consul monitor error - agent: failed to sync remote state: rpc error: ACL not found
2,360 views
Skip to first unread message
hermes.p...@gmail.com
Aug 3, 2017, 11:05:48 AM8/3/17
to Consul
Hi,
I hope someone can help me. I want to know which ACL the "consul monitor" is trying to use. Cause my consul monitor command have a lot of this errors:
2017/08/03 14:51:58 [ERR] agent: Coordinate update error: rpc error: ACL not found
2017/08/03 14:52:15 [ERR] agent: Coordinate update error: rpc error: ACL not found
2017/08/03 14:52:15 [ERR] agent: failed to sync remote state: rpc error: ACL not found
2017/08/03 14:52:42 [ERR] agent: Coordinate update error: rpc error: ACL not found
2017/08/03 14:52:43 [ERR] agent: failed to sync remote state: rpc error: ACL not found
2017/08/03 14:53:04 [ERR] agent: Coordinate update error: rpc error: ACL not found
2017/08/03 14:53:06 [ERR] agent: failed to sync remote state: rpc error: ACL not found
2017/08/03 14:53:22 [ERR] agent: failed to sync remote state: rpc error: ACL not found
2017/08/03 14:53:31 [ERR] agent: Coordinate update error: rpc error: ACL not found
2017/08/03 14:53:48 [ERR] agent: failed to sync remote state: rpc error: ACL not found
2017/08/03 14:53:58 [ERR] agent: Coordinate update error: rpc error: ACL not found
2017/08/03 14:54:15 [ERR] agent: failed to sync remote state: rpc error: ACL not found
2017/08/03 14:54:15 [ERR] agent: Coordinate update error: rpc error: ACL not found
2017/08/03 14:54:31 [ERR] agent: Coordinate update error: rpc error: ACL not found
In my consul.confg I have a acl_token, but this token isn't working. How can I set a policy for this?
I was thinking that the default policy behavior should be enough.
Here is my configuration:
{
"ui": true,
"retry_join_ec2": {
"region": "us-east-1",
"tag_key": "consul-server",
"tag_value": "True"
},
"disable_remote_exec": true,
"domain": "consul.",
"data_dir": "/opt/consul/data",
"dns_config": {
"allow_stale": false,
"max_stale": "5s",
"node_ttl": "0s",
"service_ttl": {
"*": "0s"
},
"enable_truncate": false, "only_passing": false
},
"log_level": "INFO",
"enable_syslog": true,
"node_name": "server01",
"server": true,
"client_addr": "0.0.0.0",
"addresses" : {
"rpc": "127.0.0.1"
},
"bind_addr": "172.16.37.219",
"datacenter": "DC",
"bootstrap": true,
"ports": {
"dns": 8600,
"http": 8500,
"https": -1,
"rpc": 8400,
"serf_lan": 8301,
"serf_wan": 8302,
"server": 8300
},
"acl_enforce_version_8": false,
"acl_datacenter": "DC",
"acl_default_policy": "allow",
"acl_down_policy": "deny",
"acl_master_token": "12345c",
"acl_token": "54321c",
"acl_ttl": "300s",
"atlas_acl_token": "anonymous",
"http_api_response_headers": {
"Access-Control-Allow-Origin": "*"
},
"rejoin_after_leave": true,
"leave_on_terminate": false,
"disable_update_check": false
}
Best Regards,
James Phillips
Aug 3, 2017, 11:14:38 AM8/3/17
to consu...@googlegroups.com
Hi,
Those messages aren't related to consul monitor itself, they look like
they are from the agent trying to sync its information back to the
catalog. It seems like the "acl_token" you provided might not be
valid.
The required policy for that is explained in
https://www.consul.io/docs/guides/acl.html#create-an-agent-token.
Please take a look at https://www.consul.io/docs/guides/acl.html in
general as well, we've made a bunch of recent changes to this guide to
try to help explain the new ACL policies from version 0.8 and how to
set up the different agent tokens.
Hope that helps!
-- James
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/consul/issues
> IRC: #consul on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Consul" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to consul-tool...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/consul-tool/eef4c873-fcac-4c4c-a20a-c8ae175d2800%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Those messages aren't related to consul monitor itself, they look like
they are from the agent trying to sync its information back to the
catalog. It seems like the "acl_token" you provided might not be
valid.
The required policy for that is explained in
https://www.consul.io/docs/guides/acl.html#create-an-agent-token.
Please take a look at https://www.consul.io/docs/guides/acl.html in
general as well, we've made a bunch of recent changes to this guide to
try to help explain the new ACL policies from version 0.8 and how to
set up the different agent tokens.
Hope that helps!
-- James
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/consul/issues
> IRC: #consul on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Consul" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to consul-tool...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/consul-tool/eef4c873-fcac-4c4c-a20a-c8ae175d2800%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
hermes.p...@gmail.com
Aug 3, 2017, 1:29:04 PM8/3/17
to Consul
Thank you James! I'll look forward on it.
hermes.p...@gmail.com
Aug 3, 2017, 1:45:18 PM8/3/17
to Consul
Work, really well.
Tks!
---
#criar token para agents internos
curl -v \
--request PUT \
--header "X-Consul-Token: 12345c" \
--data \
'{
"Name": "Agent Token",
"Type": "client",
"Rules": "node \"\" { policy = \"write\" } service \"\" { policy = \"read\" }"
{"ID":"225576aa-2800-d492-97e9-b297695120a4"
add to /etc/consul.conf
"acl_agent_token": "225576aa-2800-d492-97e9-b297695120a4",
----
On Thursday, August 3, 2017 at 12:14:38 PM UTC-3, James Phillips wrote:
Reply all
Reply to author
Forward
0 new messages