search

hashicorp / consul

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
https://www.consul.io
Other
28.41k stars 4.43k forks source link

Consul KV PUT is not working in cross datacenter setup #11953

Open venkatnpedada opened 2 years ago

venkatnpedada commented 2 years ago

Consul KV put is not working in cross datacenter setup

When I tried to put a KV from the datacenter A consul-client to datacenter B consul cluster, Im seeing below permission error. But I have given enough permissions for all the datacenter consul clusters

Reproduction Steps

Steps to reproduce this issue, eg:

gave below permission in both datacenter A and datacenter B consul clusters

agent_prefix "" {
  policy = "read"
}
node_prefix "" {
  policy = "read"
}
service_prefix "" {
  policy = "read"
}
query_prefix "" {
  policy = "read"
}
key_prefix "test_path/" {
  policy = "write"
}

Below is the error I got when i tried to put a KV from the datacenter A consul-client to datacenter B consul cluster,

+ consul kv put -datacenter=datacenterB  "test_path/test_key" "test_value"
Error! Failed writing data: Unexpected response code: 403 (rpc error making call: rpc error making call: ACL not found)
Amier3 commented 2 years ago

Hey @venkatnpedada

Do you have ACL enabled? If so you need to create an ACL policy and associated ACL token in the cli to match your key_prefix.

I'll linked a detailed answer here from one of our engineers that outlines those steps, and a tutorial we have on ACL setup that might be helpful to look at

garry-t commented 9 months ago

have same issue, I set new kv in dc A, but this key is absent in dc B. ACL enabled and service has permissions to write.