ACL unable to create initial bootstrap token

Hello,

I could use some help with acl’s. I’m unable to create the initial bootstrap token, I attempted to do this directly on the lead server, and I’m following the docs from here: https://learn.hashicorp.com/tutorials/consul/access-control-setup-production

The error: Failed ACL bootstrapping: Unexpected response code: 403 (Permission denied: rpc error making call: ACL bootstrap no longer allowed (reset index: 16))

I found an old issue with a workaround here, but it was unsuccessful: https://github.com/hashicorp/consul/issues/5331

This is my global config: – I’m using the latest Helm chart…

lobal:
enabled: true
name: consul
datacenter: dc1
image: ‘consul:1.8.4’
imageEnvoy: envoyproxy/envoy-alpine:v1.14.2

tls:
enabled: true
enableAutoEncrypt: true
httpsOnly: true
verify: true
caCert:
secretName: consul-ca-cert
secretKey: tls.crt
caKey:
secretName: consul-ca-key
secretKey: tls.key
gossipEncryption:
secretName: consul-gossip-encryption-key
secretKey: key
acls:
manageSystemACLs: true

What am I missing?

Hi! Did you create the acl_bootstrap_reset file? What was the error you got when attempting a bootstrap after that?

Hello…

On the server consul-server-0, there is this directory:
/consul/data with the file: acl-bootstrap-reset

After running consul acl bootstrap … the error is the same:

Failed ACL bootstrapping: Unexpected response code: 403 (Permission denied: rpc error making call: ACL bootstrap no longer allowed (reset index: 16))

That’s odd. And the file contains just that number, and is readable by the account you’re using to run Consul?

hmm, permissions all seem correct, maybe reinstall? Here is my env:

/consul/data # whoami
root

/consul/data # ls -lt
total 40
-rwxrwxrwx 1 root consul 3 Dec 3 21:41 acl-bootstrap-reset
-rw------- 1 root consul 48 Dec 2 23:13 acl-tokens.json
-rw-r–r-- 1 root consul 394 Dec 2 23:13 checkpoint-signature
-rw------- 1 root consul 36 Dec 2 23:13 node-id
drwxr-sr-x 3 root consul 4096 Dec 2 23:13 raft
drwx–S— 2 root consul 4096 Dec 2 23:13 serf
drwxrws— 2 root consul 16384 Dec 2 23:13 lost+found
/consul/data #
/consul/data #
/consul/data #
/consul/data #
/consul/data # cat acl-bootstrap-reset
16

Not sure of how to proceed with this…I’m going to attempt a reinstall