From cdd40cf81bf6327baaee28d2c9aafd58cae98fab Mon Sep 17 00:00:00 2001 From: Tim Gross Date: Tue, 1 Apr 2025 08:45:05 -0400 Subject: [PATCH] docs: document requirements for Consul tokens in admin partitions (#25529) When using Nomad with Consul, each Nomad agent is expected to have a Consul agent running alongside. When using Nomad Enterprise and Consul Enterprise together, the Consul agent may be in a Consul admin partition. In order for Nomad's "anti-entropy" sync to work with Consul, the Consul ACL token and ACL policy for the Nomad client must be in the same admin partition as the Consul agent. Otherwise, we can register services (via WI) but then won't be able to deregister them unless they're the default namespace. Ref: https://hashicorp.atlassian.net/browse/NET-12361 --- website/content/docs/configuration/consul.mdx | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/website/content/docs/configuration/consul.mdx b/website/content/docs/configuration/consul.mdx index 920c0ccbc..b7fca2e5b 100644 --- a/website/content/docs/configuration/consul.mdx +++ b/website/content/docs/configuration/consul.mdx @@ -128,6 +128,10 @@ agents. environment variable if set. Nomad cannot refresh this token; if the token is deleted, Nomad is not able to communicate with Consul. + In Nomad Enterprise, if the Consul agent running alongside Nomad is in a + Consul Enterprise admin partition, you must create the Consul token provided + to the Nomad client in the same partition. + - `verify_ssl` `(bool: true)`- Specifies if SSL peer verification should be used when communicating to the Consul API client over HTTPS. Will default to the `CONSUL_HTTP_SSL_VERIFY` environment variable if set. @@ -417,6 +421,12 @@ namespace "nomad-ns" { } ``` +### Consul Admin Partition + +In Nomad Enterprise, if the Consul agent running alongside Nomad is in a Consul +Enterprise admin partition, you must create the Consul ACL token and ACL policy +for Nomad clients in the same partition. + [consul]: https://www.consul.io/ 'Consul by HashiCorp' [bootstrap]: /nomad/tutorials/manage-clusters/clustering 'Automatic Bootstrapping'