ACL not getting enabled in consul

2018-07-01 17:49:31

I have setup consul on a single instance. The web-ui is running perfectly but the ACL are not enabled. Previously I was not having any config file but now I have created a config.json file in /etc/consul.d/bootstrap/ with the following content.

{
    "bootstrap": true,
    "server": true,
    "datacenter": "dc1",
    "acl_datacenter": "dc1",
    "data_dir": "/var/consul",
    "encrypt": "consul keygen output",
    "ca_file": "/etc/consul.d/ssl/ca.cert",
    "cert_file": "/etc/consul.d/ssl/consul.cert",
    "key_file": "/etc/consul.d/ssl/consul.key",
    "verify_incoming": true,
    "verify_outgoing": true,
    "log_level": "INFO",
    "enable_syslog": true
}

Than I ran the following command

consul agent -server -bootstrap -data-dir /tmp/consul -ui-dir /home/ubuntu/dist/ -client=XXXX

where XXXX is the private ip of my instance

But the ACL are not getting enabled.

/etc/consul.d/server/config.json

{
    "bootstrap": false,
    "server": false,
    "log_level": "DEBUG",
    "enable_syslog": true,
    "datacenter": "dc1",
    "data_dir": "/var/consul",
    "ui_dir": "/home/ubuntu/dist",
    "acl_datacenter": "dc1"
    "encrypt": "SECRET"
}

/etc/consul.d/server/config.json

{
    "bootstrap": false,
    "server": true,
    "log_level": "DEBUG",
    "enable_syslog": true,
    "datacenter": "dc1",
    "data_dir": "/var/consul",
    "acl_datacenter": "dc1",
    "acl_default_policy": "allow",
    "encrypt": "SECRET"
}

Working config file

{
    "bootstrap": true,
    "server": true,
    "log_level": "DEBUG",
    "enable_syslog": true,
    "datacenter": "dc1",
    "addresses" : {
      "http": "X.X.X.X"
    },
    "bind_addr": "X.X.X.X",
    "node_name": "X.X.X.X",
    "data_dir": "/tmp/consul",
    "ui_dir": "~/dist",
    "acl_datacenter": "dc1",
    "acl_master_token": "secret",
    "encrypt": "secret"
}

Now run the following command

consul agent -config-dir ~/server -ui-dir ~/dist -bootstrap true -client=X.X.X.X

You are missing the master token in your configuration. If you add this,

"acl_master_token": "secret" , and use the same token in your UI, you should be able to use the ACL.

Note: If you are using a single node instance, do not set the acl_token property same as your master token. This would mean anyone with access to the UI would have access to the master token , essentially bypassing all your ACL rules. This property should only be set only on server nodes.

After getting it running well, I created a screencast to demonstrate how to setup consul on a single server. Here is the link

链接地址: http://www.djcxy.com/p/88506.html

上一篇: 将项目导入到Subversion中

下一篇: ACL未在领事中启用