问答博客资讯标签用户活动
logo极客观点logo项目管理logoHarmonyOS
开发者社区
javascript
前端
python
node.js
react
vue.js
php
laravel
go
人工智能
mysql
linux
ios
java
android
css
typescript
spring
程序员
logoONES 研发管理logo思否企业问答logo安谋科技 XPU

consul使用ACL的一个问题?

头像
ufdf
    6.7k93617709

    问题描述

    这个我的配置文件,acl_master_token已经设置了,应用我是跑在docker里的

    {
    "datacenter": "dc1",
    "data_dir": "/consul/data",
    "log_level": "INFO",
    "server": true,
    "bootstrap_expect": 3,
    "acl_datacenter": "dc1",
    "acl_master_token": "fe15af83-d36e-××××××××××××××××××××",
    "acl_token": "54321c",
    "acl_default_policy": "deny",
    "acl_down_policy": "extend-cache",
    "bind_addr": "192.168.1.15",
    "client_addr": "0.0.0.0",
    "retry_join": ["192.168.1.12"],
    "retry_interval": "3s",
    "raft_protocol": 3,
    "enable_debug": false,
    "rejoin_after_leave": true,
    "encrypt": "h+TjXojPyignafeO+dCeow==",
    "enable_syslog": false
}

    启动consul后发现,

    018/11/12 13:28:06 [ERR] agent: failed to sync remote state: ACL not found
consul_1_aa055051bff7 |     2018/11/12 13:28:07 [ERR] agent: Coordinate update error: ACL not found
consul_1_aa055051bff7 |     2018/11/12 13:28:24 [ERR] agent: Coordinate update error: ACL not found
consul_1_aa055051bff7 |     2018/11/12 13:28:34 [ERR] agent: failed to sync remote state: ACL not found
consul_1_aa055051bff7 |     2018/11/12 13:28:47 [ERR] agent: Coordinate update error: ACL not found

    似乎是ACL没有设置正确,但是acl_token我也配置了

    consul
    阅读 10.2k
    2 个回答
    得票最新
    头像
    ufdf
      6.7k93617709
      ✓ 已被采纳

      问题是这样解决的:
      Consul v1.3.1

      生成agent token

      上面对于第一个节点启动的时候会遇到

      2017/07/08 23:38:24 [WARN] agent: Node info update blocked by ACLs
2017/07/08 23:38:44 [WARN] agent: Coordinate update blocked by ACLs

      原因在于还未设置agent token,生成步骤如下:

      $ curl \
    --request PUT \
    --header "X-Consul-Token: your_master_token" \
    --data \
'{
  "Name": "Agent Token",
  "Type": "client",
  "Rules": "node \"\" { policy = \"write\" } service \"\" { policy = \"read\" }"
}' http://127.0.0.1:8500/v1/acl/create

{"ID":"fe3b8d40-0ee0-8783-6cc2-ab1aa9bb16c1"}

      然后加入配置文件,acl_agent_token填入上面生成的token

      {
  "acl_datacenter": "dc1",
  "acl_master_token": "your_master_token",
  "acl_default_policy": "deny",
  "acl_down_policy": "extend-cache",
  "acl_agent_token": "fe3b8d40-5645-8783-6cc2-66666"
}

      重启agent
      对于其他节点,可以不停机加入agent token

      $ curl \
    --request PUT \
    --header "X-Consul-Token: b1gs33cr3t" \
    --data \
'{
  "Token": "fe3b8d40-5645-8783-6cc2-66666"
}' http://127.0.0.1:8500/v1/agent/token/acl_agent_token

      详细说明

      头像
      frankie
        792613

        你试试配置一下acl_agent_master_token

        撰写回答
        你尚未登录,登录后可以
        • 和开发者交流问题的细节
        • 关注并接收问题和回答的更新提醒
        • 参与内容的编辑和改进,让解决方法与时俱进
        推荐问题