consul icon indicating copy to clipboard operation
consul copied to clipboard

Published 20 hours ago verified publisher icon sous-chefs

Support the new configuration format in Consul 1.4.0

Open Lasering opened this issue 5 years ago • 9 comments

https://www.consul.io/docs/agent/options.html#configuration-key-reference

Notably acl configurations no longer use smurf notation and are now inside their own object:

acl {
  down_policy = "deny"
  tokens {
    master = "a master token"
  }
}

acl_datacenter is now primary_datacenter

Lasering avatar Dec 18 '18 13:12 Lasering

Any estimations when this will be implemented?

ranschn avatar Dec 30 '18 13:12 ranschn

From what I can see the only changes to the configuration are the ones I mentioned. I just didn't list all the acl options.

Lasering avatar Jan 21 '19 16:01 Lasering

Will a PR help?

Lasering avatar Apr 09 '19 14:04 Lasering

I'll reiterate what I've said in the past, we should simply allow a free form JSON resource for the Consul configs.

You can already do that without waiting for the cookbook to be updated:

file ::File.join(node['consul']['service']['config_dir'], 'acl.json') do
  content(lazy {JSON.pretty_generate({'acl' => node[cookbook_name]['acl']['config']}, quirks_mode: true)})
  owner node['consul']['service_user'] if "grep #{node['consul']['service_user']} /etc/passwd"
  group node['consul']['service_group'] if "grep #{node['consul']['service_group']} /etc/group"
  action node[cookbook_name]['acl']['enabled'] ? :create : :delete
  notifies :reload, "consul_service[#{node['consul']['service_name']}]", :delayed
end

scalp42 avatar Apr 26 '19 00:04 scalp42

Closing as fixed. If this isn't the case please feel free to reopen and discuss more!

damacus avatar May 09 '19 20:05 damacus

@damacus I can't reopen. Although I can use the above code to fix it, I shouldn't have to: The idea of having a cookbook/recipe is to abstract the way a certain program is installed/managed. With the above approach I would have to include that snipped in all the services which will install the consul agent.

Lasering avatar Jul 01 '19 18:07 Lasering

Marking stale due to inactivity. Remove stale label or comment or this will be closed in 7 days. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help! Thanks, Sous-Chefs.

github-actions[bot] avatar Sep 30 '20 00:09 github-actions[bot]

I can make a PR it that helps

Lasering avatar Sep 30 '20 11:09 Lasering

Hello All, As I use Chef with Consul cookbook and didn't find any soft that can be capable to set Consul's new non-legacy ACL to some state, I wrote console app that does that - https://gitlab.com/zhemer/consul_acl Now recipe works fine with this helper)

$ ./consul_acl -f consul_acl.json -a vm-centos -t $t
Removed policy "policy-octopus"
Removed policy "policy-vault"
Created policy "pol-nginx"
Created policy "pol-vault"
Created policy "pol-octopus"
Created policy "pol-kube"
Updated role "role-octopus": Policies: 'policy-octopus' => 'pol-octopus'
Updated role "role1": Policies: 'policy-octopus,policy-vault' => 'pol-octopus,pol-vault'
Created role "role-nginx"
Removed token "505b8379-bc33-402c-8d0d-e026ac206da9"
Removed token "fbb42a97-42eb-44f0-b2de-0e3126c63cce"
Removed token "629e6ca8-971c-470b-badd-80babdd1a7df"
Created token {"nginx" ["pol-nginx"] [] "70422b37-4526-4513-87c4-04be72540dc0"}
Created token {"kube" ["pol-kube"] ["role1"] "a58ce363-646b-4a6b-bd93-26a038170619"}
Created token {"vault" ["pol-vault"] [] "f6774eb5-17df-45af-818b-4f7742defe69"}

zhemer avatar Jan 02 '21 19:01 zhemer