Consul services registration is blocked by ACL

rumeshmadhusanka · April 15, 2021, 1:54am

2021-04-15T07:22:19.422+0530 [INFO]  agent.server: New leader elected: payload=machine
2021-04-15T07:22:19.472+0530 [INFO]  agent.server: initializing acls
2021-04-15T07:22:19.472+0530 [INFO]  agent.leader: started routine: routine="legacy ACL token upgrade"
2021-04-15T07:22:19.472+0530 [INFO]  agent.leader: started routine: routine="acl token reaping"
2021-04-15T07:22:19.473+0530 [INFO]  agent.server.serf.lan: serf: EventMemberUpdate: machine
2021-04-15T07:22:19.474+0530 [INFO]  agent.server: Updating LAN server: server="machine (Addr: tcp/192.168.98.1:8300) (DC: local-dc)"
2021-04-15T07:22:19.474+0530 [INFO]  agent.server.serf.wan: serf: EventMemberUpdate: machine.local-dc
2021-04-15T07:22:19.474+0530 [INFO]  agent.server: Handled event for server in area: event=member-update server=machine.local-dc area=wan
2021-04-15T07:22:19.475+0530 [INFO]  agent.leader: started routine: routine="federation state anti-entropy"
2021-04-15T07:22:19.475+0530 [INFO]  agent.leader: started routine: routine="federation state pruning"
2021-04-15T07:22:19.475+0530 [INFO]  agent.leader: started routine: routine="intermediate cert renew watch"
2021-04-15T07:22:19.475+0530 [INFO]  agent.leader: started routine: routine="CA root pruning"
2021-04-15T07:22:22.331+0530 [INFO]  agent: Synced node info
2021-04-15T07:22:22.331+0530 [WARN]  agent: Service registration blocked by ACLs: service=wso2-1 accessorID=

I have enabled the ACL but in allow mode.
What could be the reason for this behavior?

ChipV2231 · April 26, 2021, 8:06pm

Hi @rumeshmadhusanka !

Can you share the policy of the ACL token being used with the wso2-1 service. My guess is either a) you’re missing a token when registering the service or b) the token being used doesn’t have the correct permissions

I’m also curious of the decision to have ACL enabled in allow mode instead of deny