Cannot fetch a consul kv into a nomad job

Nomad
1

Hello, I’m trying to fetch a consul kv into a nomad job using this template:

template {
  data = <<EOF
    APP_NAME = "{{ key "app/test/APP_NAME" }}"
  EOF
    destination = "env/file.env"
    env = true
}

However, I get this error:

Missing: kv.block(app/test/APP_NAME)

When I try consul kv get app/test/APP_NAME this is the result:

consul

I also get this other error:

Template failed: kv.block(app/test/APP_NAME): Unexpected response code: 403 (rpc error making call: Permission denied: token with AccessorID '00000000-0000-0000-0000-000000000002' lacks permission 'key:read' on "app/test/APP_NAME")

But this is the consul block on my nomad config:

consul {
  address = "<consul-ip>:8500"
  token   = "<consul-token>"
  auto_advertise      = true
  server_auto_join    = true
  client_auto_join    = true
}

Are there other configurations on the setup that I might have missed?

2

Hi @lalin it sounds like the Consul token is not set correctly in your Nomad config.

AccessorID '00000000-0000-0000-0000-000000000002'

Is the well-known ID of the Consul anonymous token: ACL Tokens | Consul | HashiCorp Developer which is used when no token is provided.

Some things to check

  • the consul block is at the top level in the Nomad agent config
  • the token value is actually set with a valid token
  • restart Nomad agent - making sure the configuration is applied
  • make sure a conflicting CONSUL_HTTP_TOKEN environment variable is not set
3

Thank you for this, I have resolved the issue!