Cannot Join Consul Client to HCS - fails with ca.pem extension error

In the HCS on Azure tutorial, in the section " Join the client to HCS on Azure servers", per steps, I run the command:
consul agent --config-dir . --data-dir=/tmp/consul

But it fails with error saying the ca.pem file needs to be in .json or .hcl format. And therefore it skipped the file. Is this expected? Error:

vp@LinuxVM:~/kuber/consul/aks/consul_hcs$ consul agent --config-dir . --data-dir=/tmp/consul
==> Starting Consul agent...
           Version: '1.10.1'
           Node ID: '2535d4e3-afde-2774-4a7e-78312850ae5d'
         Node name: 'LinuxVM'
        Datacenter: 'dc1' (Segment: '')
            Server: false (Bootstrap: false)
       Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: -1, DNS: 8600)
      Cluster Addr: 10.240.1.81 (LAN: 8301, WAN: 8302)
           Encrypt: Gossip: true, TLS-Outgoing: true, TLS-Incoming: false, Auto-Encrypt-TLS: true

==> Log data will now stream in as it occurs:

2021-07-17T00:20:20.561Z [WARN]  agent: skipping file ca.pem, extension must be .hcl or .json, or config format must be set
2021-07-17T00:20:20.561Z [WARN]  agent: The 'ui' field is deprecated. Use the 'ui_config.enabled' field instead.
2021-07-17T00:20:20.565Z [WARN]  agent.auto_config: skipping file ca.pem, extension must be .hcl or .json, or config format must be set
2021-07-17T00:20:20.565Z [WARN]  agent.auto_config: The 'ui' field is deprecated. Use the 'ui_config.enabled' field instead.
2021-07-17T00:20:20.584Z [ERROR] agent.auto_config: AutoEncrypt.Sign RPC failed: addr=172.25.16.4:8300 error="rpcinsecure error making call: ACL not found"
2021-07-17T00:20:20.584Z [ERROR] agent.auto_config: No servers successfully responded to the auto-encrypt request
2021-07-17T00:20:20.594Z [ERROR] agent.auto_config: AutoEncrypt.Sign RPC failed: addr=172.25.16.4:8300 error="rpcinsecure error making call: ACL not found"
2021-07-17T00:20:20.594Z [ERROR] agent.auto_config: No servers successfully responded to the auto-encrypt request

I had generated the ca.pem and consul.json files by running command below, per tutorial:

az hcs get-config \
  --resource-group learn-hcs-lab \
  --name learnlab

I’ve confirm that my linux VM can ping the Consul HCS IP address: 172.25.16.4

Did I miss something? Thanks.

Hi @vtphan24,

The Consul config directory (--config-dir) should only contain configurations file in either .hcl or .json format. Anything other than configuration files should be moved outside the configuration directory (in your case the ca.pem).

There are a couple of options in your case (where you are using the current directory as the config dir).

  1. Move the configurations (.hcl or .json) to a different directory and use --config-dir <directory name>

  2. Use the --config-file option instead of --config-dir if you don’t want to move the files from your current directory. (eg: --config-file consul.json) (ref: Configuration | Consul by HashiCorp)

  3. Move files other than the .hcl/.json to a different directory and continue using --config-dir .

Hope this helps.

yes, that indeed worked. thank you for the help!

1 Like