When start agent client , the error log show
[root@consul-app-01 ~]# consul agent -node=consul-agent-api -config-dir=${CONSUL_CONFIG_DIR}
==> Starting Consul agent...
Version: '1.14.2'
Build Date: '2022-11-30 19:54:31 +0000 UTC'
Node ID: '26c5b241-920d-1dda-3ef3-ab6274f8aac0'
Node name: 'consul-agent-api'
Datacenter: 'dc1' (Segment: '')
Server: false (Bootstrap: false)
Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: 8443, gRPC: 8502, gRPC-TLS: -1, DNS: 8600)
Cluster Addr: 172.30.13.93 (LAN: 8301, WAN: 8302)
Gossip Encryption: true
Auto-Encrypt-TLS: true
HTTPS TLS: Verify Incoming: false, Verify Outgoing: true, Min Version: TLSv1_2
gRPC TLS: Verify Incoming: false, Min Version: TLSv1_2
Internal RPC TLS: Verify Incoming: true, Verify Outgoing: true (Verify Hostname: true), Min Version: TLSv1_2
==> Log data will now stream in as it occurs:
2022-12-14T23:07:36.683+0800 [WARN] agent: skipping file /etc/consul/config/consul-agent-ca.pem, extension must be .hcl or .json, or config format must be set
2022-12-14T23:07:36.683+0800 [WARN] agent: The 'ca_file' field is deprecated. Use the 'tls.defaults.ca_file' field instead.
2022-12-14T23:07:36.683+0800 [WARN] agent: The 'verify_incoming' field is deprecated. Use the 'tls.defaults.verify_incoming' field instead.
2022-12-14T23:07:36.683+0800 [WARN] agent: The 'verify_incoming_rpc' field is deprecated. Use the 'tls.internal_rpc.verify_incoming' field instead.
2022-12-14T23:07:36.683+0800 [WARN] agent: The 'verify_outgoing' field is deprecated. Use the 'tls.defaults.verify_outgoing' field instead.
2022-12-14T23:07:36.683+0800 [WARN] agent: The 'verify_server_hostname' field is deprecated. Use the 'tls.internal_rpc.verify_server_hostname' field instead.
2022-12-14T23:07:36.689+0800 [WARN] agent.auto_config: skipping file /etc/consul/config/consul-agent-ca.pem, extension must be .hcl or .json, or config format must be set
2022-12-14T23:07:36.689+0800 [WARN] agent.auto_config: The 'ca_file' field is deprecated. Use the 'tls.defaults.ca_file' field instead.
2022-12-14T23:07:36.689+0800 [WARN] agent.auto_config: The 'verify_incoming' field is deprecated. Use the 'tls.defaults.verify_incoming' field instead.
2022-12-14T23:07:36.689+0800 [WARN] agent.auto_config: The 'verify_incoming_rpc' field is deprecated. Use the 'tls.internal_rpc.verify_incoming' field instead.
2022-12-14T23:07:36.689+0800 [WARN] agent.auto_config: The 'verify_outgoing' field is deprecated. Use the 'tls.defaults.verify_outgoing' field instead.
2022-12-14T23:07:36.689+0800 [WARN] agent.auto_config: The 'verify_server_hostname' field is deprecated. Use the 'tls.internal_rpc.verify_server_hostname' field instead.
2022-12-14T23:07:36.691+0800 [WARN] agent.auto_config: IP resolution failed: host=consul error="lookup consul on 100.100.2.136:53: no such host"
2022-12-14T23:07:36.691+0800 [ERROR] agent.auto_config: No servers successfully responded to the auto-encrypt request
2022-12-14T23:07:36.691+0800 [WARN] agent.auto_config: IP resolution failed: host=consul error="lookup consul on 100.100.2.136:53: no such host"
2022-12-14T23:07:36.691+0800 [ERROR] agent.auto_config: No servers successfully responded to the auto-encrypt request
2022-12-14T23:07:37.937+0800 [WARN] agent.auto_config: IP resolution failed: host=consul error="lookup consul on 100.100.2.136:53: no such host"
2022-12-14T23:07:37.937+0800 [ERROR] agent.auto_config: No servers successfully responded to the auto-encrypt request
2022-12-14T23:07:40.319+0800 [WARN] agent.auto_config: IP resolution failed: host=consul error="lookup consul on 100.100.2.136:53: no such host"
2022-12-14T23:07:40.319+0800 [ERROR] agent.auto_config: No servers successfully responded to the auto-encrypt request
2022-12-14T23:07:44.593+0800 [WARN] agent.auto_config: IP resolution failed: host=consul error="lookup consul on 100.100.2.136:53: no such host"
2022-12-14T23:07:44.593+0800 [ERROR] agent.auto_config: No servers successfully responded to the auto-encrypt request
^C2022-12-14T23:07:50.372+0800 [INFO] agent: Caught: signal=interrupt
2022-12-14T23:07:50.372+0800 [INFO] agent.auto_config: interrupted during retrieval of auto-encrypt certificates: err="context canceled"
2022-12-14T23:07:50.372+0800 [ERROR] agent: Error starting agent: error="context canceled"
2022-12-14T23:07:50.372+0800 [INFO] agent: Exit code: code=1
agent-client-secure.hcl
## agent-client-secure.hcl
server = false
datacenter = "dc1"
domain = "consul"
# Logging
log_level = "DEBUG"
#client_addr = "127.0.0.1"
retry_join = [ "consul" ]
# Ports
ports {
grpc = 8502
http = 8500
https = 8443
dns = 8600
}
enable_script_checks = false
enable_central_service_config = true
data_dir = "/etc/consul/data"
## TLS Encryption (requires cert files to be present on the server nodes)
# tls {
# defaults {
# ca_file = "/etc/consul/config/consul-agent-ca.pem"
# verify_outgoing = true
# verify_incoming = true
# }
# https {
# verify_incoming = false
# }
# internal_rpc {
# verify_server_hostname = true
# }
# }
## TLS Encryption (requires cert files to be present on the server nodes)
ca_file = "/etc/consul/config/consul-agent-ca.pem"
verify_incoming = false
verify_incoming_rpc = true
verify_outgoing = true
verify_server_hostname = true
auto_encrypt {
tls = true
}
acl {
enabled = true
default_policy = "deny"
enable_token_persistence = true
}