I’m setting up consul 1.6.x and enabling ACls. I’m using puppet to create policies and tokens for every agent.
I find that I still need to ssh into every node and run
token=yyyyy
export CONSUL_HTTP_TOKEN=xxxxxx
consul acl set-agent-token default $token
How can I automate this so that I don’t have to manually run consul acl set-agent-token
on every node?
Idea 1:
The config file allows for you to specify a default token like so:
"acl": {
"token": {
"default": "1234"
}
}
However that would require knowing the secret_id of the token, which I don’t know until after the tokens are created.
Idea 2:
Another option would be to use ansible/salt or bash to modify the contents of /opt/consul/acl-tokens.json
That has downsides since it would require running that script after every node is provisioned.
{"default":"xxxx"}
What other strategies have people used to automate consul acl set-agent-token
?