Failed ACL bootstrapping
31 views
Skip to first unread message
Reth Kevin Bagares
Jul 4, 2019, 12:32:29 AM7/4/19
to Consul
Hi guys. I need some help hot to fixed this.
config.json
consul acl bootstrap
Failed ACL bootstrapping: Unexpected response code: 403 (Permission denied: ACL bootstrap no longer allowed (reset index: 14059))
config.json
"acl_datacenter": "dc1",
"acl_default_policy": "allow",
"acl_down_policy": "extend-cache",
consul acl bootstrap
Failed ACL bootstrapping: Unexpected response code: 403 (Permission denied: ACL bootstrap no longer allowed (reset index: 14059))
Robert Paprocki
Jul 4, 2019, 1:28:53 AM7/4/19
to consu...@googlegroups.com
There is a bootstrap reset procedure. The docs link to it: https://www.consul.io/docs/commands/acl/bootstrap.html
But the resource it directs to at https://learn.hashicorp.com/consul/security-networking/production-acls#ensure-the-acl-system-is-configured-properly does not mention this procedure (I recall seeing it when we adopted ACLs shortly after 1.4 was released).
Hopefully someone at hashicorp can fix up these docs as this is a pretty crucial step, and having these docs go missing is problematic.
Disclaimer: This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. https://fligno.com--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/consul/issues
Community chat: https://gitter.im/hashicorp-consul/Lobby
---
You received this message because you are subscribed to the Google Groups "Consul" group.
To unsubscribe from this group and stop receiving emails from it, send an email to consul-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/consul-tool/e102990b-9a2e-4df7-9a7a-fb53527a31cb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reth Kevin Bagares
Jul 4, 2019, 2:23:36 AM7/4/19
to consu...@googlegroups.com
Thank You Sir, It is working now. I upgraded the consul to latest version. consul_1.2.0 does not have "acl" option.
To view this discussion on the web visit https://groups.google.com/d/msgid/consul-tool/B7B46C13-FC63-4CE6-8D25-A187F31CEB50%40konghq.com.
For more options, visit https://groups.google.com/d/optout.
Reth Kevin Bagares
Jul 4, 2019, 2:24:40 AM7/4/19
to Consul
Matthew Keeler
Jul 4, 2019, 8:06:57 AM7/4/19
to consu...@googlegroups.com
In our ongoing website changes to move to the Learn platform the reset procedure links got broken. This will be fixed soon.
For now the procedure is to write the reset index the API gives you into a file named “acl-bootstrap-reset” within the Consul data directory and the try the bootstrap request again. This file needs to be written in the leader server as that is where it gets read from to validate that the request should be allowed.
Matt Keeler
Thank You Sir, It is working now. I upgraded the consul to latest version. consul_1.2.0 does not have "acl" option.
Disclaimer: This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. https://fligno.com--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/consul/issues
Community chat: https://gitter.im/hashicorp-consul/Lobby
---
You received this message because you are subscribed to the Google Groups "Consul" group.
To unsubscribe from this group and stop receiving emails from it, send an email to consul-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/consul-tool/30968b21-c4ac-44ea-9c8c-669a1149441a%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages