hashicorp / consul

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
https://www.consul.io
Other
28.37k stars 4.42k forks source link

ca_file is not correct in generated agent-server-tls.hcl file #15331

Open skyao opened 1 year ago

skyao commented 1 year ago

Overview of the Issue

I need to setup two clusters on one machine for test, so I need to change the default settings of CONSUL_CONFIG_DIR and CONSUL_DATA_DIR.

I followed the document to setup consul in linux:

https://developer.hashicorp.com/consul/tutorials/get-started-vms/virtual-machine-gs-deploy

Because I need to setup two clusters on one machine for test, so I changed the default settings from

export DATACENTER="dc1" \
export DOMAIN="consul" \
export CONSUL_DATA_DIR="/etc/consul/data" \
export CONSUL_CONFIG_DIR="/etc/consul/config" \

to

export DATACENTER="dc1" \
export DOMAIN="consul" \
export CONSUL_DATA_DIR="/home/sky/work/soft/consul/default/data" \
export CONSUL_CONFIG_DIR="/home/sky/work/soft/consul/default/config"

After I run ./generate_consul_server_config.sh and consul agent -node=consul -config-dir=${CONSUL_CONFIG_DIR} to start consul:

==> Error loading from /etc/consul/config/consul-agent-ca.pem: open /etc/consul/config/consul-agent-ca.pem: no such file or directory

After I checked the generated hcl files, I found that in agent-server-tls.hcl file:

## TLS Encryption (requires cert files to be present on the server nodes)
ca_file   = "/etc/consul/config/consul-agent-ca.pem"
cert_file = "/home/sky/work/soft/consul/default/config/dc1-server-consul-0.pem"
key_file  = "/home/sky/work/soft/consul/default/config/dc1-server-consul-0-key.pem"

ca_file is not set correctly to follow CONSUL_CONFIG_DIR.

Reproduction Steps

https://developer.hashicorp.com/consul/tutorials/get-started-vms/virtual-machine-gs-deploy

jkirschner-hashicorp commented 1 year ago

Hi @skyao ,

This appears to be your first post here - welcome to the Consul community!

I've filed a bug with the education team to look at fixing the issue with the ./generate_consul_server_config.sh script. It appears that line 112 in the script hard-codes /etc/consul/config instead of using the env var:

ca_file   = "/etc/consul/config/consul-agent-ca.pem"
cert_file = "${CONSUL_CONFIG_DIR}/${DATACENTER}-server-${DOMAIN}-0.pem"
key_file  = "${CONSUL_CONFIG_DIR}/${DATACENTER}-server-${DOMAIN}-0-key.pem"
im2nguyen commented 1 year ago

@danielehc can you look at this?

danielehc commented 1 year ago

Hi @skyao thanks for opening the issue. We modified the script on https://github.com/hashicorp-education/learn-consul-get-started-vms ans you should now be able to use also non default values for CONSUL_CONFIG_DIR.

Please let us know if you are still encountering the issue.