Consul fails to start after adding node-policy and vault-policy

I’m using consul 1.8.0 in centOS

While setting up ACL for vault access to consul(1.8.X) using the doc

After enabling ACL, generated consul node ACL policy and consul vault ACL policy. Everything works fine until consul restarts. Once we try to restart the consul, it fails with following errors.

Oct 27 08:58:49 xxxx systemd[1]: Started Consul Service Discovery Agent.
Oct 27 08:58:49 xxxx consul[3778]: ==> Error parsing /etc/consul.d/node-policy.hcl: 4 errors occurred:
Oct 27 08:58:49 xxxx consul[3778]: * invalid config key service_prefix
Oct 27 08:58:49 xxxx consul[3778]: * invalid config key session_prefix
Oct 27 08:58:49 xxxx consul[3778]: * invalid config key agent_prefix
Oct 27 08:58:49 xxxx consul[3778]: * invalid config key node_prefix

Same thing happens with vault-policy.hcl too. Contents of the file is as same as the steps in the above link.

Hi @vinuthanemmsee,

In that tutorial, the configuration under /etc/consul.d is for the Consul agent’s runtime configuration.

The Consul ACL configuration is separate from the agent’s runtime config. The consul acl commands (or API) are designed to be used for ACL CRUD operations. Consul is raising those errors because those are not valid configs keys for the agent’s runtime configuration.

In order to resolve the issue, remove the ACL policy configuration files from the /etc/consul.d directory. The agent should start successfully. Those files can then be stored and tracked elsewhere, like a git repo or within a Terraform config which provisions Consul.