Menu
I have setup consul on a single instance. The web-ui is running perfectly but the ACL are not enabled. Previously I was not having any config file but now I have created a config.json file in /etc/consul.d/bootstrap/ with the following content.
{
"bootstrap": true,
"server": true,
"datacenter": "dc1",
"acl_datacenter": "dc1",
"data_dir": "/var/consul",
"encrypt": "consul keygen output",
"ca_file": "/etc/consul.d/ssl/ca.cert",
"cert_file": "/etc/consul.d/ssl/consul.cert",
"key_file": "/etc/consul.d/ssl/consul.key",
"verify_incoming": true,
"verify_outgoing": true,
"log_level": "INFO",
"enable_syslog": true
}
Than I ran the following command
consul agent -server -bootstrap -data-dir /tmp/consul -ui-dir /home/ubuntu/dist/ -client=X.X.X.X
where X.X.X.X is the private ip of my instance
But the ACL are not getting enabled.
/etc/consul.d/server/config.json
{
"bootstrap": false,
"server": false,
"log_level": "DEBUG",
"enable_syslog": true,
"datacenter": "dc1",
"data_dir": "/var/consul",
"ui_dir": "/home/ubuntu/dist",
"acl_datacenter": "dc1"
"encrypt": "SECRET"
}
/etc/consul.d/server/config.json
{
"bootstrap": false,
"server": true,
"log_level": "DEBUG",
"enable_syslog": true,
"datacenter": "dc1",
"data_dir": "/var/consul",
"acl_datacenter": "dc1",
"acl_default_policy": "allow",
"encrypt": "SECRET"
}
Working config file
{
"bootstrap": true,
"server": true,
"log_level": "DEBUG",
"enable_syslog": true,
"datacenter": "dc1",
"addresses" : {
"http": "X.X.X.X"
},
"bind_addr": "X.X.X.X",
"node_name": "X.X.X.X",
"data_dir": "/tmp/consul",
"ui_dir": "~/dist",
"acl_datacenter": "dc1",
"acl_master_token": "secret",
"encrypt": "secret"
}
Now run the following command
consul agent -config-dir ~/server -ui-dir ~/dist -bootstrap true -client=X.X.X.X
366
The easiest way to view initial health status is by visiting the Consul Web UI at http://localhost:8500/ui . Click through to a specific service such as the counting service. The status of the service on each node will be displayed.
Configure the Consul process Systemd uses documented reasonable defaults so only non-default values must be set in the configuration file. Create a Consul service file at /etc/systemd/system/consul. service . Add this configuration to the Consul service file.
You can view the output of Consul UI using the following command over any agent. The output would be as shown in the following screenshot. By default, you will observe the UI at http://localhost:8500/ui. The /ui part is same as the consul's HTTP API.
You are missing the master token in your configuration. If you add this,
"acl_master_token": "secret", and use the same token in your UI, you should be able to use the ACL.
Note: If you are using a single node instance, do not set the acl_token property same as your master token. This would mean anyone with access to the UI would have access to the master token, essentially bypassing all your ACL rules. This property should only be set only on server nodes.
After getting it running well, I created a screencast to demonstrate how to setup consul on a single server. Here is the link
52
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
