duffrecords
commented
7 years ago More specifically, the only keys in the backup are those beginning with "global/" but none of the "local/" keys are there.
Open duffrecords opened 7 years ago
duffrecords
commented
7 years ago More specifically, the only keys in the backup are those beginning with "global/" but none of the "local/" keys are there.
pshima
commented
7 years ago This sounds like a bug thanks for reporting @duffrecords, I'll take a closer look at it when I have some time.
duffrecords
commented
7 years ago I was able to get it to work by setting CONSUL_HTTP_ADDR to 'localhost:8500' but setting it to 'fqdn.of.consul.server:8500' only retrieves keys that are visible with the anonymous token. Apparently the tool is able to authenticate with the local Consul client but not directly with the Consul server itself (I'm running consul-snapshot on a different machine than the Consul server).
When I provide a management token in the CONSUL_HTTP_TOKEN environment variable, the resulting backup only contains the key/value pairs that I would see with an anonymous token. Using the same management token in the Consul web UI, I can see everything. I put some debug statements in the consul-snapshot code and confirmed the correct token is read with os.Getenv("CONSUL_HTTP_TOKEN") in consul-snapshot/vendor/github.com/hashicorp/consul/api/api.go.