restrict license claim to specific node in airgapped enironment

[k0muc]

I am trying to use a relay for licenses in an airgapped container environment (Kubernetes / OKD). During operation, I encountered the following two issues:

1. Restricting License Claims in Air-Gapped Relay Environments Is it possible to restrict a license to a specific fingerprint at the license generation stage for use with keygen-relay? In air-gapped environments, the current "first node wins" behavior allows the first node that requests the license to automatically claim it. We need a mechanism to pre-validate or block the license claim based on a specific fingerprint before the first download occurs.
2. Support for Custom Fingerprint Definitions in Containerized Environments (OKD) If restricting fingerprints at the license level is not possible, can keygen-relay use a custom fingerprint definition instead of the default machine-id for node-locked licenses? Since the application runs in a containerized environment (OKD/Kubernetes), machine-id is not good idea. We need to provide a stable, user-defined fingerprint (e.g., via environment variables or startup parameters) that remains consistent across container restart

[ezekg]

If you know or can set the specific fingerprints beforehand, then it sounds like Relay isn't the solution you need. Instead, you should activate the known machines via the API and checkout a machine file directly for each of them for offline use.

Machine files are very much like license files, but they're locked to a specific machine fingerprint via encryption. They can include the license object inside of them, in addition to the machine object.

Relay is for the case where the fingerprints cannot be known beforehand.