention is used for collecting hardware information of all host servers on the container cloud platform, and the hardware information comprises a cpu, a memory, a network card mac address and the like. And distributing the license information acquired through the configmap to each pod.

In order to achieve good resource isolation, software running on the container cloud is packaged in the inside of the docker container and isolated from the operating system of the host, so that the inside of the docker cannot directly acquire the mac address of the host in a system calling mode. The invention obtains the mac address of the network card by reading the pci bus information.

In summary, in the actual application, in the container cloud cluster environment, the license is loaded through the configmap, the server information is collected through the operator, and the license is distributed, so that the operations of acquiring the mac address of the physical server and distributing the license one by one are reduced, and the efficiency is improved. The license verification method capable of verifying the mac address of the external host machine in the docker is provided, so that potential safety hazards are reduced.

Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims

1. A software authorization authentication method based on a container cloud is characterized by comprising the following steps:

2. The software authorization authentication method based on the container cloud as claimed in claim 1, wherein the authorization rule of the software in step S1 includes: license validation date, the number of authorized nodes, the number of cpus, the number of memories and a mac address list.

3. The software authorization authentication method based on the container cloud according to claim 1, wherein the step S4 of matching the license certificate file with the mac address of the associated network card specifically includes the following steps:

s41, loading a license certificate file in a configuration mapping mode;