Open selfscrum opened 2 years ago
Hey @selfscrum
Thanks for bringing this to our attention. Looks like this might be related to https://github.com/hashicorp/consul/issues/13793 .
Hi @selfscrum,
I see how the error message here can be misleading. Meaning: it says "use tls.defaults.ca_file
", but when you do that, there's a validation error.
What is meant to be communicated is that each .
represents a nested scope. So the config should look something like...
tls = {
defaults = {
ca_file = "/etc/consul.d/consul-agent-ca.pem"
cert_file = "/etc/consul.d/dc1-server-consul-2.pem"
key_file = "/etc/consul.d/dc1-server-consul-2-key.pem"
verify_incoming = true
verify_outgoing = true
}
internal_rpc = {
verify_server_hostname = true
}
}
Do you have any suggestions on what we could do differently in consul validate
or the docs to help others avoid this confusion? Thanks for your help!
Hi thanks, that's good to know. I actually created an HCL config, not a JSON one. How would that nested hierarchy be represented? I know from other systems that the nested structure is flattend as I did erronously.
I think a brief description of JSON vs HCL in the documentation and how to read both side-by-side would be sufficient. Then you could just refer back to the doc details in the executable.
So, for me the only question is now how should I map this properly in HCL? Thanks :)
Flattening was a very reasonable assumption to make!
I think the config snippet above should work for HCL (though there's a small chance I made a mistake - best to run it through consul validate
!)
You already have a working example for "acl.enabled
" in your config file, for example. It uses that same pattern:
acl = {
enabled = true
}
but then tls.defaults.ca_file
should have worked?
ah no ok got it. you mean I do nested blocks as well
Overview of the Issue
Validation recommends to not use deprecated field names but fails when using the proposed ones.
Reproduction Steps
I used this config in
/etc/consul.d/consul.hcl
: In first call without the tls... qualification then with them in call 2.Consul info for both Client and Server
Consul v1.12.3 Revision 2308c75e
Operating system and Environment details
Ubuntu 20.04