Wrong condition for "No cluster leader"

For the script:

# Wait until leader has been elected and bootstrap consul ACLs
for i in {1..9}; do
    # capture stdout and stderr
    set +e
    sleep 5
    if ! OUTPUT=$(consul acl bootstrap 2>&1); then
        echo "$${i}: consul acl bootstrap: $${OUTPUT}"
        if [[ "$${OUTPUT}" = *"No cluster leader"* ]]; then
            echo "consul no cluster leader"
            continue
        else
            echo "consul already bootstrapped"
            exit 0
        fi

    fi
    set -e

    echo "$${OUTPUT}" | grep -i secretid | awk '{print $2}' > "$${CONSUL_BOOTSTRAP_TOKEN}"
    if [[ -s "$${CONSUL_BOOTSTRAP_TOKEN}" ]]; then
        echo "consul bootstrapped"
        break
    fi
done

Here is my /var/log/user-data.log:

ACL bootstrap begin
+ for i in {1..9}
+ set +e
+ sleep 5
++ consul acl bootstrap
+ OUTPUT='Failed ACL bootstrapping: Unexpected response code: 401 (ACL support disabled)'
+ echo '1: consul acl bootstrap: Failed ACL bootstrapping: Unexpected response code: 401 (ACL support disabled)
'
1: consul acl bootstrap: Failed ACL bootstrapping: Unexpected response code: 401 (ACL support disabled)
+ [[ Failed ACL bootstrapping: Unexpected response code: 401 (ACL support disabled) = *\N\o\ \c\l\u\s\t\e\r\ \l
\e\a\d\e\r* ]]
+ echo 'consul already bootstrapped'
consul already bootstrapped
+ exit 0

But when I SSH into this node and run consul acl bootstrap then the command completed without errors:

The relevant part of consul.hcl:

datacenter = "dc1"
acl {
    enabled = true
    default_policy = "deny"
    down_policy = "extend-cache"
}

The same script was working on 1.17.3 but not on 1.18.2.

