From 716e792baca83b68e9eda04dd708cb6765104c11 Mon Sep 17 00:00:00 2001 From: Petri-Johan Last Date: Tue, 13 Jun 2023 14:31:32 +0200 Subject: [PATCH] Add documentation for new license verification (#53300) --- doc/admin/licensing/index.md | 29 +++++++++++++++++++ doc/admin/pings.md | 5 +++- .../adding_ping_data.md | 2 +- doc/sidebar.md | 1 + 4 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 doc/admin/licensing/index.md diff --git a/doc/admin/licensing/index.md b/doc/admin/licensing/index.md new file mode 100644 index 00000000000..76b03fc399f --- /dev/null +++ b/doc/admin/licensing/index.md @@ -0,0 +1,29 @@ +# Licensing + +[Sourcegraph Enterprise](../../getting-started/oss-enterprise.md) requires a valid license key to enable many Enterprise-specific features. + +Sourcegraph will periodically perform a license validation check by contacting sourcegraph.com. This check sends no information other than a unique site ID and information about the configured Sourcegraph license. This check is mandatory, and if the check fails, or if the check does not occur, Sourcegraph will disable all Enterprise features until a successful license check is completed. + +Sourcegraph 5.1+ + +If Sourcegraph needs to operate in an air-gapped environment without an external internet connection, contact customer support for a special license key. + +License keys also need to be unique to a single instance of Sourcegraph. If the same license key is used across multiple instances, subsequent license checks will fail. If multiple license keys are required for dev/staging instances, contact customer support for additional license keys for these instances. + +## Upgrading to Sourcegraph 5.1 + +When upgrading to Sourcegraph 5.1 while using the same license key on multiple instances (e.g. dev and prod), the first instance to be upgraded will claim the license key. + +When the second instance is upgraded while using the same license key, license verification will fail for that instance. Please make sure to contact customer support and request a new license key, so that different Sourcegraph instances all have unique license keys. + +## FAQ + +### We have set up a new Sourcegraph instance by replicating an existing instance, how can we generate a new site ID to ensure the instances are unique? + +The site ID of a Sourcegraph instance can be updated by running the following SQL query against the database: + +```sql +UPDATE global_state SET site_id = gen_random_uuid(); +``` + +You will still require a unique license key for each site ID. diff --git a/doc/admin/pings.md b/doc/admin/pings.md index 3b963f36a8f..43b600f9cef 100644 --- a/doc/admin/pings.md +++ b/doc/admin/pings.md @@ -2,6 +2,8 @@ Sourcegraph periodically sends a ping to Sourcegraph.com to help our product and customer teams. It sends only the high-level data below. It never sends code, repository names, usernames, or any other specific data. To learn more, go to the **Site admin > Pings** page on your instance (the URL is `https://sourcegraph.example.com/site-admin/pings`) or, for users of the Sourcegraph app, see [Sourcegraph app telemetry](#sourcegraph-app-telemetry). +Sourcegraph will also periodically perform a license verification check, to verify the validity of the configured Sourcegraph license. Tampering with these checks, or preventing them from occuring, will cause Sourcegraph to disable many features until a successful check is completed. Certain Enterprise licenses can request to be exempt from these license verification checks. + ## Telemetry Sourcegraph aggregates usage and performance metrics for some product features in our enterprise deployments. No personal or specific information is ever included. @@ -221,11 +223,12 @@ The environment variable `TELEMETRY_HTTP_PROXY` can be set on the `sourcegraph-f ## Connections to Sourcegraph.com -Sourcegraph only connects to Sourcegraph.com for two purposes: +Sourcegraph only connects to Sourcegraph.com for three purposes: 1. The pings described above are sent, in order to: - Check for new product updates. - Send [anonymous, non-specific, aggregate metrics](#pings) back to Sourcegraph.com (see the full list above). +1. [Verify](./licensing/index.md) the validity of the configured Sourcegraph license. 1. Legacy Sourcegraph extensions are fetched from Sourcegraph.com`s extension registry. There are no other automatic external connections to Sourcegraph.com (or any other site on the internet). diff --git a/doc/dev/background-information/adding_ping_data.md b/doc/dev/background-information/adding_ping_data.md index 5bb83e829fe..94bdb2d3d53 100644 --- a/doc/dev/background-information/adding_ping_data.md +++ b/doc/dev/background-information/adding_ping_data.md @@ -4,7 +4,7 @@ This page outlines the process for adding or changing the data collected from So ## Ping philosophy -Pings are the only data Sourcegraph receives from installations. Our users and customers trust us with their most sensitive data. We must preserve and build this trust through only careful additions and changes to pings. +Pings, alongside [license verification checks](../../admin/licensing/index.md), are the only data Sourcegraph receives from installations. Our users and customers trust us with their most sensitive data. We must preserve and build this trust through only careful additions and changes to pings. All ping data must be: diff --git a/doc/sidebar.md b/doc/sidebar.md index 219bf2a0938..0dee0385464 100644 --- a/doc/sidebar.md +++ b/doc/sidebar.md @@ -59,6 +59,7 @@ Keep it as a single list with at most 2 levels. (Anything else may not render co - [Deploy](admin/deploy/index.md) - [Upgrade](admin/updates/index.md) - [Configuration](admin/config/index.md) + - [Licensing](admin/licensing/index.md) - [Code hosts](admin/external_service/index.md) - [User authentication](admin/auth/index.md) - [Access control](admin/access_control/index.md)