Hello,
I created one policy to manage snapshot (backup), one policy to store terraform state and one policy to be able to manage DNS:
global-management:
ID: 00000000-0000-0000-0000-000000000001
Description: Builtin Policy that grants unlimited access
Datacenters:
snapshots:
ID: 636411eb-8d95-3c11-be55-5d8bdde6c972
Description:
Datacenters:
tf-openstack:
ID: 6c62290a-be5d-900d-ba6d-b5cbfdbe8825
Description:
Datacenters:
dns:
ID: 8c6331d8-6636-16d6-a60c-2792c12a50df
Description:
Datacenters:
I am using a token linked to the DNS policy in the default agent token with command (consul acl set-agent-token default).
I have two questions:
- First only the 1st server is responding to the DNS request, why ?
- I have some WARNING in the logs:
2019/11/19 08:36:55 [WARN] agent: Coordinate update blocked by ACLs
2019/11/19 08:35:33 [WARN] agent: Node info update blocked by ACLs
Do I need to add more privileges to the default agent policies ?
Regards,