-CONSULVERSION=1.17.3
+CONSULVERSION=1.18.2

Relevant logs

Notice: Node ID was changed. I am not sure why. ``` Jun 06 14:28:02 ip-172-31-9-168 systemd[1]: Starting "HashiCorp Consul - A service mesh solution"... Jun 06 14:28:16 ip-172-31-9-168 consul[372]: ==> Starting Consul agent... Jun 06 14:28:16 ip-172-31-9-168 consul[372]: Version: '1.18.2' Jun 06 14:28:16 ip-172-31-9-168 consul[372]: Build Date: '2024-05-16 19:10:00 +0000 UTC' Jun 06 14:28:16 ip-172-31-9-168 consul[372]: Node ID: '30448039-a65e-7f1b-15f1-868d306d00 21' Jun 06 14:28:16 ip-172-31-9-168 consul[372]: Node name: 'ip-172-31-9-168' Jun 06 14:28:16 ip-172-31-9-168 consul[372]: Datacenter: 'dc1' (Segment: '') Jun 06 14:28:16 ip-172-31-9-168 consul[372]: Server: false (Bootstrap: false) Jun 06 14:28:16 ip-172-31-9-168 consul[372]: Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: -1, gRPC-TLS: -1, DNS: 8600) Jun 06 14:28:16 ip-172-31-9-168 consul[372]: Cluster Addr: 172.31.9.168 (LAN: 8301, WAN: 8302) Jun 06 14:28:16 ip-172-31-9-168 consul[372]: Gossip Encryption: false Jun 06 14:28:16 ip-172-31-9-168 consul[372]: Auto-Encrypt-TLS: false Jun 06 14:28:16 ip-172-31-9-168 consul[372]: ACL Enabled: false Jun 06 14:28:16 ip-172-31-9-168 consul[372]: ACL Default Policy: allow Jun 06 14:28:16 ip-172-31-9-168 consul[372]: HTTPS TLS: Verify Incoming: false, Verify Outgoing: false, Min Version: TLSv1_2 Jun 06 14:28:16 ip-172-31-9-168 consul[372]: gRPC TLS: Verify Incoming: false, Min Version: TLSv1_2 Jun 06 14:28:16 ip-172-31-9-168 consul[372]: Internal RPC TLS: Verify Incoming: false, Verify Outgoing: false (Verify Hostname: false), Min Version: TLSv1_2 ... Jun 06 14:28:16 ip-172-31-9-168 consul[372]: 2024-06-06T14:28:16.781Z [INFO] agent.http: Registered res ource endpoint: endpoint=/api/hcp/v2/link Jun 06 14:28:16 ip-172-31-9-168 consul[372]: 2024-06-06T14:28:16.781Z [INFO] agent: Starting server: ad dress=127.0.0.1:8500 network=tcp protocol=http Jun 06 14:28:16 ip-172-31-9-168 consul[372]: 2024-06-06T14:28:16.784Z [INFO] agent: started state synce r Jun 06 14:28:16 ip-172-31-9-168 consul[372]: 2024-06-06T14:28:16.784Z [INFO] agent: Consul agent runnin g! Jun 06 14:28:16 ip-172-31-9-168 consul[372]: 2024-06-06T14:28:16.785Z [WARN] agent.router.manager: No s ervers available Jun 06 14:28:16 ip-172-31-9-168 consul[372]: 2024-06-06T14:28:16.785Z [ERROR] agent.anti_entropy: failed to sync remote state: error="No known Consul servers" Jun 06 14:28:19 ip-172-31-9-168 consul[372]: 2024-06-06T14:28:19.653Z [WARN] agent.router.manager: No s ervers available Jun 06 14:28:19 ip-172-31-9-168 consul[372]: 2024-06-06T14:28:19.653Z [WARN] agent: Syncing node info f ailed.: error="No known Consul servers" Jun 06 14:28:19 ip-172-31-9-168 consul[372]: 2024-06-06T14:28:19.653Z [ERROR] agent: failed to sync chan ges: error="No known Consul servers" Jun 06 14:28:19 ip-172-31-9-168 consul[372]: 2024-06-06T14:28:19.657Z [WARN] agent.router.manager: No s ervers available Jun 06 14:28:19 ip-172-31-9-168 consul[372]: 2024-06-06T14:28:19.658Z [WARN] agent: Syncing node info f ailed.: error="No known Consul servers" Jun 06 14:28:19 ip-172-31-9-168 consul[372]: 2024-06-06T14:28:19.658Z [ERROR] agent: failed to sync chan ges: error="No known Consul servers" ... Jun 06 14:29:28 ip-172-31-9-168 consul[372]: 2024-06-06T14:29:28.490Z [ERROR] agent.anti_entropy: failed to sync remote state: error="No known Consul servers" Jun 06 14:29:32 ip-172-31-9-168 systemd[1]: consul.service: start operation timed out. Terminating. Jun 06 14:29:32 ip-172-31-9-168 consul[372]: 2024-06-06T14:29:32.905Z [INFO] agent: Caught: signal=term inated Jun 06 14:29:32 ip-172-31-9-168 consul[372]: 2024-06-06T14:29:32.905Z [INFO] agent: Gracefully shutting down agent ... Jun 06 14:29:35 ip-172-31-9-168 consul[372]: 2024-06-06T14:29:35.947Z [INFO] agent.dns: Stopping server : protocol=DNS address=127.0.0.1:8600 network=tcp Jun 06 14:29:35 ip-172-31-9-168 consul[372]: 2024-06-06T14:29:35.947Z [INFO] agent.dns: Stopping server : protocol=DNS address=127.0.0.1:8600 network=udp Jun 06 14:29:35 ip-172-31-9-168 consul[372]: 2024-06-06T14:29:35.948Z [INFO] agent: Stopping server: ad dress=127.0.0.1:8500 network=tcp protocol=http Jun 06 14:29:35 ip-172-31-9-168 consul[372]: 2024-06-06T14:29:35.950Z [INFO] agent: Waiting for endpoin ts to shut down ... The above repeats couple of times, then ... Jun 06 14:31:10 ip-172-31-9-168 systemd[1]: consul.service: Scheduled restart job, restart counter is at 2. Jun 06 14:31:10 ip-172-31-9-168 systemd[1]: Stopped "HashiCorp Consul - A service mesh solution". Jun 06 14:31:10 ip-172-31-9-168 systemd[1]: Starting "HashiCorp Consul - A service mesh solution"... Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: skipping file /etc/consul.d/consul.env, extension mu st be .hcl or .json, or config format must be set Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: BootstrapExpect is set to 1; this is the same as Boo tstrap mode. Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: bootstrap = true: do not enable unless necessary Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.tlsutil: Update: version=1 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.tlsutil: OutgoingRPCWrapper: version=1 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.tlsutil: OutgoingALPNRPCWrapper: version=1 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: [core][Channel #1] Channel created Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: [core][Channel #1] original dial target is: "consul: //dc1.83f75e4d-5e09-1e4b-acc6-87c637078b74/server.dc1" Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: [core][Channel #1] parsed dial target is: {Scheme:co nsul Authority:dc1.83f75e4d-5e09-1e4b-acc6-87c637078b74 URL:{Scheme:consul Opaque: User: Host:dc1.83f75e 4d-5e09-1e4b-acc6-87c637078b74 Path:/server.dc1 RawPath: OmitHost:false ForceQuery:false RawQuery: Fragm ent: RawFragment:}} Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: [core][Channel #1] Channel authority set to "server. dc1" Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: [core][Channel #1] Resolver state updated: { "Addresses": null, "ServiceConfig": null, "Attributes": null } () Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: [core][Channel #1] Channel switches to new LB policy "consul-internal" Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.grpc.balancer: creating balancer: target=consul://dc1 .83f75e4d-5e09-1e4b-acc6-87c637078b74/server.dc1 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.grpc.balancer: switching server: target=consul://dc1. 83f75e4d-5e09-1e4b-acc6-87c637078b74/server.dc1 from= to= Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: [core][Channel #1] Channel Connectivity change to TR ANSIENT_FAILURE Jun 06 14:31:11 ip-172-31-9-168 consul[883]: ==> Starting Consul agent... Jun 06 14:31:11 ip-172-31-9-168 consul[883]: Version: '1.18.2' Jun 06 14:31:11 ip-172-31-9-168 consul[883]: Build Date: '2024-05-16 19:10:00 +0000 UTC' Jun 06 14:31:11 ip-172-31-9-168 consul[883]: Node ID: '83f75e4d-5e09-1e4b-acc6-87c637078b 74' Jun 06 14:31:11 ip-172-31-9-168 consul[883]: Node name: 'ip-172-31-9-168' Jun 06 14:31:11 ip-172-31-9-168 consul[883]: Datacenter: 'dc1' (Segment: '') Jun 06 14:31:11 ip-172-31-9-168 consul[883]: Server: true (Bootstrap: true) Jun 06 14:31:11 ip-172-31-9-168 consul[883]: Client Addr: [0.0.0.0] (HTTP: 8500, HTTPS: -1, g RPC: 8502, gRPC-TLS: 8503, DNS: 8600) Jun 06 14:31:11 ip-172-31-9-168 consul[883]: Cluster Addr: 172.31.9.168 (LAN: 8301, WAN: 8302) Jun 06 14:31:11 ip-172-31-9-168 consul[883]: Gossip Encryption: false Jun 06 14:31:11 ip-172-31-9-168 consul[883]: Auto-Encrypt-TLS: false Jun 06 14:31:11 ip-172-31-9-168 consul[883]: ACL Enabled: true Jun 06 14:31:11 ip-172-31-9-168 consul[883]: Reporting Enabled: false Jun 06 14:31:11 ip-172-31-9-168 consul[883]: ACL Default Policy: deny Jun 06 14:31:11 ip-172-31-9-168 consul[883]: HTTPS TLS: Verify Incoming: false, Verify Outg oing: false, Min Version: TLSv1_3 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: gRPC TLS: Verify Incoming: false, Min Version : TLSv1_3 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: Internal RPC TLS: Verify Incoming: false, Verify Outg oing: false (Verify Hostname: false), Min Version: TLSv1_3 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: ==> Log data will now stream in as it occurs: Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.005Z [WARN] agent: skipping file /etc/ consul.d/consul.env, extension must be .hcl or .json, or config format must be set Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.006Z [WARN] agent: BootstrapExpect is set to 1; this is the same as Bootstrap mode. Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.006Z [WARN] agent: bootstrap = true: d o not enable unless necessary Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.007Z [TRACE] agent.tlsutil: Update: ver sion=1 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.007Z [TRACE] agent.tlsutil: OutgoingRPC Wrapper: version=1 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.007Z [TRACE] agent.tlsutil: OutgoingALP NRPCWrapper: version=1 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.007Z [TRACE] agent: [core][Channel #1] Channel created Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.008Z [TRACE] agent: [core][Channel #1] original dial target is: "consul://dc1.83f75e4d-5e09-1e4b-acc6-87c637078b74/server.dc1" Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.008Z [TRACE] agent: [core][Channel #1] parsed dial target is: {Scheme:consul Authority:dc1.83f75e4d-5e09-1e4b-acc6-87c637078b74 URL:{Scheme:con sul Opaque: User: Host:dc1.83f75e4d-5e09-1e4b-acc6-87c637078b74 Path:/server.dc1 RawPath: OmitHost:false ForceQuery:false RawQuery: Fragment: RawFragment:}} Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.008Z [TRACE] agent: [core][Channel #1] Channel authority set to "server.dc1" Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.008Z [TRACE] agent: [core][Channel #1] Resolver state updated: { Jun 06 14:31:11 ip-172-31-9-168 consul[883]: "Addresses": null, Jun 06 14:31:11 ip-172-31-9-168 consul[883]: "ServiceConfig": null, Jun 06 14:31:11 ip-172-31-9-168 consul[883]: "Attributes": null Jun 06 14:31:11 ip-172-31-9-168 consul[883]: } () Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.009Z [TRACE] agent: [core][Channel #1] Channel switches to new LB policy "consul-internal" Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.009Z [TRACE] agent.grpc.balancer: creat ing balancer: target=consul://dc1.83f75e4d-5e09-1e4b-acc6-87c637078b74/server.dc1 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.009Z [DEBUG] agent.grpc.balancer: switc hing server: target=consul://dc1.83f75e4d-5e09-1e4b-acc6-87c637078b74/server.dc1 from= to= Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.009Z [TRACE] agent: [core][Channel #1] Channel Connectivity change to TRANSIENT_FAILURE Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.027Z [WARN] agent.auto_config: skippin g file /etc/consul.d/consul.env, extension must be .hcl or .json, or config format must be set Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.auto_config: skipping file /etc/consul.d/consul.env, extension must be .hcl or .json, or config format must be set Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.027Z [WARN] agent.auto_config: Bootstr apExpect is set to 1; this is the same as Bootstrap mode. Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.auto_config: BootstrapExpect is set to 1; this is the same as Bootstrap mode. Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.027Z [WARN] agent.auto_config: bootstr ap = true: do not enable unless necessary Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.auto_config: bootstrap = true: do not enable unless n ecessary Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.028Z [TRACE] agent.tlsutil: Update: ver sion=2 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.tlsutil: Update: version=2 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.032Z [TRACE] agent.tlsutil: IncomingGRP Config: version=2 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.tlsutil: IncomingGRPConfig: version=2 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.033Z [TRACE] agent: [core][Server #2] S erver created Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: [core][Server #2] Server created Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.049Z [TRACE] agent: [core][Server #3] S erver created Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: [core][Server #3] Server created Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.050Z [TRACE] agent: [core][Server #3 Li stenSocket #4] ListenSocket created Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: [core][Server #3 ListenSocket #4] ListenSocket creat ed Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.055Z [TRACE] agent.tlsutil: OutgoingRPC Wrapper: version=2 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.tlsutil: OutgoingRPCWrapper: version=2 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.069Z [INFO] agent.server.raft: initial configuration: index=1 servers="[{Suffrage:Voter ID:83f75e4d-5e09-1e4b-acc6-87c637078b74 Address:172.31 .9.168:8300}]" Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.server.raft: initial configuration: index=1 servers=" [{Suffrage:Voter ID:83f75e4d-5e09-1e4b-acc6-87c637078b74 Address:172.31.9.168:8300}]" Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.070Z [INFO] agent.server.serf.wan: ser f: EventMemberJoin: ip-172-31-9-168.dc1 172.31.9.168 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.server.serf.wan: serf: EventMemberJoin: ip-172-31-9-1 68.dc1 172.31.9.168 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.072Z [INFO] agent.server.serf.lan: ser f: EventMemberJoin: ip-172-31-9-168 172.31.9.168 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.server.serf.lan: serf: EventMemberJoin: ip-172-31-9-1 68 172.31.9.168 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.073Z [INFO] agent.router: Initializing LAN area manager Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.router: Initializing LAN area manager Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.073Z [TRACE] agent: [core][Channel #1] Resolver state updated: { Jun 06 14:31:11 ip-172-31-9-168 consul[883]: "Addresses": [ Jun 06 14:31:11 ip-172-31-9-168 consul[883]: { Jun 06 14:31:11 ip-172-31-9-168 consul[883]: "Addr": "dc1-172.31.9.168:8300", Jun 06 14:31:11 ip-172-31-9-168 consul[883]: "ServerName": "ip-172-31-9-168", Jun 06 14:31:11 ip-172-31-9-168 consul[883]: "Attributes": null, Jun 06 14:31:11 ip-172-31-9-168 consul[883]: "BalancerAttributes": null, Jun 06 14:31:11 ip-172-31-9-168 consul[883]: "Type": 0, Jun 06 14:31:11 ip-172-31-9-168 consul[883]: "Metadata": null Jun 06 14:31:11 ip-172-31-9-168 consul[883]: } Jun 06 14:31:11 ip-172-31-9-168 consul[883]: ], Jun 06 14:31:11 ip-172-31-9-168 consul[883]: "ServiceConfig": null, Jun 06 14:31:11 ip-172-31-9-168 consul[883]: "Attributes": null Jun 06 14:31:11 ip-172-31-9-168 consul[883]: } (resolver returned new addresses) Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent: [core][Channel #1] Resolver state updated: { "Addresses": [ { "Addr": "dc1-172.31.9.168:8300", "ServerName": "ip-172-31-9-168", "Attributes": null, "BalancerAttributes": null, "Type": 0, "Metadata": null } ], "ServiceConfig": null, "Attributes": null } (resolver returned new addresses) Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.074Z [TRACE] agent.grpc.balancer: addin g server address: target=consul://dc1.83f75e4d-5e09-1e4b-acc6-87c637078b74/server.dc1 address=dc1-172.31 .9.168:8300 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.grpc.balancer: adding server address: target=consul:/ /dc1.83f75e4d-5e09-1e4b-acc6-87c637078b74/server.dc1 address=dc1-172.31.9.168:8300 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.075Z [DEBUG] agent.grpc.balancer: switc hing server: target=consul://dc1.83f75e4d-5e09-1e4b-acc6-87c637078b74/server.dc1 from= to=dc1-172. 31.9.168:8300 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: agent.grpc.balancer: switching server: target=consul://dc1. 83f75e4d-5e09-1e4b-acc6-87c637078b74/server.dc1 from= to=dc1-172.31.9.168:8300 Jun 06 14:31:11 ip-172-31-9-168 consul[883]: 2024-06-06T14:31:11.076Z [TRACE] agent: [core][Channel #1 S ubChannel #5] Subchannel created ```

hashicorp / learn-nomad-cluster-setup

Wrong condition for "No cluster leader" #39