From 2f05a6581a99f1a386bea6c725d491dacc16d1d9 Mon Sep 17 00:00:00 2001 From: Richard Kettelerij Date: Fri, 18 May 2018 11:03:13 +0200 Subject: [PATCH 1/2] Improve docs around Consul ACL token If I'm not mistaken the Consul Agent default token is an anonymous token which doesn't allow writes while a Nomad server needs to write to Consul. --- website/source/docs/agent/configuration/consul.html.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/source/docs/agent/configuration/consul.html.md b/website/source/docs/agent/configuration/consul.html.md index 63bade4f5..d783244ba 100644 --- a/website/source/docs/agent/configuration/consul.html.md +++ b/website/source/docs/agent/configuration/consul.html.md @@ -103,7 +103,9 @@ configuration, Nomad will automatically connect and configure with Consul. communicate with the Consul agent. - `token` `(string: "")` - Specifies the token used to provide a per-request ACL - token. This option overrides the Consul Agent's default token. + token. This option overrides the Consul Agent's default token (beware that the + Consul Agent's default token is often an anonymous token which by default doesn't + allow writes in Consul). - `verify_ssl` `(bool: true)`- Specifies if SSL peer verification should be used when communicating to the Consul API client over HTTPS From b1265da0341d395ddb2650d38848ad4ca9a32a63 Mon Sep 17 00:00:00 2001 From: Richard Kettelerij Date: Thu, 24 May 2018 20:47:32 +0200 Subject: [PATCH 2/2] Incorporated review comments --- website/source/docs/agent/configuration/consul.html.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/source/docs/agent/configuration/consul.html.md b/website/source/docs/agent/configuration/consul.html.md index d783244ba..f4f028e40 100644 --- a/website/source/docs/agent/configuration/consul.html.md +++ b/website/source/docs/agent/configuration/consul.html.md @@ -103,9 +103,9 @@ configuration, Nomad will automatically connect and configure with Consul. communicate with the Consul agent. - `token` `(string: "")` - Specifies the token used to provide a per-request ACL - token. This option overrides the Consul Agent's default token (beware that the - Consul Agent's default token is often an anonymous token which by default doesn't - allow writes in Consul). + token. This option overrides the Consul Agent's default token. If the token is + not set here or on the Consul agent, it will default to Consul's anonymous policy, + which may or may not allow writes. - `verify_ssl` `(bool: true)`- Specifies if SSL peer verification should be used when communicating to the Consul API client over HTTPS