I created one policy to manage snapshot (backup), one policy to store terraform state and one policy to be able to manage DNS:
global-management: ID: 00000000-0000-0000-0000-000000000001 Description: Builtin Policy that grants unlimited access Datacenters: snapshots: ID: 636411eb-8d95-3c11-be55-5d8bdde6c972 Description: Datacenters: tf-openstack: ID: 6c62290a-be5d-900d-ba6d-b5cbfdbe8825 Description: Datacenters: dns: ID: 8c6331d8-6636-16d6-a60c-2792c12a50df Description: Datacenters:
I am using a token linked to the DNS policy in the default agent token with command (consul acl set-agent-token default).
I have two questions:
- First only the 1st server is responding to the DNS request, why ?
- I have some WARNING in the logs:
2019/11/19 08:36:55 [WARN] agent: Coordinate update blocked by ACLs 2019/11/19 08:35:33 [WARN] agent: Node info update blocked by ACLs
Do I need to add more privileges to the default agent policies ?