consul icon indicating copy to clipboard operation
consul copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Consul KV PUT is not working in cross datacenter setup

Open venkatnpedada opened this issue 3 years ago • 2 comments

Consul KV put is not working in cross datacenter setup

When I tried to put a KV from the datacenter A consul-client to datacenter B consul cluster, Im seeing below permission error. But I have given enough permissions for all the datacenter consul clusters

Reproduction Steps

Steps to reproduce this issue, eg:

gave below permission in both datacenter A and datacenter B consul clusters

agent_prefix "" {
  policy = "read"
}
node_prefix "" {
  policy = "read"
}
service_prefix "" {
  policy = "read"
}
query_prefix "" {
  policy = "read"
}
key_prefix "test_path/" {
  policy = "write"
}

Below is the error I got when i tried to put a KV from the datacenter A consul-client to datacenter B consul cluster,

+ consul kv put -datacenter=datacenterB  "test_path/test_key" "test_value"
Error! Failed writing data: Unexpected response code: 403 (rpc error making call: rpc error making call: ACL not found)

venkatnpedada avatar Jan 06 '22 06:01 venkatnpedada

Hey @venkatnpedada

Do you have ACL enabled? If so you need to create an ACL policy and associated ACL token in the cli to match your key_prefix.

I'll linked a detailed answer here from one of our engineers that outlines those steps, and a tutorial we have on ACL setup that might be helpful to look at

Amier3 avatar Jan 11 '22 20:01 Amier3

have same issue, I set new kv in dc A, but this key is absent in dc B. ACL enabled and service has permissions to write.

garry-t avatar Feb 01 '24 19:02 garry-t